Fontvera
More than one EU regulation. More than one country.
9 EU regulations · 27 jurisdictions · 3,247 obligations mapped · 9 verified conflicts
DORA Article 11 says keep the backups; GDPR Article 17 says erase them — Fontvera surfaces collisions like this before an auditor does.
Ask any cross-border regulatory question. Get a cited briefing in under 60 seconds, from 326,000+ primary sources.
Next deadline: AI Act Article 50 transparency, 2 August 2026. Fontvera tracks all 9. →
If you run compliance at a payment institution, an e-money institution, a fintech, or an insurer — juggling DORA, NIS2, the AI Act, and GDPR on four different clocks:
6 hours You don't know which regulations apply across borders.
4 hours You're tracking four countries and each interprets the rules differently.
2 hours Something changed last week and you missed it.
8 hours The board wants an answer by Thursday and you're still reading.
3 hours You can't justify your advice without source citations.
Aug 2, 2026 AI Act Article 50 transparency
Oct 17, 2026 NIS2 enforcement
Jan 17, 2027 DORA enforcement
2027 Cyber Resilience Act
2028 CSDDD
When the next deadline hits, your research is already done.
Search
Ask any cross-border regulatory question, in any EU language, against 326,000+ primary sources from 130 publishers including EDPB, CNIL, BfDI, ICO, ENISA, and the AI Office.
Analyze
Get a structured briefing in under a minute — 3,247 obligations and 196 cross-regulatory references mapped, every claim cited.
Act
Export client-ready briefings as PDF, with bibliography. Pro users only.
One incident. Every notification duty, deadline, and regulator side by side.
A major ICT incident at a payment institution starts three regulatory clocks at once. The Incident Clock lays them out per incident type — verified against the provision text, not summarised from memory.
| Duty | Clock | Regulator |
|---|---|---|
| DORA Art. 19 — initial notification of a major ICT incident | 4h from classification, 24h from awareness | National financial supervisor |
| GDPR Art. 33 — personal data breach notification | 72h from awareness | Data protection authority |
| NIS2 Art. 23 — early warning, where the DORA carve-out does not apply | 24h from awareness | National CSIRT or competent authority |
Open the full Incident Clock — which clocks apply, verified conflicts, member-state divergence →
EU-sovereign legal model, trained on 2.16M cross-references. Your queries never leave the EU.
A cross-border question takes 6–10 hours of manual research; Fontvera answers it in under 60 seconds, cited. Check your AI Act obligations in 2 minutes.
Start diagnostic ↵