Digital Operational Resilience Act (DORA)

Does DORA apply to me?

If you fall under any of the below then DORA is most likely applicable to you, subject to certain exemptions:

ICT Service Providers – any undertaking that provides ICT systems and services to financial entities on an ongoing basis, including hardware as a service, as well as hardware services that incorporate technical support through means of software or firmware update.

Financial entities – this includes a vast range of entities, including:

  • Credit institutions
  • Account information service providers
  • Investment firms
  • AIFMS
  • Cryptoasset service providers
  • Payment institutions
  • Central securities depositories
  • Credit rating agencies
  • Data reporting service providers
  • Insurance and reinsurance undertakings
  • Insurance intermediaries

Is your organisation well prepared for DORA?

The ‘Digital Operational Resilience Act’ or DORA (Regulation (EU) 2022/2554) seeks to enhance and improve ICT operational risk requirements across various financial sectors. What was once a piecemeal approach scattered amongst various laws is now being consolidated into one singular EU regulation. It will become applicable as of 17th January 2025.

Mamo TCV DORA Overview
DORA Legislation
DORA Guidance
Mamo TCV Advocates - DORA Services

If you think that DORA is applicable to you please ask for our assistance

Contact us

Mamo TCV Advocates - DORA Services

UNDERSTANDING DORA

DORA at a glance

The financial sector is increasingly dependent on technology and on tech companies to deliver financial services. This makes financial entities vulnerable to cyber-attacks or incidents.

When not managed properly, ICT risks can lead to disruptions of financial services offered across borders. This in turn, can have an impact on other companies, sectors and even on the rest of the economy, which underlines the importance of the digital operational resilience of the financial sector.

This is where the Digital Operational Resilience Act, or DORA, comes into play.

WHAT WE BELIEVE IN

How can we help?

Our Reputation

Mamo TCV Advocates is a leading Maltese law firm with years of experience in the field of technology law. With clients ranging from world-famous multinational IT companies to individual service providers we can provide your organisation practical advice regardless of the situation you are in.

DORA Compliance

Over the past years we have carried out several legal audits and training sessions for our diverse portfolio of clients and we are now assisting clients with their various new DORA-related legal obligations. From rules relating to direct marketing to data retention obligations, we have you covered.

What we Offer

  • Assistance with identifying applicability of DORA.
  • Negotiation, vetting and amending of contracts between key stakeholders to ensure DORA compliance.
  • Assistance with reporting obligations.
  • Provision of comprehensive expert legal advice to facilitate compliance.

Key Contacts

Claude Micallef-Grimaud - Mamo TCV Advocates
Claude Micallef Grimaud
Antoine Camilleri - Mamo TCV Advocates
Antoine Camilleri

Stay updated with our latest insights

Explore Insights
Telecoms, Media & Technology

EU AI Act Update: What Will Apply From 2 August 2026 And What Is Being Postponed?

In a recent press release, the Council of the European Union announced that a provisional agreement on the Digital Omnibus Regulation on AI (hereinafter the “Omnibus”) was reached, introducing certain amendments to the EU AI Act (hereinafter the “Act”). Most notably, the provisional agreement revises the timeline for the applicability of certain provisions of the Act, particularly concerning the obligations applicable to high-risk AI systems. In this respect, the application of the obligations with respect to high-risk AI systems listed under Annex III of the Act would be postponed to 2 December 2027. For high-risk AI systems which are embedded…
Banking & Finance

Payments Insights #6 – EU Legislative Drafting Status of PSD3 and PSR

When the Second Payment Services Directive ('PSD2') replaced the First Payment Services Directive, the EU had solidified the regulatory architecture governing payment services across the single market; and this has served the ecosystem well for the past decade. On 18th May 2026, the Chair of the European Parliament's Committee on Economic and Monetary Affairs wrote to the EU Council Presidency to confirm that if the EU Council transmits its position on the Third Payment Services Directive (“Proposed PSD3”) and the Payment Services Regulation (“Proposed PSR”) in its current form, the Committee will recommend adoption at second reading without amendment. The…
Investment Services & Funds

AI & Funds #7 – Applicability of EU AI Act

This seventh instalment in the AI & Funds series revisits the six previous briefings issued when the law was still in draft and provides a comparative legal analysis of how the EU framework on artificial intelligence, ultimately promulgated as Regulation (EU) 2024/1689 (the "AI Act"), has settled in relation to investment funds. The AI Act has a staggered application schedule that culminates in August 2027. Article 50 of the AI Act on transparency is the section most likely to be relevant to investment funds in practice; and this becomes applicable in August 2026. The following six sections examine each prior…
FinTech
Fintech Insights #12 – MiCA & Prevention of Market Abuse
Insurance & Reinsurance
Regulatory Compliance Quarterly Update | Q1 2026
Insurance & Reinsurance
Court of Appeal Upholds Insurers’ Freedom to Select Their Risks

Get in touch if you require any assistance