Industries

Alternatives

Asset and Wealth Management

Banking & Capital Markets

Government & Public services

Industry & Services

Insurance

Featured

Luxembourg Fund Governance Survey 2024

Your challenges

Business Model Reinvention

Cloud transformation

Cybersecurity and Privacy

Digital Operational Resilience Act (DORA)

Finance Transformation

Generative AI

Sustainability and Climate Change

Sustainable Finance

Featured

CEO Survey Report 2025 - Luxembourg Edition

Services

Advisory

Audit & Assurance Services

Tax, Accounting and Reporting

Actuarial and Risk Modelling Services

GenAI Business Center

Managed Services

AWM & ESG Research Centre

Operational Risk Management

PwC Alliances Luxembourg

PwC Experience Center

Featured

Benchmark your Global Fund Distribution

About us

Annual Review

Country Leadership

Diversity, Equity, Inclusion and Wellbeing

Ethics and compliance

Office

PwC Alumni

Transparency Report

Featured

PwC Luxembourg Annual Review 2024

Content & events

Digital Operational Resilience Act (DORA) - Introduction

In December 2022, the regulation (EU) 2022/2554 on Digital Operational Resilience for the financial sector was published in the Official Journal of the European Union. Also known as Digital Operational Resilience Act (DORA), the regulation intends to harmonise rules regarding digital resilience in the financial sector across all member states.

This training is about understanding the implications of DORA and how organisations are impacted from a business, compliance, governance, operational and IT perspective.

This training will provide participants with an overview of the main provisions and the differences from the existing Information and Communication Technologies (ICT) regulatory framework.

Duration: 2h

Language: Available in English and French. The supporting material is only available in English.

Number of participants: up to 15

Available under intra-company course (i.e. dedicated session on demand)

Objectives

By the end of this training, participants will be able to understand:

the main provisions of DORA regulation and the implications to their organisation;
the implications to the existing ICT regulatory framework;
how to manage ICT risks;
how to classify and report incidents;
the types of resilience testing;
the key considerations related to the management of ICT third party service provider.

Content

Current regulatory landscape in the context of operational resilience and ICT
Main provision of DORA and implementation considerations:
- ICT governance: definition of the roles, responsibilities and segregation of duties within your organisation
- ICT risk management framework: risk taxonomy, methodology and related documentation
- Incident classification, management and reporting
- Resilience testing approach and scope
- Third party services provider management: process and related documentation

Target audience

This course essentially (but not only) addresses to:

Top management
Operations/IT managers
Operational risk managers
Compliance managers
Outsourcing managers
Procurement managers
Internal auditors

Our lead experts

This training is coordinated by Michael Horvath, Partner at PwC Luxembourg.

Michael has acquired a strong financial and regulatory audit as well as advisory background and significant experience leading projects in the asset management sphere.

In the recent past, Michael has been particularly involved in various regulatory projects related to the implementation of the EU regulatory framework for sustainable finance (i.e. SFDR, taxonomy regulation, CSRD) at entity and product level. Michael is involved in various other regulatory projects for clients, from DORA, AML/CFT regulation over CSSF circular 18/698 to MICA.

© 2018 - 2025 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.