Skip to main content

Digital Operational Resilience Act (DORA)

Does DORA apply to me?

If you fall under any of the below then DORA is most likely applicable to you, subject to certain exemptions:

ICT Service Providers – any undertaking that provides ICT systems and services to financial entities on an ongoing basis, including hardware as a service, as well as hardware services that incorporate technical support through means of software or firmware update.

Financial entities – this includes a vast range of entities, including:

  • Credit institutions
  • Account information service providers
  • Investment firms
  • AIFMS
  • Cryptoasset service providers
  • Payment institutions
  • Central securities depositories
  • Credit rating agencies
  • Data reporting service providers
  • Insurance and reinsurance undertakings
  • Insurance intermediaries

Is your organisation well prepared for DORA?

The ‘Digital Operational Resilience Act’ or DORA (Regulation (EU) 2022/2554) seeks to enhance and improve ICT operational risk requirements across various financial sectors. What was once a piecemeal approach scattered amongst various laws is now being consolidated into one singular EU regulation. It will become applicable as of 17th January 2025.

Mamo TCV DORA Overview
DORA Legislation
DORA Guidance
Mamo TCV Advocates - DORA Services

If you think that DORA is applicable to you please ask for our assistance

Contact us

Mamo TCV Advocates - DORA Services

UNDERSTANDING DORA

DORA at a glance

The financial sector is increasingly dependent on technology and on tech companies to deliver financial services. This makes financial entities vulnerable to cyber-attacks or incidents.

When not managed properly, ICT risks can lead to disruptions of financial services offered across borders. This in turn, can have an impact on other companies, sectors and even on the rest of the economy, which underlines the importance of the digital operational resilience of the financial sector.

This is where the Digital Operational Resilience Act, or DORA, comes into play.

WHAT WE BELIEVE IN

How can we help?

Our Reputation

Mamo TCV Advocates is a leading Maltese law firm with years of experience in the field of technology law. With clients ranging from world-famous multinational IT companies to individual service providers we can provide your organisation practical advice regardless of the situation you are in.

DORA Compliance

Over the past years we have carried out several legal audits and training sessions for our diverse portfolio of clients and we are now assisting clients with their various new DORA-related legal obligations. From rules relating to direct marketing to data retention obligations, we have you covered.

What we Offer

  • Assistance with identifying applicability of DORA.
  • Negotiation, vetting and amending of contracts between key stakeholders to ensure DORA compliance.
  • Assistance with reporting obligations.
  • Provision of comprehensive expert legal advice to facilitate compliance.

Key Contacts

Photo of Dr Claude Micallef-Grimaud
Claude Micallef Grimaud
Antoine Camilleri - Mamo TCV Advocates
Antoine Camilleri

Stay updated with our latest insights

Explore Insights
Insurance & Reinsurance

Regulatory Compliance Quarterly Update | Q2 2025

We are pleased to issue the thirteenth edition of the Regulatory Compliance Quarterly Updates. These updates are intended to keep Maltese regulated entities informed of regulatory changes and developments taking place in the local financial services space. In this issue, we focus on the sector specific and cross-sectoral regulatory updates relating to investment services, CSPs, fintech, insurance undertakings and insurance intermediaries. The Regulatory Compliance Quarterly Update can be found here .The Regulatory Compliance Quarterly Update does not purport to give legal, regulatory,financial or tax advice. Should you require further information or assistance, please do not hesitate to contact Michael Psaila,…
Malta's AI Act
Data Protection and Privacy

Malta’s AI Act Authority Designations

The Malta Digital Innovation Authority (“MDIA”) and the Information Data Protection Commission (“IDPC”) have been identified as the Maltese Market Surveillance Authorities (“MSA”) under EU Regulation 2024/1689 (the “AI Act”), albeit the process of designation has yet to be formally concluded. It is expected that this will take place shortly in the coming days. The MSAs will be tasked with overseeing the responsible use of AI systems in Malta and with having the competence to carry out investigations and issue fines and penalties where necessary. They will have a diverse set of responsibilities that may be categorised as follows: Maintaining…
Parliament Building by Renzo Piano in Valletta, Malta
Investment Services & Funds

Malta Aligns Investment Laws With EU Prudential Regime

The Maltese legislator’s recent publication of five amending legal notices on 29 July 2025 marks a continuous alignment of the Investment Services Act (Chapter 370 of the Laws of Malta) with the European Union’s prudential regime for investment firms. Each of the five legal notices (L.N.) addresses a discrete lacuna that had emerged once the Investment Firms Regulation (IFR) and Investment Firms Directive (IFD) began to apply across the Union earlier this decade. Legal Notice 152 of 2025 amends Malta’s rules on supervisory consolidation under the IFD, refining the criteria by which the Malta Financial Services Authority (MFSA) is designated as consolidating…
Highest EU Court in Luxembourg
Investment Services & Funds
CJEU preliminary rulings as a path towards further investment law harmonisation
Euro symbol on banknote
FinTech
ESMA Supports MFSA’s MiCA Approach
Penetration Testing
DORA
Threat-Led Penetration Testing Regulatory Technical Standards under DORA Take Effect

Get in touch if you require any assistance