Project Management for the Compliance with DORA Regulation: A Case Study of a Leading Institution in the Payment Sector

In recent decades, profound technological innovation has driven a significant evolution in the financial sector, fueled by increasing interconnection and regulatory advancements, making a structured approach to digital resilience essential. The Digital Operational Resilience Act (DORA) represents a milestone in the European Union’s strategy to strengthen ICT risk management and operational resilience in this context. Due to the growing reliance of financial institutions on digital infrastructures and third-party service providers, this groundbreaking regulation aims to harmonize cybersecurity and resilience standards across the EU. However, implementing DORA presents significant challenges, as organizations are required to integrate its requirements into their governance, risk management, and compliance frameworks. The objective of this study is to frame the importance of this regulatory framework, identifying its core principles, objectives, and areas of application, while comparing it with previous similar and often overlapping regulations, such as the NIS 2 Directive and GDPR. The research also shifts its focus to how structured project management methodologies, such as PMI, PRINCE2, and Agile, can facilitate the implementation of DORA, ensuring regulatory compliance, risk mitigation, and efficient resource allocation. The study adopts a deductive research approach, starting with a structured analysis of the state of the art of these topics, followed by a detailed investigation of a real case study within a large multinational company operating in the payments sector. Based on a research question that serves as the guiding foundation of this study and as a bridge between theory and practice, the analysis highlights the practical challenges faced, the project management solutions adopted, and the best practices implemented to ensure the correct application of all key aspects of the DORA regulation. The findings suggest that a structured project management approach can enhance coordination among different links in the corporate value chain, strengthen regulatory oversight, and optimize compliance processes, thereby supporting financial institutions in navigating DORA’s complex regulatory landscape. This research contributes to both academic literature and business practices, providing concrete insights for organizations that must address similar processes of integrating regulatory requirements into their operational resilience strategies.