Who does DORA apply to?

DORA applies to ~22,000 financial entities across the EU — credit institutions, payment and e-money institutions, investment firms, crypto-asset service providers, insurers, reinsurers, intermediaries, AIFMs, UCITS management companies, central counterparties, trading venues, central securities depositories, and others — plus their critical ICT third-party providers (CTPPs) which fall under direct ESA oversight. Proportionality applies to firms below thresholds, but training requirements still apply.

How does DORA differ from NIS2?

DORA is a regulation (directly applicable, no national transposition) specifically for the financial sector, while NIS2 is a directive transposed into national law applying broadly across 18 sectors. Where both apply, DORA takes precedence (lex specialis). Many financial firms must train staff to satisfy both — our curriculum covers the overlap so you don't run two programs.

How long does a typical enterprise rollout take?

Most rollouts are live for the workforce within 5 business days of contract signature. Group-level rollouts (multiple entities across member states) typically take 7–10 business days due to per-entity setup, but each entity completes independently.

Do you cover the Article 5 management-body training expectation?

Yes — every enterprise rollout includes a 45-minute management-body briefing covering Article 5 governance obligations, personal accountability, ICT risk-management framework, and reporting to the supervisory function. Designed to satisfy supervisor expectations of board-level training without taking a full day.

How does pricing work for a team of 1,000 employees?

Enterprise pricing is volume-based with discount tiers at 25, 50, 100, 250, and 500+ seats. A 1,000-seat rollout typically lands 40% below list price. Multi-year terms unlock further discounts and include the annual refresher cycle plus content updates as ESA technical standards (RTS/ITS) are published and revised.

Can we add custom modules — e.g. our ICT risk policy?

Yes. We routinely add policy attestations and custom modules: ICT risk policies, incident response plans, third-party register procedures, business continuity playbooks. Your CSM scopes the additions during onboarding.

Do you offer single sign-on and SCIM?

Yes — SAML 2.0, OIDC, and SCIM provisioning are included on enterprise plans. New joiners are auto-enrolled into the right modules based on department; leavers are de-provisioned automatically.

Can we white-label certificates and learner emails?

Yes — your logo is added to certificates and learner-facing emails on every enterprise plan. Single-tenant white-label and custom domain are available on request.

DORA Compliance Training

Done-for-you DORA training for your financial services team

We deliver mandatory DORA training across your workforce — ICT risk management, third-party ICT risk, incident reporting, digital operational resilience testing, and threat-led penetration testing. Managed rollout, audit-ready evidence accepted by EBA, ESMA, EIOPA, and national supervisors. Live for your team in under a week.

Get a Team Quote Browse the Course Catalog

100,000+ professionals trained
Audit-ready (EBA, ESMA, EIOPA)
Live for your team in 5 business days

admin.compliquest.com / dora / training

DORA Programme · Q2 2026

Training completion overview

● LIVE

847

Enrolled

92%

Completed

4.8★

Rating

Overdue

All Employees

100%

ICT & Security Teams

96%

Third-Party Risk

88%

Management Body

74%

Audit-ready

Article 39 met

Records signed & timestamped

Certificate Issued

847 employees

4-WEEK ROLLOUT

Programmes running at

RocheCoca-ColaSamsungHuaweiMicrosoftJPMorgan ChaseVolkswagenShellNestléSiemensBMWUnileverAXALufthansaPfizerAdidasRocheCoca-ColaSamsungHuaweiMicrosoftJPMorgan ChaseVolkswagenShellNestléSiemensBMWUnileverAXALufthansaPfizerAdidas

// why teams choose us

Why DORA training is mandatory — not optional

DORA Article 13(6) explicitly requires financial entities to develop ICT-related awareness programs and digital operational resilience training as compulsory modules in their staff training schemes. Article 5 makes the management body responsible for the ICT risk-management framework — and personally accountable. The regulation applies to ~22,000 financial entities across the EU plus their critical ICT third-party providers, with no transitional carve-outs after 17 January 2025.

Article 13(6) — financial entities must include ICT-related awareness and resilience training as compulsory staff training, with documented evidence

Article 5 — management bodies are personally accountable for the ICT risk-management framework and its training components

Article 14 — communication strategies for ICT incidents require staff trained on internal and external escalation

Article 28 — third-party ICT risk obligations cascade training requirements to your critical providers

02 — Curriculum

Role-based
by default.

Different roles face different risks. Training tailored to job responsibilities.

01
All Employees
All Employees
02
ICT & Security Teams
ICT & Security Teams
03
Third-Party Risk
Third-Party Risk
04
Management Body
Management Body
05
Incident Response
Incident Response
06
ICT Third-Party Providers
ICT Third-Party Providers

03 — Process

From kickoff to fully trained in under four weeks.

weeks avg.

92%

completion

01Step
Week 1 · Discovery
Scope your risk
A 60-min working session with a specialist. We map your obligations, current training gaps, and regulator priorities in your jurisdiction.
- Compliance scan
- Regulator review
- Role-based gap analysis
02Step
Week 2–3 · Build
Tailor & integrate
Your processes, contacts, and policies go into the modules. We brand the LMS, wire SSO, and connect HRIS so enrolment is automatic.
- Custom scenarios
- White-label LMS
- HRIS / SSO sync
03Step
Week 4+ · Operate
Deploy & evidence
Roll out to all staff. Automated nudges hit non-completers. Manager dashboards in real time. Audit-ready records when regulators ask.
- Automated nudges
- Real-time dashboards
- Evidence pack

Ready to scope your programme?

