This course contains the use of artificial intelligence.

On 17 January 2025, the EU's Digital Operational Resilience Act — DORA — became fully applicable across the EU financial sector. It is binding, supervised, and enforced. Banks, insurers, investment firms, payment institutions, and their ICT providers now operate under a unified resilience framework with mandatory requirements across ICT risk management, incident reporting, resilience testing, third-party oversight, and cyber intelligence sharing. Understanding DORA gives you a structured, plain-language path through this regulation — what it requires, who it applies to, and how to start building compliance.

What This Course Covers

• DORA's background, regulatory objectives, and its place within the EU regulatory architecture alongside NIS2 and GDPR

• The full scope of entities covered — over 20 financial entity types and the ICT third-party providers that also carry obligations

• DORA's five pillars: ICT risk management, incident reporting, digital resilience testing, third-party risk management, and information sharing

• Mandatory contractual requirements for ICT agreements under DORA Article 30, including audit rights and exit strategy provisions

• AI systems and AI vendors under DORA — when AI triggers ICT risk management, incident reporting, and resilience testing obligations

• DORA's supervisory structure — the roles of national competent authorities, EBA, ESMA, EIOPA, and the Joint Oversight Network

• Penalties, sanctions, and management body personal liability under DORA

• A practical 90-day DORA compliance roadmap with gap assessment tools

What You Get

• Chapter quizzes at the end of every section to consolidate understanding

• An initial benchmark and a full-length final practice test

• Scenario-based role plays where you practise real DORA compliance conversations

• Assignments designed to apply concepts directly to your professional context

• Downloadable toolkit including a DORA Quick Reference Guide, Incident Classification Checklist, Article 30 Contract Review Checklist, AI Vendor Due Diligence Checklist, DORA vs NIS2 vs GDPR Comparison Cheat Sheet, and a 90-Day Compliance Roadmap Template

Who Will Benefit

• Compliance officers, risk managers, and legal teams in EU-regulated financial entities navigating DORA implementation

• ICT and cybersecurity professionals responsible for resilience, incident management, or vendor oversight in financial services

• GRC practitioners, consultants, and auditors advising financial sector clients on DORA compliance readiness

• Executives and management body members who need to understand their accountability under DORA

• Anyone pursuing credentials in cybersecurity, digital resilience, or EU financial regulation

Prerequisites

No prior regulatory knowledge is required. This course is designed for professionals at all levels of familiarity with DORA. A general awareness of financial services or IT operations is helpful but not a prerequisite.

Where This Fits

Understanding DORA is a foundational course within the Fortivance Academy Cybersecurity and Digital Resilience learning track. It is an ideal starting point before advancing into deeper specialisations in ICT third-party risk governance, EU AI Act obligations for financial entities, NIS2 compliance, and operational resilience testing frameworks.