EU REGULATORY TRAININGS SERVICES

Meroi Security delivers practical, role-based EU regulatory trainings—CRA, NIS2, DORA and GDPR—from concise executive briefings to hands-on, two-day deep dives. Choose the format that fits your teams and timelines.

EU Regulatory trainings formats

  • Executive Briefing (1 hour) — Strategy overview, regulatory impact, board responsibilities, key risks and decision checkpoints.
  • Foundation (1 day) — Core requirements, scoping, controls mapping, roles & responsibilities, quick wins and roadmap.
  • Deep Dive (2 days) — End-to-end implementation playbook with labs: governance, risk, testing, evidence, and audit readiness.

Who should attend the EU Regulatory Trainings

  • C-suite, board members, compliance and legal leaders.
  • Security, product, engineering, SRE/IT operations teams.
  • Risk management, DPO/ISO, PMO, internal audit and QA.
Meroi Security compliance trainings

CRA (Cyber Resilience Act) — Training coverage

  • Scope & timeline: Products with digital elements, role obligations (manufacturer/importer/distributor), CE marking path.
  • Annex I essentials: secure-by-design, vulnerability handling, updates, documentation and user information.
  • Risk classes & assessments: default vs. important/critical products; self-assessment vs. third-party conformity.
  • Product security operations: SBOM (SPDX/CycloneDX), secure update channels, incident & vulnerability reporting.
  • Supply chain & post-market: monitoring, corrective actions, recalls, and technical file retention.
  • Deep-dive labs (2 days): Annex I gap analysis, SBOM creation, disclosure policy drafting, conformity evidence pack.

NIS2 — Training coverage

  • Applicability & classification: essential vs. important entities, sector scope, management accountability.
  • Core measures: risk management, incident handling, business continuity, supply-chain security, encryption and MFA.
  • Reporting obligations: early warning, incident notification windows, information to CSIRTs/competent authorities.
  • Governance & oversight: board liability, policies and KPIs, supervision and enforcement landscape.
  • Harmonised standards & mappings: ISO/IEC 27001, ENISA guidance, relation to CRA/DORA.
  • Deep-dive labs (2 days): scope & risk register workshop, incident runbook, supplier assurance checklist.

DORA — Training coverage

  • Scope & start date: financial entities and critical ICT third-party providers; RTS/ITS landscape.
  • ICT risk management: governance, protection, detection, response & recovery; BCP/DR integration.
  • Incident reporting: classification and common templates; initial/ongoing/final reports.
  • Operational resilience testing: proportional testing and TLPT cadence; remediation and re-testing.
  • Third-party risk: contract registers, mandatory clauses, sub-outsourcing and oversight.
  • Deep-dive labs (2 days): DORA gap assessment, TLPT readiness playbook, reporting workflow and evidence kit.

GDPR — Training coverage

  • Foundations & roles: lawful bases, DPIA, processor vs. controller, DPO responsibilities, records of processing.
  • Data subject rights: access, rectification, erasure, portability; response timelines and verification.
  • Security & breach response: appropriate measures, vendor due diligence, breach notification to SA/data subjects.
  • International transfers: SCCs, TIAs, supplementary measures; relation to contracts and audits.
  • Engineering & product: privacy by design/default, minimisation, retention and logging.
  • Deep-dive labs (2 days): RoPA build-out, DPIA workshop, SAR handling simulation, vendor assessment pack.

Deliverables you receive

  • Slides and reference materials tailored to your industry and audience.
  • Templates: policies, runbooks, registers, checklists and evidence trackers.
  • Actionable roadmap with priorities, owners, milestones and success metrics.
  • (Deep-dive) Hands-on labs outputs: completed worksheets and draft artefacts.

Customization options

  • On-site or virtual delivery; cohort size up to 25.
  • Role-based breakouts (exec, legal, product, security, ops).
  • Country/market add-ons (EU, UK, SG, TW overlays).

Locations:

  • Taiwan
  • The Netherlands
  • Malaysia (check our partner’s page for pre-scheduled trainings HERE)

BOOK YOUR EU REGULATORY TRAININGS