Skip to main content

DORA Guidance

EU Guidance
MFSA Guidance
Return to main DORA page

EU Guidance

ESAs publish first set of rules under DORA for ICT and third-party risk management and incident classification
ESAs published second batch of policy products under DORA
ESAs respond to the European Commission’s rejection of the technical standards on registers of information under the Digital Operational Resilience Act and call for swift adoption

MFSA Guidance

Update on the Guidance on Technology Arrangements, ICT and Security Risk Management, and Outsourcing Arrangements
Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector – Legal Entity Identifier (‘LEI’) for Register of Information Reporting
Necessary Legal Measures Published for the Purposes of the National Implementation of Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector
Commission Delegated Regulations under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector Published in the EU Official Journal (Update 1)
Second Set of Technical Standards under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector Submitted to the European Commission
Information Sharing Arrangements under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector
ESAs Joint Committee Public Consultation on the Harmonisation of Conditions Enabling the Conduct of the Oversight Activities under Article 41(1) Point (c) of Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector
Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector: ‘Dry-Run’ 2024 ad hoc Exercise on the Data Collection of Registers of Information
MFSA Minimum Expectations in Relation to Financial Entities’ Preparedness to Regulation (EU) 2022/2554 on Digital Operational Resilience
Feedback Statement to Queries Raised by Consulted Stakeholders on Regulation (EU) 2022/2554 on Digital Operational Resilience (the ‘DORA Regulation’)
First Set of Technical Standards under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector Submitted to the European Commission
Consultation Document on the National Implementation of Regulation (EU) 2022/2554 and Transposition of Directive (EU) 2022/2556 on Digital Operational Resilience for the Financial Sector
European Commission Public Consultation on Two Delegated Acts under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector
Regulation (EU) 2022/2554 and Amending Directive (EU) 2022/2556 on Digital Operational Resilience for the Financial Sector published on the EU Official Journal
Update and Benchmarking Exercise on Regulation (EU) 2022/2554 on Digital Operational Resilience
Regulation (EU) 2022/2554 and Amending Directive (EU) 2022/2556 on Digital Operational Resilience for the Financial Sector published on the EU Official Journal
Feedback Statement on the National Implementation of Regulation (EU) 2022/2556 and Transposition of Directive (EU) 2022/2556 on Digital Operational Resilience for the Financial Sector

Stay updated with our latest insights

Explore Insights
AI Act’s Impact on Businesses Operating Within the EU
Data Protection and Privacy

AI Laws of the World: Mamo TCV Contributes to the First Edition of DLA Piper’s Comparative Guide

DLA Piper’s recently published ‘AI Laws of the World’ guide provides a 2025 Q3 snapshot of AI laws and proposed regulations across more than 40 countries (including all 27 EU Member States), highlighting key legislative developments, regulations, proposed bills, and guidelines issued by governmental bodies. The guide also includes a contribution made by Mamo TCV Advocates which illustrates the legal position in Malta. The guide underscores significant geographical variation in regulatory approaches and attitudes, yet also reveals numerous common concerns, with lawmakers and AI-focused organisations worldwide adopting and exchanging a variety of strategies. Whilst some jurisdictions have established their own…
Malta's AI Act
Data Protection and Privacy

Malta’s AI Act Authority Designations

The Malta Digital Innovation Authority (“MDIA”) and the Information Data Protection Commission (“IDPC”) have been identified as the Maltese Market Surveillance Authorities (“MSA”) under EU Regulation 2024/1689 (the “AI Act”), albeit the process of designation has yet to be formally concluded. It is expected that this will take place shortly in the coming days. The MSAs will be tasked with overseeing the responsible use of AI systems in Malta and with having the competence to carry out investigations and issue fines and penalties where necessary. They will have a diverse set of responsibilities that may be categorised as follows: Maintaining…
Penetration Testing
DORA

Threat-Led Penetration Testing Regulatory Technical Standards under DORA Take Effect

As of today, 8 July 2025, the Regulatory Technical Standards (RTS) on Threat-Led Penetration Testing (TLPT) are now effective, including in Malta, following their publication in the Official Journal on 18 June 2025. These RTS supplement Article 26 of the Digital Operational Resilience Act (‘DORA’) and lay down a framework for the execution of TLPT. The RTS specify the criteria used for identifying the financial entities which are required to perform threat-led penetration tests and lay down organisational arrangements for financial entities. The RTS also include provisions on risk management and specify criteria for engaging TLPT providers. Moreover, the RTS…
Traffic warning
DORA
DORA ICT Subcontracting RTS Published
Digital Inclusion
Telecoms, Media & Technology
Digital Inclusion: The European Accessibility Act and the Web Accessibility Directive
monochrome-photo-of-shapes-square-and-triangle
DORA
ICT Aspects of a MiCA Application

Join our mailing list

Get in touch by sending us a message or by contacting us directly.