DORA Guidance

EU Guidance
MFSA Guidance
Return to main DORA page

EU Guidance

ESAs publish first set of rules under DORA for ICT and third-party risk management and incident classification
ESAs published second batch of policy products under DORA
ESAs respond to the European Commission’s rejection of the technical standards on registers of information under the Digital Operational Resilience Act and call for swift adoption

MFSA Guidance

Update on the Guidance on Technology Arrangements, ICT and Security Risk Management, and Outsourcing Arrangements
Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector – Legal Entity Identifier (‘LEI’) for Register of Information Reporting
Necessary Legal Measures Published for the Purposes of the National Implementation of Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector
Commission Delegated Regulations under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector Published in the EU Official Journal (Update 1)
Second Set of Technical Standards under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector Submitted to the European Commission
Information Sharing Arrangements under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector
ESAs Joint Committee Public Consultation on the Harmonisation of Conditions Enabling the Conduct of the Oversight Activities under Article 41(1) Point (c) of Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector
Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector: ‘Dry-Run’ 2024 ad hoc Exercise on the Data Collection of Registers of Information
MFSA Minimum Expectations in Relation to Financial Entities’ Preparedness to Regulation (EU) 2022/2554 on Digital Operational Resilience
Feedback Statement to Queries Raised by Consulted Stakeholders on Regulation (EU) 2022/2554 on Digital Operational Resilience (the ‘DORA Regulation’)
First Set of Technical Standards under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector Submitted to the European Commission
Consultation Document on the National Implementation of Regulation (EU) 2022/2554 and Transposition of Directive (EU) 2022/2556 on Digital Operational Resilience for the Financial Sector
European Commission Public Consultation on Two Delegated Acts under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector
Regulation (EU) 2022/2554 and Amending Directive (EU) 2022/2556 on Digital Operational Resilience for the Financial Sector published on the EU Official Journal
Update and Benchmarking Exercise on Regulation (EU) 2022/2554 on Digital Operational Resilience
Regulation (EU) 2022/2554 and Amending Directive (EU) 2022/2556 on Digital Operational Resilience for the Financial Sector published on the EU Official Journal
Feedback Statement on the National Implementation of Regulation (EU) 2022/2556 and Transposition of Directive (EU) 2022/2556 on Digital Operational Resilience for the Financial Sector

Stay updated with our latest insights

Explore Insights
Telecoms, Media & Technology

EU AI Act Update: What Will Apply From 2 August 2026 And What Is Being Postponed?

In a recent press release, the Council of the European Union announced that a provisional agreement on the Digital Omnibus Regulation on AI (hereinafter the “Omnibus”) was reached, introducing certain amendments to the EU AI Act (hereinafter the “Act”). Most notably, the provisional agreement revises the timeline for the applicability of certain provisions of the Act, particularly concerning the obligations applicable to high-risk AI systems. In this respect, the application of the obligations with respect to high-risk AI systems listed under Annex III of the Act would be postponed to 2 December 2027. For high-risk AI systems which are embedded…
DORA

Reminder: DORA Register of Information Submission Deadline Approaching

Further to the Malta Financial Services Authority’s (‘MFSA’) circular setting out the reporting timelines applicable to the annual submission of the Register of Information (‘ROI’) under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector (‘DORA’), the submission deadline is now approaching. Financial entities authorised by the MFSA and falling within the scope of DORA are required to submit their updated ROI by 21 March 2026 or the next working day. The ROI must reflect the entity’s contractual arrangements with ICT third-party service providers as at 31 December 2025 and must be submitted via the MFSA’s  LH Portal.…
The EU AI Act
DORA

European Commission Proposes Updated EU Cybersecurity Act (The Cybersecurity Act 2)

On 20 January 2026, the Proposal for a Regulation for the EU Cybersecurity Act (‘The Cybersecurity Act 2’) was published by the European Commission to update and replace Regulation (EU) 2019/881 (the “2019 Cybersecurity Act”). The Proposal was introduced in response to major changes in cybersecurity threats as well as the weaknesses identified in the 2019 Cybersecurity Act. Since the adoption of the 2019 Cybersecurity Act, cyberattacks have become more frequent and sophisticated, increasingly targeting critical infrastructures, essential services and digital supply chains. At the same time, growing geopolitical tensions and the EU’s reliance on technologies from third countries have…
DORA
NIS 2 and Critical Entities Resilience Framework Enter into Force in Malta
DORA reporting timelines
DORA
DORA: Register of Information Reporting Timelines for 2026 and Beyond
AI Act’s Impact on Businesses Operating Within the EU
Data Protection and Privacy
AI Laws of the World: Mamo TCV Contributes to the First Edition of DLA Piper’s Comparative Guide

Join our mailing list

Get in touch by sending us a message or by contacting us directly.