Skip to main content

Digital Operational Resilience Act (DORA)

Does DORA apply to me?

If you fall under any of the below then DORA is most likely applicable to you, subject to certain exemptions:

ICT Service Providers – any undertaking that provides ICT systems and services to financial entities on an ongoing basis, including hardware as a service, as well as hardware services that incorporate technical support through means of software or firmware update.

Financial entities – this includes a vast range of entities, including:

  • Credit institutions
  • Account information service providers
  • Investment firms
  • AIFMS
  • Cryptoasset service providers
  • Payment institutions
  • Central securities depositories
  • Credit rating agencies
  • Data reporting service providers
  • Insurance and reinsurance undertakings
  • Insurance intermediaries

Is your organisation well prepared for DORA?

The ‘Digital Operational Resilience Act’ or DORA (Regulation (EU) 2022/2554) seeks to enhance and improve ICT operational risk requirements across various financial sectors. What was once a piecemeal approach scattered amongst various laws is now being consolidated into one singular EU regulation. It will become applicable as of 17th January 2025.

Mamo TCV DORA Overview
DORA Legislation
DORA Guidance
Mamo TCV Advocates - DORA Services

If you think that DORA is applicable to you please ask for our assistance

Contact us

Mamo TCV Advocates - DORA Services

UNDERSTANDING DORA

DORA at a glance

The financial sector is increasingly dependent on technology and on tech companies to deliver financial services. This makes financial entities vulnerable to cyber-attacks or incidents.

When not managed properly, ICT risks can lead to disruptions of financial services offered across borders. This in turn, can have an impact on other companies, sectors and even on the rest of the economy, which underlines the importance of the digital operational resilience of the financial sector.

This is where the Digital Operational Resilience Act, or DORA, comes into play.

WHAT WE BELIEVE IN

How can we help?

Our Reputation

Mamo TCV Advocates is a leading Maltese law firm with years of experience in the field of technology law. With clients ranging from world-famous multinational IT companies to individual service providers we can provide your organisation practical advice regardless of the situation you are in.

DORA Compliance

Over the past years we have carried out several legal audits and training sessions for our diverse portfolio of clients and we are now assisting clients with their various new DORA-related legal obligations. From rules relating to direct marketing to data retention obligations, we have you covered.

What we Offer

  • Assistance with identifying applicability of DORA.
  • Negotiation, vetting and amending of contracts between key stakeholders to ensure DORA compliance.
  • Assistance with reporting obligations.
  • Provision of comprehensive expert legal advice to facilitate compliance.

Key Contacts

Photo of Dr Claude Micallef-Grimaud
Claude Micallef Grimaud
Antoine Camilleri - Mamo TCV Advocates
Antoine Camilleri

Stay updated with our latest insights

Explore Insights
Chain
Telecoms, Media & Technology

Malta’s Transposition of the NIS 2 Directive: S.L. 460.41

Following Malta’s Draft Order transposing the EU NIS 2 Directive, which closed for public consultation on 7 October 2024, as an EU Member State, Malta was obliged to transpose EU Directive 2022/2555 (‘NIS 2’) by 17 October 2024. The transposition was finally implemented on 8 April 2025 through Legal Notice 71 of 2025 which creates the Measures for a High Common Level of Cybersecurity across the European Union (Malta) Order, 2025 as Subsidiary Legislation 460.41 (S.L. 460.41). It should however be noted that at time of writing, S.L. 460.41 is not yet in force, though it is expected to come…
High rise in Malta
FinTech

Fintech Insights #10 –
Raising Funds Through Tokenisation

The EU’s process towards further harmonisation of its Capital Markets Union (“CMU”) provides a timely context for the implementation of tokenisation. The CMU aims to create a single, integrated financial market across the EU, fostering cross-border investments, mobilising citizens’ personal savings and reducing the reliance on bank-driven financing. The implementation of tokenisation within capital markets can help achieve these objectives by enabling frictionless trading and unlocking access to new pools of capital whilst increasing liquidity. As discussed in the previous insight on tokenisation in Malta, tokenisation reimagines asset representation by embedding ownership and legal rights into programmable tokens recorded on…
European Blockchain Sandbox
Telecoms, Media & Technology

European Blockchain Sandbox 3rd Cohort & Best Practices Webinar

The selection process for the third and final cohort of the European Blockchain Sandbox has been completed and the final twenty selected use cases have now been announced. Moreover, the European Blockchain Sandbox will soon be publishing the second cohort’s Best Practices Report which shall contain an overview of the regulatory best practices identified. The Report will be launched during a public webinar to be held on the 29th April 2025 at 14:00 CET, wherein the public is invited to ask any questions they may have regarding the Report. In conjunction, the award for the Most Innovative Regulator for the…
Euro symbol on banknote
FinTech
MFSA Consolidates Maltese CASP Supervision
Manoel Island
Investment Services & Funds
SLPFs: Partnership Funds Without Legal Personality
Rejected!
DORA
European Commission Rejects Draft Regulatory Technical Standards on ICT Subcontracting

Get in touch if you require any assistance