A practical guide to DORA and how to make it work effectively for operational resilience

• Understand the key principles and regulatory requirements of the Digital Operational Resilience Act (DORA) and how international standards and best practices can help to develop organizational resilience approaches..
• Explain how DORA impacts governance, risk management and operational resilience within financial institutions.
• Demonstrate how to integrate DORA requirements into cohesive risk management and incident response frameworks.
• Assess operational risks and third-party dependencies in light of DORA compliance obligations and how to strengthen supply chain resilience.
• Design a cohesive resilience improvement plan that incorporates the different areas of DORA in actual working processes and structures that help the organisation achieve its resilience objectives and requirements aligned with DORA.

At the end of the training the participants will have a better understanding of how operational resilience works in coherent and effective ways in practice and how financial institutions can demonstrate the effectiveness of their approaches in achieving their goals on operational resilience for their organisations and supply chain. For this purpose the following overarching themes will play a central role throughout the training:

• Effectiveness: how the formal approaches work effectively in practice
• Coherence: how to integrate the different DORA area’s and measures into coherent risk management approaches
• Demonstrability: how to demonstrate that the approaches are effective in what they intend to do and what outcomes they produce, including methods that can be used to measure and evaluate and document the effective working in practice
• Supply chain resilience: how to integrate the different requirements into the overall risk management including third party risk management

The first two weeks of this intermediate-level course consist of self-paced work, including introductory lectures on DORA, selected readings, and written contributions. This phase will lay the groundwork for the lectures and discussions that will take place during the subsequent live online sessions.

Over the following three weeks, the course will feature three live sessions (on 20 May, 27 May, and 3 June, from 14:00 to 17:00). These sessions will combine expert-led presentations with interactive breakout sessions, providing a space for practical learning experiences focused on the key themes of the training programme.

Each day, instructors will explain key points related to each topic, highlight challenges and dilemmas, and present practical approaches and solutions based on insights that have evolved in 2026. Active participation is essential, as you will engage in case-based discussions exploring real-world scenarios. These discussions will enable you to share perspectives on key questions and themes and learn from both instructors and peers, thereby fostering the practical application of concepts throughout the course.

6 May 2026 | Opening of the online platform

• Release of introductory videos
• Forum question on course expectations
• Pre-class assignment for class 1
• Readings

Pre-recorded sessions

• Background – developments and drivers for DORA
• DORA in practice – standardsetting and supervisory approaches
• DORA for the board
• Recent developments of international standards and good practices – updates from CPMI-IOSCO
• EU financial sector threat landscape – threats, incidents, financial sector readiness
• ICT Risk Management
• ICT third-party risk management
• Incident response and reporting
• Resilience Testing

20 May 2026 | First live class
14:00 – 17:00 Lectures and breakout – Followed by release of pre-class assignment for class 2

27 May 2026 | Second live class
14:00 – 17:00 Lectures and breakout – Followed by release of pre-class assignment for class 3

3 June 2026 | Third live class
14:00 – 17:00 Lectures and breakout

Course Closing

This course is open to staff in financial supervisory authorities, EU institutions and agencies and national government officials; participation from staff in financial institutions is also especially welcomed for this open course, in particular to those who are responsible in a first line, second line or third line role in any of the DORA-related areas such as risk management, information security, incident management, business continuity management, third party risk management, compliance officers and legal counsels. The training programme is very suitable for both experts and those who carry management responsibilities in these areas, as well as those in roles that are overseeing resilience processes, planning and measures. Finally, academics interested in financial sector fields of studies related to financial market regulations, technological innovations, international policymaking studies, as well as resilience and security related areas are very welcome to join the course.

As this course is especially relevant for a wide group of different roles and responsibilities from both European and national authorities, governments, agencies, and institutions, we expect that a diverse group of participants will especially contribute to the learning experiences and understanding of the different perspectives on the comprehensive subjects of digital operational resilience.

FULL FEES*:

€ 850 – Academics
€ 1150 – Public sector
€ 1250 – Private sector

*Please note that the payment must be settled one week before the start of the course.

The fee includes tuition, access to all course materials and pedagogic activities, as well as a certificate of attendance after the course has been completed.

Please submit a certificate attesting your status of Professor, PhD Student or Research Associate to fbf@eui.eu before registering. FBF secretariat will provide you with a code to register. Seats for academics are limited.

GROUP DISCOUNT (-15%) for minimum 3 participants from the same institution:

The below group discount applies to 3 or more participants who register for the same course from the same institution. Those wishing to take advantage of the group discount must write an email to fbf@eui.eu, stating the full names of the proposed participants.

€ 722,50 – Group discount academic
€ 977,50 – Group discount public sector
€ 1062,50 – Group discount private sector

CANCELLATION POLICY

Paid registration fee is non-refundable. However, registrant substitution may be made up to 15 days before the start date of the course by contacting fbf@eui.eu.