Free download
Send the checklist to your inbox
Covers all four frameworks: CNAD/DASP, DORA, MiCA and VARA. Focuses on cybersecurity, custody and operational resilience requirements. Not a complete legal or AML checklist.
We do not share your details with third parties.
What the checklist covers
The checklist covers the cybersecurity, technology assurance, custody and operational resilience parts of compliance across four frameworks. It is structured so you can work through each section relevant to your jurisdiction and business model.
CNAD / DASP — El Salvador
Governance and risk management, platform and wallet security, cybersecurity testing and resilience, and custody and client protection. Based on the Digital Asset Service Providers Regulations.
DORA — European Union
ICT governance, security controls, resilience and recovery, and testing and third-party requirements. Based on Regulation (EU) 2022/2554, applicable from January 2025.
MiCA — European Union
General technology security, custody and safeguarding, platforms and transfer services, and token issuer considerations. Based on Regulation (EU) 2023/1114, fully applicable from December 2024.
VARA — Dubai
Technology governance, wallet and key management, testing and smart-contract assurance, monitoring and incident response, and supplier management. Based on the VARA Technology and Information Rulebook and associated Rulebooks.
Universal Security Readiness
A ten-item cross-framework checklist applicable to most regulated Web3 businesses regardless of jurisdiction.
Ready to evidence your compliance?
Security4Web3 helps regulated digital asset businesses assess, test and evidence the security controls required for compliance readiness. Whether you need a penetration test, smart-contract audit, operational security review or incident-response planning, we structure our work to support your regulatory position.