Get in touch by sending us a message or by contacting us directly.
DORA EU Legislation
Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Digital and Operational Resilience Act’)
Regulatory Technical Standards
Regulatory Technical Standards (RTS) on ICT risk management framework and on simplified ICT risk management framework
RTS to specify the policy on ICT services supporting critical or important functions provided by ICT third-party service providers (TPPs)
Stay updated with our latest insights
Malta’s AI Act Authority Designations
The Malta Digital Innovation Authority (“MDIA”) and the Information Data Protection Commission (“IDPC”) have been identified as the Maltese Market Surveillance Authorities (“MSA”) under EU Regulation 2024/1689 (the “AI Act”), albeit the process of designation has yet to be formally concluded. It is expected that this will take place shortly in the coming days. The MSAs will be tasked with overseeing the responsible use of AI systems in Malta and with having the competence to carry out investigations and issue fines and penalties where necessary. They will have a diverse set of responsibilities that may be categorised as follows: Maintaining…
Threat-Led Penetration Testing Regulatory Technical Standards under DORA Take Effect
As of today, 8 July 2025, the Regulatory Technical Standards (RTS) on Threat-Led Penetration Testing (TLPT) are now effective, including in Malta, following their publication in the Official Journal on 18 June 2025. These RTS supplement Article 26 of the Digital Operational Resilience Act (‘DORA’) and lay down a framework for the execution of TLPT. The RTS specify the criteria used for identifying the financial entities which are required to perform threat-led penetration tests and lay down organisational arrangements for financial entities. The RTS also include provisions on risk management and specify criteria for engaging TLPT providers. Moreover, the RTS…
DORA ICT Subcontracting RTS Published
Following the European Commission’s earlier rejection, the Regulatory Technical Standards (RTS) on ICT Subcontracting have been published in the EU Official Journal on 2 July 2025. The RTS will enter into force 20 days after publication, which means that they will come into effect on 22 July 2025. Financial entities and ICT providers must ensure to update their contractual arrangements to fulfil the conditions set out in the RTS to ensure compliance by 22 July 2025. To receive updates on this important development and related news please visit our website and consider subscribing to our newsletter. This document does not purport…