DORA · GDPR · EU AI Act Compliance

Finally understand
what your COBOL does

CobolIQ analyzes your mainframe COBOL portfolio in seconds. Plain English reports, risk scores, DORA compliance documentation — without touching your production systems.

Request Free Pilot Audit See Pricing
<2s
22,000 LOC analyzed
0
LLM hallucinations
100%
deterministic output

You have COBOL. Nobody knows what it does.

The developer who wrote it retired. You're afraid to touch it. And now DORA requires you to document it.

❌ IBM ADDI / Micro Focus EA

$250,000+ entry cost. 6-month onboarding. Vendor lock-in. Out of reach for most teams.

❌ Manual re-documentation

Months of work. High error risk. No audit trail. Your COBOL expert retired years ago.

✅ CobolIQ — the third option

Single binary. Runs on your server. Your code never leaves your infrastructure. Full DORA compliance output in under 2 seconds.

What you get in 2 seconds

Point CobolIQ at any COBOL directory. No cloud, no setup, no vendor account.

📄

Business Narrative

Plain English explanation of every program and paragraph. No COBOL knowledge needed to read it.

🔴

Risk Scoring

Per-paragraph risk score (0–100). Ranked list of what to modernize first and why.

🗺

Call Graph

Visual map of how programs call each other. Renders natively in GitHub, GitLab, Confluence.

📊

Data Table Extraction

Embedded rate tables and lookup tables extracted as clean JSON. 529-row CMS tables validated bit-perfectly.

🛡

DORA / GDPR Compliance

Article 8 ICT inventory, Article 9 risk assessment, GDPR Article 30 data lineage — all with source line citations.

🐍

Python Migration Skeleton

Ready-to-extend Python port of your business logic. Smoke tests included.

⚠ DORA Deadline Passed

DORA entered into force January 17, 2025

EBA and ESMA supervisors are actively inspecting financial institutions for ICT risk documentation. If you have COBOL in production and cannot document what it does — you may already be non-compliant.

Article 8
ICT asset inventory — CobolIQ generates it automatically
Article 9
Risk classification per system — risk scores with dominant factors
GDPR Art. 30
Data lineage for personal data — traced to source line

Pricing

Less than 2 days of one COBOL developer's salary.

Demo
Free
Self-hosted binary
  • ✓ Up to 3 programs
  • ✓ Runs locally — code stays with you
  • ✓ Real output, watermarked
  • ✗ Not for regulatory use
Request Demo
Most Popular
Standard License
$500/mo
30-day timed binary
  • ✓ Unlimited programs & portfolio size
  • ✓ All formats: MD, JSON, Python skeleton
  • ✓ DORA / GDPR compliance reports
  • ✓ Ready for regulatory submission
  • ✓ Email support
Purchase License
Audit Report
$2,000 once
We run the analysis for you
  • ✓ Send us your COBOL (NDA available)
  • ✓ Full portfolio risk report (PDF)
  • ✓ DORA Art. 8 + Art. 9 documentation
  • ✓ Modernization recommendations
  • ✓ Delivery: 3–5 business days
Request Audit
Enterprise

50+ programs, CI/CD integration, custom output formats, ongoing modernization consulting. Custom pricing.

Contact Us →

Real Output — CMS FQHC Pricer

Below is actual CobolIQ output from a real CMS (Centers for Medicare & Medicaid Services) mainframe COBOL program — FQHCCAL, a Federally Qualified Health Center payment calculator.

Executive Summary (ISN)
Program FQHCCAL orchestrates a 3-step
business flow consuming 1 input record
(INPUT-RECORD) and producing 1 output
record (OUTPUT-RECORD).

Emits 21 distinct return-code values
across 28 assignment sites, driven by
15 state-machine flag groups.

Depends on 4 external copybooks:
COPYGAF, COPYBASE, COPYADD, COPYGFTF.
Portfolio Risk Score
Average risk 🟢 15 / 100 LOW
Worst paragraph 🔴 95 / 100 CRITICAL
2
Critical
1
High
1
Medium
22
Low
Extracted Business Rules (88-level enums)
HL-HCPCS — HCPCS procedure codes:
  MEDICAL-VISIT    = G0466
  MENTAL-VISIT     = G0469
  MEDICAL-NEW      = G0466
  MEDICAL-ESTAB    = G0467
  MEDICAL-IPPE-AWV = G0468
  MENTAL-HEALTH-NEW   = G0469
  MENTAL-HEALTH-ESTAB = G0470

HL-PYMT-IND — Payment indicators:
  TELEHEALTH       = 2
  PAID-LINE        = 10
  NOT-PAID         = 11
  PAID-WITH-ADD-ON = 13
  PAID-GFTF        = 14
Extracted Data Schema → SQL-ready
W-DAY-SUM-ENTRY (OCCURS 450 TIMES)
  W-DS-DATE          INTEGER
  W-DS-BASE-PMT-RATE DECIMAL(9,2)
  W-DS-GAF           DECIMAL(9,2)
  W-DS-ADD-ON-PMT-RATE DECIMAL(9,2)
  W-DS-TOT-MEDICAL-CHRGS DECIMAL(9,2)
  W-DS-TOT-MENTAL-CHRGS  DECIMAL(9,2)
  W-DS-TOT-MOD59-CHRGS   DECIMAL(9,2)
  W-DS-MEDICAL-PAID-LINE-FLAG VARCHAR
  W-DS-MENTAL-PAID-LINE-FLAG  VARCHAR
  W-DS-MOD59-PAID-LINE-FLAG   VARCHAR

529-row CMS rate tables extracted bit-perfectly. Zero LLM — same input always produces same output.

Technical Facts

Rust
Single binary, no JVM, no Docker
<100ms
1,700 LOC analyzed
IBM-370
Fixed-format COBOL, PDS members
Zero LLM
Deterministic — auditors accept it

Free Pilot Audit

Not sure if CobolIQ works on your COBOL dialect? Send us one program (NDA on request). We return the full analysis report within 48 hours — no cost, no commitment.

contact@coboliq.com

NDA available on request. Your code never leaves your infrastructure with the self-hosted option.