Get in touch by sending us a message or by contacting us directly.
DORA EU Legislation
Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Digital and Operational Resilience Act’)
Regulatory Technical Standards
Regulatory Technical Standards (RTS) on ICT risk management framework and on simplified ICT risk management framework
RTS to specify the policy on ICT services supporting critical or important functions provided by ICT third-party service providers (TPPs)
Stay updated with our latest insights
EU AI Act Update: What Will Apply From 2 August 2026 And What Is Being Postponed?
In a recent press release, the Council of the European Union announced that a provisional agreement on the Digital Omnibus Regulation on AI (hereinafter the “Omnibus”) was reached, introducing certain amendments to the EU AI Act (hereinafter the “Act”). Most notably, the provisional agreement revises the timeline for the applicability of certain provisions of the Act, particularly concerning the obligations applicable to high-risk AI systems. In this respect, the application of the obligations with respect to high-risk AI systems listed under Annex III of the Act would be postponed to 2 December 2027. For high-risk AI systems which are embedded…
Reminder: DORA Register of Information Submission Deadline Approaching
Further to the Malta Financial Services Authority’s (‘MFSA’) circular setting out the reporting timelines applicable to the annual submission of the Register of Information (‘ROI’) under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector (‘DORA’), the submission deadline is now approaching. Financial entities authorised by the MFSA and falling within the scope of DORA are required to submit their updated ROI by 21 March 2026 or the next working day. The ROI must reflect the entity’s contractual arrangements with ICT third-party service providers as at 31 December 2025 and must be submitted via the MFSA’s LH Portal.…
European Commission Proposes Updated EU Cybersecurity Act (The Cybersecurity Act 2)
On 20 January 2026, the Proposal for a Regulation for the EU Cybersecurity Act (‘The Cybersecurity Act 2’) was published by the European Commission to update and replace Regulation (EU) 2019/881 (the “2019 Cybersecurity Act”). The Proposal was introduced in response to major changes in cybersecurity threats as well as the weaknesses identified in the 2019 Cybersecurity Act. Since the adoption of the 2019 Cybersecurity Act, cyberattacks have become more frequent and sophisticated, increasingly targeting critical infrastructures, essential services and digital supply chains. At the same time, growing geopolitical tensions and the EU’s reliance on technologies from third countries have…