Back to All Projects
LiveDORABrowser

Regime Classifier: 22/806 or DORA

In April 2025 the CSSF split its outsourcing framework. This tool qualifies one arrangement in at most six questions — the governing regime (CSSF 22/806 or DORA with Circular CSSF 25/882), whether it is critical or important, and the obligations that follow — ending in a printable qualification memo. Runs entirely in your browser; nothing is stored or sent.

#CSSF 22/806#DORA#Outsourcing#ICT Third-Party Risk
Launch Tool
Overview

In April 2025 the CSSF split what used to be one outsourcing framework. DORA and Circular CSSF 25/882 now govern ICT third-party services for financial entities in DORA scope, while Circular CSSF 22/806 (as amended by Circular CSSF 25/883) keeps business process outsourcing — and everything for entities outside DORA. The Regime Classifier qualifies one arrangement at a time across that split. Two axes decide most cases: whether the entity is inside or outside DORA scope, and whether the service is ICT or not. A short guided flow — at most six questions — resolves the governing regime, then tests whether the arrangement is critical or important against the right criteria, and sets out the obligations that follow: Register of Information or outsourcing register, the applicable contract clauses, and the CSSF notification. It ends in a printable qualification memo with the legal basis attached. Everything runs in the browser; nothing you enter leaves the page.

Key Features
  • A regime map across two axes — DORA scope and ICT vs non-ICT service
  • A guided flow of at most six questions to qualify one arrangement
  • Critical-or-important testing against the DORA and 22/806 criteria
  • The obligations that follow — register, contract clauses, CSSF notification
  • A printable qualification memo with the legal basis attached
  • A horizon note on the coming EBA third-party risk guidelines
  • Fully browser-based — nothing stored, nothing transmitted
What Problem Does It Solve?

The April 2025 reform means a Luxembourg financial entity can no longer assume one outsourcing circular covers everything. ICT third-party arrangements for DORA entities fall under DORA and Circular CSSF 25/882; business process outsourcing and everything for non-DORA entities stays under 22/806. The classification depends on entity status and on whether the arrangement is even "outsourcing" — a test that applies on the 22/806 side but not the DORA one — and getting it wrong feeds the wrong register, the wrong contract clauses and the wrong notification. This tool walks the decision explicitly: it maps the entity and service onto the regime, applies the critical-or-important test that follows, and produces a memo that records the reasoning and the legal basis — a defensible qualification rather than an assumption.

Project Info

Status

Live

Regulation

DORA

Format

Browser
Technology Stack
HTMLCSSJavaScript
Verify it yourself

This tool runs entirely in your browser. Don't take my word for it — open it, switch your device to airplane mode, and keep working. If it still works offline, nothing is being sent anywhere.

You can also inspect what the server sends back. The response headers are public; scan them yourself.

Scan iddi-labs.com

No account, no upload, no server-side storage of your data.

Interested in Regime Classifier: 22/806 or DORA?
I'm always open to feedback, contributions, and collaboration. Let's connect or explore more projects.
Get in TouchConnect on LinkedInView All Projects
IddiLabs logo

Where regulatory expertise meets AI.

Privacy Policy

Quick Links

ProjectsAboutContact

Connect

contact@iddi-labs.comLinkedInGitHub

© 2026 IddiLabs | IddiLabs is not a company or a business. It's my personal space where I experiment, build, and share what I'm learning.