DORA was already adopted on 14 December 2022 as Regulation (EU) 2022/2554 and came into effect on 17 January 2023. Following a two-year transition period, DORA has now been in force since 17 January 2025. DORA contains provisions for financial institutions and third-party ICT service providers, as well as for supervisory authorities.
DORA comprises a total of 45 articles, which are divided into the following chapters:
In addition, Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS) provide further specific guidance to affected companies and the supervisory authorities on how to implement DORA.
The Frankfurt School has included DORA in its training programme. Besides a one-day DORA seminar, which offers an overall introduction to all DORA topics, a more in-depth course is also available. In addition, information on ICT third-party risk has been added to the existing “Outsourcing in Banks” seminar. The certificate programme “IT Regulatory Assurance Manager” has been specifically adapted to the requirements of Audit and Assurance Managers in line with the content of DORA.
You will learn all about the new requirements for financial institutions, insurance companies and IT service providers in the DORA Digital Operational Resilience Act. The seminar will familiarise participants with the requirements of “DORA” and enable them to interpret the wording and assess the need for adaptation in their own organisation. The wording of the “DORA” is explained in a practical way based on the current status and presented within the context of existing regulations.
The advanced training on ICT Risk Management presents the requirements of DORA and the specific options for implementation are discussed with the participants. ICT Risk Management not only reflects the risk management framework and the classic risk elements such as the identification, analysis and assessment of risks and the measures derived from these risks. It also specifies many measures and stipulates minimum standards, for example for identity and rights management, encryption, change management, patch and update management and the isolation of affected information assets in the event of a cyber-attack.
Aspects of outsourcing (in the case of insurance companies: spin-offs) in accordance with DORA and the procurement of services from third-party ICT providers are presented in the existing outsourcing training. In addition to a comparison with the previous regulations for outsourcing and other external IT procurement, the specific DORA requirements for ICT third-party risk management and the requirements for the information register and contracts – not only with the direct service provider, but also with sub-service providers – are dealt with here.
DORA is presented from the perspective of Audit and Assurance Managers in a new 6-day IT Regulatory Assurance Manager seminar. This certificate course was developed in collaboration with the ISACA Germany Chapter e. V. and is offered in addition to the existing certificate courses “IT Governance Manager” and “IT Compliance Manager”.
Over the past two years, the individual institutions have made great efforts to align their processes and functions with the new DORA requirements. Many topics build on the familiar logic of BAIT, VAIT, KAIT and ZAIT. However, the institutions must also take new content and approaches into account. Since 17 January 2025, the new requirements apply to both the provision of services by the institutions and to internal and external audits. To avoid double regulation, the BAFIN duly withdrew the BAIT, VAIT, KAIT and ZAIT on 16 January 2025. An amended version of the BAIT will continue to apply to a small number of institutions that are not yet regulated by DORA until the end of the transitional period on 1 January 2027.
DORA aims to ensure that the European financial sector becomes more resilient to digital disruption and can continue to provide its critical services even under difficult conditions. The EU-wide approach is an extension of the previous German requirements. To support institutions in meeting these requirements, the Frankfurt School has developed a series of training courses that provide practical insights into DORA.