What's New | May 2026
Product UpdateBIODORA
5 min read

What's New | May 2026

Written By
Last Updated On
May 29, 2026

Welcome back to the Tidal Product Update newsletter. This month is all about no fewer than 8 new integrations, and we added three new frameworks, including the Dutch BIO2 and ABRO 2026. We also launched the DORA export and various improvements.

This release includes:

  • Eight new integrations
  • Three new frameworks
  • DORA Register of Information export
  • Framework filter on policies and documents
  • Critical priority for issues
  • Bug fixes & improvements

For more information and visuals of these updates, check out the What's New section in your Tidal app.

Eight new integrations

Connect even more of your tech stack to Tidal Control

This month we added the Azure DevOps integration, covering Repos, Boards and Pipelines. Connect via a personal access token or OAuth from the Settings / Integrations menu, and use Azure DevOps as a source for your existing tests and evidence collection.

In addition, seven more new integrations are available: Azure Defender, Azure Sentinel, HubSpot, Linear, Notion, Scaleway and Vercel.

Three new frameworks

Broader coverage for Dutch and German cloud standards

We added these three new frameworks:

BIO2 v1.3 (Baseline Informatiebeveiliging Overheid 2) is the Dutch government standard for information security, mandatory for all government organisations in the Netherlands. The framework contains 93 requirements spread across the key control domains. This is essential for ministries, municipalities, provinces, water authorities and public service organisations.

ABRO 2026 (Algemene Beveiligingseisen voor Rijksoverheidsopdrachten) is now available with full reference content in Dutch, so you can map your existing controls to the ABRO requirements.

This is the successor to ABDO, and with this addition the framework is no longer relevant only to defence suppliers. It is now also relevant to any company carrying out government contracts that involve national security risks, from IT service providers and consultancies to logistics and cloud parties working for ministries, central government or the police.

BSI C5:2026 (Cloud Computing Compliance Criteria Catalogue) is the successor to C5:2020 and will become the new mandatory standard for cloud security compliance in Germany, taking effect from June 2027. It covers 174 requirements across 18 domains, including new areas such as Container Management, Supply Chain Management and Post-Quantum Cryptography. This framework helps you prepare for expansion into the German market if you provide or consume cloud services and need to demonstrate that your cloud security is in order.

You can map your controls to all of these frameworks and use them alongside the other standards on the platform.

DORA Register of Information export

Export your register in the right format

You can now export your DORA Register of Information directly from Tidal Control as an XBRL-CSV file. The export follows the strict xBRL-CSV format required by the EBA and, in the Netherlands, the AFM. Related vendors, vendor contracts and assets are included in the export.

DORA is relevant to financial institutions such as banks, insurers, investment firms and payment service providers, as well as the critical ICT service providers that supply them, such as cloud providers and data centres.

Framework filter on policies and documents

Find the right framework(s) faster

The overview pages for policies and documents now have a framework filter. Use it to quickly filter policies and mandatory documents by a specific framework.

Critical priority for issues

Make your most urgent items stand out

Issues now include a Critical priority, alongside the existing Low, Medium and High options. Critical issues stand out with a distinct red chip and are sorted above High everywhere, including the issues overview, filters, the activity overlay and the linked activities tab.

Bug fixes & improvements

This release also includes several bug fixes and improvements:

  • MFA is now retained after a self-service password reset, so you no longer need to re-register your authenticator -- fixed
  • Attribute filters across different attribute keys were not combined correctly -- fixed
  • Getting Started steps were not being marked as completed -- fixed
  • 'Last modified' was not displayed correctly in the policy editor -- fixed
  • Test results now refresh automatically after a manual test is completed
  • Vendor status filters now apply only to the most recent assessment
  • Completed checks in the personnel module no longer count replaced checks
  • Activity plans with long periods no longer drop activities between scheduled runs
  • AI assistants connected via MCP can now reliably create documents and use a more efficient activity tools response

Coming soon

As a sneak peek: Trust Center (planned for summer release), even more integrations, and new features.

Subscribe now for monthly updates: what's new at Tidal, framework news, and compliance resources.

By submitting your email you agree to our Privacy Policy.