Book a 30-min discovery call — no slides, no pitch, just specifics.

// platform & delivery

What every enterprise rollout includes

Managed rollout in 5 business days

Dedicated customer success manager handles enrolment, role mapping, kickoff communications, and reminder cadence.

Article 13(6) audit-ready evidence

Dated certificates per learner, exportable completion logs, and management-body training records that meet supervisor documentation expectations.

Manager dashboard & reporting

Track completion across teams, business lines, and ICT third-party providers. Export evidence packages for EBA, ESMA, EIOPA, and national authorities.

Single sign-on (SSO) & SCIM

SAML 2.0, OIDC, and SCIM provisioning. New joiners enrolled automatically. Leavers de-provisioned. Zero admin overhead.

Annual refresher cycle built-in

Multi-year licensing rolls learners forward each year with content updates as ESAs publish technical standards (RTS/ITS) and supervisor guidance.

Custom modules & policy attestations

Your logo on certificates, co-branded learner emails, and the option to attach your ICT risk policy, incident response plan, or third-party register procedure to any module.

// from a customer

DORA enforcement landed in January 2025 and we needed Article 13(6) training documented across the entire workforce within weeks. The managed rollout delivered audit-ready evidence — and the management-body briefing covered Article 5 personal-liability points exactly the way our board needed.

Group CISO, JPMorgan Chase

Banking — 1,200+ employees trained

★★★★★

// by the numbers

of average daily worldwide turnover

Jan 2025

DORA enforcement is live

Personal

liability for management body members

// frequently asked

Common questions.

Don't see your question? Send us a note — we usually reply same day.

Ask a question

Yes — Article 13(6) of Regulation (EU) 2022/2554 explicitly requires financial entities to develop ICT-related awareness programs and digital operational resilience training as compulsory modules in their staff training schemes, with proportionality applied to entity size and risk profile. The regulation has applied since 17 January 2025 with no transitional period for staff training. Supervisors expect documented evidence on first audit.

Related guides

Financial Crime

DORA Compliance and Training for Financial Services: The Complete Guide for 2026

Cybersecurity

NIS2 Directive: Who Must Comply? The Definitive Guide to Scope, Sectors, and Obligations in 2026

Education

Compliance Glossary: Key Terms and Definitions 2026

Ready when you are

Ready to brief us on your team rollout?

Tell us your entity type (credit institution, payment, investment, insurer, CASP, ICT TPP), your DORA proportionality category, and your headcount. We'll come back with a curriculum proposal, pricing, and a rollout plan within 1 business day.

Get a Team Quote Browse the Course Catalog

// programme summary

Time to deploy

4 weeks

Audience

All staff + role tiers

Languages

12 included

Updates

Quarterly, automatic

Pricing

Done-for-you DORA training for your financial services team

100,000+ professionals trained

Audit-ready (EBA, ESMA, EIOPA)

Live for your team in 5 business days

What every enterprise rollout includes

Managed rollout in 5 business days

Dedicated customer success manager handles enrolment, role mapping, kickoff communications, and reminder cadence.

Article 13(6) audit-ready evidence

Dated certificates per learner, exportable completion logs, and management-body training records that meet supervisor documentation expectations.

Manager dashboard & reporting

Track completion across teams, business lines, and ICT third-party providers. Export evidence packages for EBA, ESMA, EIOPA, and national authorities.

Single sign-on (SSO) & SCIM

SAML 2.0, OIDC, and SCIM provisioning. New joiners enrolled automatically. Leavers de-provisioned. Zero admin overhead.

Annual refresher cycle built-in

Multi-year licensing rolls learners forward each year with content updates as ESAs publish technical standards (RTS/ITS) and supervisor guidance.

Custom modules & policy attestations

Your logo on certificates, co-branded learner emails, and the option to attach your ICT risk policy, incident response plan, or third-party register procedure to any module.

Common questions.

Don't see your question? Send us a note — we usually reply same day.

Ask a question

Done-for-you DORA training for your financial services team

Why DORA training is mandatory — not optional

Role-basedby default.

From kickoff to fully trained in under four weeks.

Scope your risk

Tailor & integrate

Deploy & evidence

What every enterprise rollout includes

Managed rollout in 5 business days

Article 13(6) audit-ready evidence

Manager dashboard & reporting

Single sign-on (SSO) & SCIM

Annual refresher cycle built-in

Custom modules & policy attestations

Common questions.

DORA Compliance and Training for Financial Services: The Complete Guide for 2026

NIS2 Directive: Who Must Comply? The Definitive Guide to Scope, Sectors, and Obligations in 2026

Compliance Glossary: Key Terms and Definitions 2026

Ready to brief us on your team rollout?

Done-for-you DORA training for your financial services team

Why DORA training is mandatory — not optional

Role-basedby default.

From kickoff to fully trained in under four weeks.

Scope your risk

Tailor & integrate

Deploy & evidence

What every enterprise rollout includes

Managed rollout in 5 business days

Article 13(6) audit-ready evidence

Manager dashboard & reporting

Single sign-on (SSO) & SCIM

Annual refresher cycle built-in

Custom modules & policy attestations

Common questions.

DORA Compliance and Training for Financial Services: The Complete Guide for 2026

NIS2 Directive: Who Must Comply? The Definitive Guide to Scope, Sectors, and Obligations in 2026

Compliance Glossary: Key Terms and Definitions 2026

Ready to brief us on your team rollout?

Role-based
by default.

Role-based
by default.