Skip to main content
monochrome-photo-of-shapes-square-and-triangle
ICT Aspects of a MiCA Application DORAFinTech

ICT Aspects of a MiCA Application

On the 17th of June 2025, the Malta Financial Services Authority (“MFSA”) published a circular titled ‘Follow-Up Circular to the Industry on the Authorisation Process for MiCA Applicants’. The circular concerns the authorisation process for crypto-asset service providers (CASPs) under Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA), as integrated in Maltese law through Chapter 647.  This circular supplements the Authority’s communication of the 10th December 2024 which was explained in a previous legal update. The June 2025 circular introduces two additional annexes that are now required as part of a complete MiCA application file. These are Annex AX05 (Digital…
Mamo TCV Advocates
20th June 2025
Rejected!
European Commission Rejects Draft Regulatory Technical Standards on ICT Subcontracting DORATelecoms, Media & Technology

European Commission Rejects Draft Regulatory Technical Standards on ICT Subcontracting

The European Commission has communicated its rejection of the draft Regulatory Technical Standards (RTS) on subcontracting ICT services supporting critical or important functions supplementing the Digital Operational Resilience Act (DORA).  In its communication, the Commission held that the European Supervisory Authorities (ESAs) exceeded their mandate under Article 30(5) of DORA (which came into effect on 17 January 2025) by introducing requirements not specifically linked to the conditions for subcontracting in Article 5 of the RTS. The Commission has made it clear that Article 5 and the related recital 5 of the draft RTS must be omitted from the draft RTS…
Mamo TCV Advocates
31st January 2025
Triangular Patterns
MFSA Issues Two Circulars on ICT Risk DORAFinTechTelecoms, Media & Technology

MFSA Issues Two Circulars on ICT Risk

On the 16th of January 2025, the MFSA published a circular on the register of information-reporting-timelines for MFSA-authorised persons. Subsequently, on the 17th of January 2025, the MFSA published another circular outlining several resources uploaded to its website to assist compliance with Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (“DORA”). The circular issued on 16th of January 2025 focuses on the Register of Information required under Article 28(3) of DORA. This register mandates financial entities to document all contractual arrangements with ICT Third-Party Service Providers (“ICT TPPs”), ensuring transparency in…
Mamo TCV Advocates
20th January 2025
St James Cavalier Web Dome
DORA is Now in Force: What’s Next? DORAFinTechTelecoms, Media & Technology

DORA is Now in Force: What’s Next?

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (“DORA” or the “Act”) became enforceable as of 17th January 2025. DORA Resources As highlighted in various DORA insights by our Firm over the last few months (including a very useful overview of DORA itself), DORA represents a significant milestone in aligning the financial services sector with the EU’s digital finance strategy, offering a regulatory framework for operational resilience and ICT risk management. Designed to bolster operational resilience against increasingly sophisticated cyber threats, DORA ushers in a new era…
Key representing digital resilience
Status of DORA Regulatory Technical Standards (“RTS”) DORAFinTechTelecoms, Media & Technology

Status of DORA Regulatory Technical Standards (“RTS”)

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector ( “DORA”) establishes the EU legislative framework for enhancing digital resilience within the EU’s financial industry. Enforcement commences on 17th January 2025 and the EU Commission is tasked with issuing Regulatory Technical Standards (“RTS”) which supplement DORA. The EU Commission publishes the RTS in the Official Journal as Commission Delegated Regulations, but they are largely based on the input of the European Supervisory Authorities (“ESA”) which comprise of ESMA, EBA and EIOPA. The draft RTS submitted to the European…
Security Sign
Malta’s Draft Order Transposing the EU NIS 2 Directive Now Open for Public Consultation DORATelecoms, Media & Technology

Malta’s Draft Order Transposing the EU NIS 2 Directive Now Open for Public Consultation

The Ministry for Home Affairs, Security and Employment (MHSE) published the proposed Maltese draft order for the transposition of the EU Network and Information Systems Directive II (‘NIS 2’) on 6 September 2024. The draft order, titled ‘Measures For A High Common Level Of Cybersecurity Across The European Union (Malta) Order, 2024’ (the ‘Draft Order’) is currently open for public consultation until 7 October, seeking input for the effective implementation of the NIS 2 Directive in Malta, which must be transposed in national law by 17 October 2024. The Draft Order implements the NIS 2 Directive which significantly expands upon…
Mamo TCV Advocates
13th September 2024