EU REGULATORY TRAININGS SERVICES
Meroi Security delivers practical, role-based EU regulatory trainings—CRA, NIS2, DORA and GDPR—from concise executive briefings to hands-on, two-day deep dives. Choose the format that fits your teams and timelines.
EU Regulatory trainings formats
- Executive Briefing (1 hour) — Strategy overview, regulatory impact, board responsibilities, key risks and decision checkpoints.
- Foundation (1 day) — Core requirements, scoping, controls mapping, roles & responsibilities, quick wins and roadmap.
- Deep Dive (2 days) — End-to-end implementation playbook with labs: governance, risk, testing, evidence, and audit readiness.
Who should attend the EU Regulatory Trainings
- C-suite, board members, compliance and legal leaders.
- Security, product, engineering, SRE/IT operations teams.
- Risk management, DPO/ISO, PMO, internal audit and QA.

CRA (Cyber Resilience Act) — Training coverage
- Scope & timeline: Products with digital elements, role obligations (manufacturer/importer/distributor), CE marking path.
- Annex I essentials: secure-by-design, vulnerability handling, updates, documentation and user information.
- Risk classes & assessments: default vs. important/critical products; self-assessment vs. third-party conformity.
- Product security operations: SBOM (SPDX/CycloneDX), secure update channels, incident & vulnerability reporting.
- Supply chain & post-market: monitoring, corrective actions, recalls, and technical file retention.
- Deep-dive labs (2 days): Annex I gap analysis, SBOM creation, disclosure policy drafting, conformity evidence pack.
NIS2 — Training coverage
- Applicability & classification: essential vs. important entities, sector scope, management accountability.
- Core measures: risk management, incident handling, business continuity, supply-chain security, encryption and MFA.
- Reporting obligations: early warning, incident notification windows, information to CSIRTs/competent authorities.
- Governance & oversight: board liability, policies and KPIs, supervision and enforcement landscape.
- Harmonised standards & mappings: ISO/IEC 27001, ENISA guidance, relation to CRA/DORA.
- Deep-dive labs (2 days): scope & risk register workshop, incident runbook, supplier assurance checklist.
DORA — Training coverage
- Scope & start date: financial entities and critical ICT third-party providers; RTS/ITS landscape.
- ICT risk management: governance, protection, detection, response & recovery; BCP/DR integration.
- Incident reporting: classification and common templates; initial/ongoing/final reports.
- Operational resilience testing: proportional testing and TLPT cadence; remediation and re-testing.
- Third-party risk: contract registers, mandatory clauses, sub-outsourcing and oversight.
- Deep-dive labs (2 days): DORA gap assessment, TLPT readiness playbook, reporting workflow and evidence kit.
GDPR — Training coverage
- Foundations & roles: lawful bases, DPIA, processor vs. controller, DPO responsibilities, records of processing.
- Data subject rights: access, rectification, erasure, portability; response timelines and verification.
- Security & breach response: appropriate measures, vendor due diligence, breach notification to SA/data subjects.
- International transfers: SCCs, TIAs, supplementary measures; relation to contracts and audits.
- Engineering & product: privacy by design/default, minimisation, retention and logging.
- Deep-dive labs (2 days): RoPA build-out, DPIA workshop, SAR handling simulation, vendor assessment pack.
Deliverables you receive
- Slides and reference materials tailored to your industry and audience.
- Templates: policies, runbooks, registers, checklists and evidence trackers.
- Actionable roadmap with priorities, owners, milestones and success metrics.
- (Deep-dive) Hands-on labs outputs: completed worksheets and draft artefacts.
Customization options
- On-site or virtual delivery; cohort size up to 25.
- Role-based breakouts (exec, legal, product, security, ops).
- Country/market add-ons (EU, UK, SG, TW overlays).
Locations:
- Taiwan
- The Netherlands
- Malaysia (check our partner’s page for pre-scheduled trainings HERE)
