Skip to main content

Digital Operational Resilience Act (DORA)

Does DORA apply to me?

If you fall under any of the below then DORA is most likely applicable to you, subject to certain exemptions:

ICT Service Providers – any undertaking that provides ICT systems and services to financial entities on an ongoing basis, including hardware as a service, as well as hardware services that incorporate technical support through means of software or firmware update.

Financial entities – this includes a vast range of entities, including:

  • Credit institutions
  • Account information service providers
  • Investment firms
  • AIFMS
  • Cryptoasset service providers
  • Payment institutions
  • Central securities depositories
  • Credit rating agencies
  • Data reporting service providers
  • Insurance and reinsurance undertakings
  • Insurance intermediaries

Is your organisation well prepared for DORA?

The ‘Digital Operational Resilience Act’ or DORA (Regulation (EU) 2022/2554) seeks to enhance and improve ICT operational risk requirements across various financial sectors. What was once a piecemeal approach scattered amongst various laws is now being consolidated into one singular EU regulation. It will become applicable as of 17th January 2025.

Mamo TCV DORA Overview
DORA Law & Guidance
Mamo TCV Advocates - DORA Services

If you think that DORA is applicable to you please ask for our assistance

Contact us

Mamo TCV Advocates - DORA Services

UNDERSTANDING DORA

DORA at a glance

The financial sector is increasingly dependent on technology and on tech companies to deliver financial services. This makes financial entities vulnerable to cyber-attacks or incidents.

When not managed properly, ICT risks can lead to disruptions of financial services offered across borders. This in turn, can have an impact on other companies, sectors and even on the rest of the economy, which underlines the importance of the digital operational resilience of the financial sector.

This is where the Digital Operational Resilience Act, or DORA, comes into play.

WHAT WE BELIEVE IN

How can we help?

Our Reputation

Mamo TCV Advocates is a leading Maltese law firm with years of experience in the field of technology law. With clients ranging from world-famous multinational IT companies to individual service providers we can provide your organisation practical advice regardless of the situation you are in.

DORA Compliance

Over the past years we have carried out several legal audits and training sessions for our diverse portfolio of clients and we are now assisting clients with their various new DORA-related legal obligations. From rules relating to direct marketing to data retention obligations, we have you covered.

What we Offer

  • Assistance with identifying applicability of DORA.
  • Negotiation, vetting and amending of contracts between key stakeholders to ensure DORA compliance.
  • Assistance with reporting obligations.
  • Provision of comprehensive expert legal advice to facilitate compliance.

Key Contacts

Photo of Dr Claude Micallef-Grimaud
Claude Micallef Grimaud
Antoine Camilleri - Mamo TCV Advocates
Antoine Camilleri

Stay updated with our latest insights

Explore Insights
AI Act’s Impact on Businesses Operating Within the EU
Telecoms, Media & Technology

The AI Act’s Impact on Businesses Operating Within the EU

This article is part of our EU AI Act series which explores the effect of the AI Act across various industries and sectors. Introduction The first article (see link below) in this EU AI Act series provided, inter alia, a breakdown of the scope, applicability, timeline and risk levels of the AI Act, Regulation (EU) 2024/1689 (hereinafter referred to as the “Act”). The Act introduces significant obligations for all businesses developing or deploying AI that affect persons in the EU, with major fines for non-compliance. Crucially, the Act is extraterritorial in nature, since it also applies to businesses established in…
The EU AI Act
Telecoms, Media & Technology

The EU AI Act: A General Overview

This article is part of our EU AI Act series which explores the effect of the AI Act across various industries and sectors.  Overview & Applicability Timeline The Artificial Intelligence Act (“AI Act” or “Regulation”), officially Regulation (EU) 2024/1689, is a groundbreaking legislative framework designed to address the benefits and risks of AI technologies. Since AI is becoming ubiquitously integrated into various industries, the AI Act aims to ensure that these technologies are deployed safely, ethically, and transparently by establishing rules for AI Systems throughout the European Union (“EU”). The AI Act entered into force across the EU, including Malta,…
Key representing digital resilience
DORA

Status of DORA Regulatory Technical Standards (“RTS”)

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector ( “DORA”) establishes the EU legislative framework for enhancing digital resilience within the EU’s financial industry. Enforcement commences on 17th January 2025 and the EU Commission is tasked with issuing Regulatory Technical Standards (“RTS”) which supplement DORA. The EU Commission publishes the RTS in the Official Journal as Commission Delegated Regulations, but they are largely based on the input of the European Supervisory Authorities (“ESA”) which comprise of ESMA, EBA and EIOPA. The draft RTS submitted to the European…
Security Sign
DORA
Malta’s Draft Order Transposing the EU NIS 2 Directive Now Open for Public Consultation
Mamo TCV Advocates: Insurance
Insurance & Reinsurance
Key Decision by the Financial Arbiter on Life Insurance Policies with Investment

Get in touch if you require any assistance