T306 · Cat-22 · DORA & Operational Resilience · Concentration Risk

ICT Concentration Risk Modeller

Model ICT concentration risk across your provider portfolio per DORA Art. 29. Input provider names, service categories, CIF dependency %, and substitutability. Includes all 19 designated CTPP providers. Outputs HHI index, SPOF flags, CTPP exposure, diversification recommendations, and Policy Mandate JSON risk register. Client-side. Zero PII.

Policy Mandate Export Client-Side. Zero PII.

Last Reviewed 2025-05-01 · CTPP Designation List as of Nov 2025 (19 providers)

🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data — use synthetic or anonymised inputs only.

Educational Use Only This tool provides a self-assessment / educational framework for internal planning purposes only. It is not a regulatory audit, legal advice, or a substitute for a formal compliance review by a qualified advisor. Verify all interpretations against the official source text and applicable RTS/ITS/guidance published by the relevant authority.

Provider Portfolio

About this tool

HHI > 2500 = high concentration. SPOF flagged when dependency ≥40% + substitutability ≤2. CTPP detection checks against 19 designated providers.

Concentration Risk Assessment

Add at least two ICT providers and click "Model Concentration Risk" to see your portfolio analysis.