Galink automates the generation of DORA reports thanks to Artificial Intelligence

Paris, January 21, 2026 — Galink, the AI 100% dedicated to the management of supplier cyber risks (TPCRM), announces the launch of its DORA reporting automation solution. 22,000 European financial institutions will need to submit their complete information registry by April 15, 2026. Thanks to its technology, Galink transforms this regulatory constraint into an opportunity to strengthen cyber governance and proactively manage risks.

DORA: a compliance race fraught with obstacles

Effective from January 17, 2025, the European regulation DORA (Digital Operational Resilience Act) represents the largest regulatory harmonization in terms of digital resilience for the financial sector. More than 22,000 European financial institutions are affected: banks, insurance companies, investment firms, payment institutions, crypto-asset providers, and critical ICT service providers.

The obligations are strict: initial ICT incident report within 24 hours, interim report within 72 hours, final report within one month.  Penalties: up to 2% of annual revenue for institutions, €1 million for executives. 

The cyber context justifies this rigor: 488 cyber incidents in European finance in 18 months (ENISA),  +15% security events in France in 2024.  The financial sector has borne the highest average cost of breaches in the world for the past 12 years. 

The challenge: while 94% of institutions have committed, only 1/3 reported being confident by mid-2024.  Operational complexity is significant: manual incident collection, IT/risk coordination, reporting under pressure, mapping of third-party ICT providers.

AI to transform imposed compliance into operational intelligence

Faced with this complexity, Galink automates end-to-end the management of one of the 5 pillars of DORA, that related to supplier risks up to the generation of the corresponding reporting.

Concrete benefits:

• Complete automation: automatic collection of ICT incidents, classification according to DORA, generation of regulatory reports.
  
  
  

• Guaranteed compliance: automated orchestration of the three reporting phases (24 hours, 72 hours, 30 days) with integrated alerts and workflows.
  
  
  

• Dynamic mapping of third-party risks: permanent inventory of critical ICT providers, automatic scoring, continuous monitoring of vulnerabilities.
  
  
  

• Total traceability: complete history of incidents, reports, and actions, facilitating audits and controls.
  
  
  

• Reduction of the operational burden: elimination of manual processes, time savings, freeing teams for strategic missions.
  
  
  

Beyond compliance, Galink offers a real-time consolidated view of the institution's cyber posture and its ecosystem. 

A vision: making risk management a driver of transformation

"If regulation implies an operational burden, it responds to real cyber risks that are amplifying with the global geopolitical context", explains Mathieu Bernard, co-founder of Galink. "Thanks to AI, we absorb up to 90% of the manual tasks of pillar 4 of DORA (management of risks related to critical ICT service providers). Cyber teams can thus refocus on what's essential: anticipating threats and strengthening their resilience. Our conviction: true compliance is measured in anticipation capacity, not in checked boxes."

Galink's DORA reporting automation solution is available today for all European financial institutions subjected to the regulation. 

Galink thus reaffirms its position as a strategic partner of financial institutions, insurance companies, and fintechs in their pursuit of digital resilience and mastery of cyber risks.