Skip to main content

DORA Opinions & Guidelines

Return to main DORA page

DORA Regulation (EU) 2022/2554

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Digital and Operational Resilience Act’)

MFSA Guidance

MFSA Minimum Expectations in Relation to Financial Entities’ Preparedness to Regulation (EU) 2022/2554 on Digital Operational Resilience
Update on the Guidance on Technology Arrangements, ICT and Security Risk Management, and Outsourcing Arrangements

Stay updated with our latest insights

Rejected!
DORA

European Commission Rejects Draft Regulatory Technical Standards on ICT Subcontracting

The European Commission has communicated its rejection of the draft Regulatory Technical Standards (RTS) on subcontracting ICT services supporting critical or important functions supplementing the Digital Operational Resilience Act (DORA).  In its communication, the Commission held that the European Supervisory Authorities (ESAs) exceeded their mandate under Article 30(5) of DORA (which came into effect on 17 January 2025) by introducing requirements not specifically linked to the conditions for subcontracting in Article 5 of the RTS. The Commission has made it clear that Article 5 and the related recital 5 of the draft RTS must be omitted from the draft RTS…
EU AI Act
Telecoms, Media & Technology

EU AI Act: Banned AI Practices from 2 February 2025

The EU AI Act becomes applicable across the EU, including Malta, on 2 August, 2026 (you may read our general overview here). However, the AI Act’s general provisions and the provisions on prohibited AI practices that present an unacceptable level of risk, will come into force as early as 2 February 2025. With this deadline fast approaching, organisations subject to the AI Act must ensure compliance accordingly. AI Literacy By 2 February 2025, providers and deployers of AI systems, including those based in Malta, must take steps to guarantee an adequate level of AI literacy among their staff and any…
Triangular Patterns
DORA

MFSA Issues Two Circulars on ICT Risk

On the 16th of January 2025, the MFSA published a circular on the register of information-reporting-timelines for MFSA-authorised persons. Subsequently, on the 17th of January 2025, the MFSA published another circular outlining several resources uploaded to its website to assist compliance with Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (“DORA”). The circular issued on 16th of January 2025 focuses on the Register of Information required under Article 28(3) of DORA. This register mandates financial entities to document all contractual arrangements with ICT Third-Party Service Providers (“ICT TPPs”), ensuring transparency in…
St James Cavalier Web Dome
DORA
DORA is Now in Force: What’s Next?
Insurance & Reinsurance
Regulatory Compliance Quarterly Update | Q4 2024
European Blockchain Sandbox
FinTech
European Blockchain Sandbox & MDIA Joint Webinar

Join our mailing list

Get in touch by sending us a message or by contacting us directly.