Skip to main content

DORA Guidance

EU Guidance
MFSA Guidance
Return to main DORA page

EU Guidance

ESAs publish first set of rules under DORA for ICT and third-party risk management and incident classification
ESAs published second batch of policy products under DORA
ESAs respond to the European Commission’s rejection of the technical standards on registers of information under the Digital Operational Resilience Act and call for swift adoption

MFSA Guidance

Update on the Guidance on Technology Arrangements, ICT and Security Risk Management, and Outsourcing Arrangements
Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector – Legal Entity Identifier (‘LEI’) for Register of Information Reporting
Necessary Legal Measures Published for the Purposes of the National Implementation of Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector
Commission Delegated Regulations under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector Published in the EU Official Journal (Update 1)
Second Set of Technical Standards under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector Submitted to the European Commission
Information Sharing Arrangements under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector
ESAs Joint Committee Public Consultation on the Harmonisation of Conditions Enabling the Conduct of the Oversight Activities under Article 41(1) Point (c) of Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector
Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector: ‘Dry-Run’ 2024 ad hoc Exercise on the Data Collection of Registers of Information
MFSA Minimum Expectations in Relation to Financial Entities’ Preparedness to Regulation (EU) 2022/2554 on Digital Operational Resilience
Feedback Statement to Queries Raised by Consulted Stakeholders on Regulation (EU) 2022/2554 on Digital Operational Resilience (the ‘DORA Regulation’)
First Set of Technical Standards under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector Submitted to the European Commission
Consultation Document on the National Implementation of Regulation (EU) 2022/2554 and Transposition of Directive (EU) 2022/2556 on Digital Operational Resilience for the Financial Sector
European Commission Public Consultation on Two Delegated Acts under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector
Regulation (EU) 2022/2554 and Amending Directive (EU) 2022/2556 on Digital Operational Resilience for the Financial Sector published on the EU Official Journal
Update and Benchmarking Exercise on Regulation (EU) 2022/2554 on Digital Operational Resilience
Regulation (EU) 2022/2554 and Amending Directive (EU) 2022/2556 on Digital Operational Resilience for the Financial Sector published on the EU Official Journal
Feedback Statement on the National Implementation of Regulation (EU) 2022/2556 and Transposition of Directive (EU) 2022/2556 on Digital Operational Resilience for the Financial Sector

Stay updated with our latest insights

Explore Insights
Traffic warning
DORA

DORA ICT Subcontracting RTS Published

Following the European Commission’s earlier rejection, the Regulatory Technical Standards (RTS) on ICT Subcontracting have been published in the EU Official Journal on 2 July 2025. The RTS will enter into force 20 days after publication, which means that they will come into effect on 22 July 2025. Financial entities and ICT providers must ensure to update their contractual arrangements to fulfil the conditions set out in the RTS to ensure compliance by 22 July 2025. To receive updates on this important development and related news please visit our website and consider subscribing to our newsletter. This document does not purport…
Digital Inclusion
Telecoms, Media & Technology

Digital Inclusion: The European Accessibility Act and the Web Accessibility Directive

As the digital economy continues to expand, businesses must ensure that their products and services are accessible to everyone — including persons with disabilities. Two key EU laws are shaping accessibility obligations in Malta: the European Accessibility Act and the Web Accessibility Directive. These legal frameworks place important compliance responsibilities on entities with an online presence, particularly those operating in retail, e-commerce, consumer electronics, financial services, and other industries that rely heavily on websites and mobile applications to serve customers. What is the European Accessibility Act? The European Accessibility Act (Directive (EU) 2019/882) will come into force in Malta on…
monochrome-photo-of-shapes-square-and-triangle
DORA

ICT Aspects of a MiCA Application

On the 17th of June 2025, the Malta Financial Services Authority (“MFSA”) published a circular titled ‘Follow-Up Circular to the Industry on the Authorisation Process for MiCA Applicants’. The circular concerns the authorisation process for crypto-asset service providers (CASPs) under Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA), as integrated in Maltese law through Chapter 647.  This circular supplements the Authority’s communication of the 10th December 2024 which was explained in a previous legal update. The June 2025 circular introduces two additional annexes that are now required as part of a complete MiCA application file. These are Annex AX05 (Digital…
Chain
Telecoms, Media & Technology
Malta’s Transposition of the NIS 2 Directive: S.L. 460.41
European Blockchain Sandbox
Telecoms, Media & Technology
European Blockchain Sandbox 3rd Cohort & Best Practices Webinar
Rejected!
DORA
European Commission Rejects Draft Regulatory Technical Standards on ICT Subcontracting

Join our mailing list

Get in touch by sending us a message or by contacting us directly.