Digital Operational Resilience Act (DORA)

Does DORA apply to me?

If you fall under any of the below then DORA is most likely applicable to you, subject to certain exemptions:

ICT Service Providers – any undertaking that provides ICT systems and services to financial entities on an ongoing basis, including hardware as a service, as well as hardware services that incorporate technical support through means of software or firmware update.

Financial entities – this includes a vast range of entities, including:

Credit institutions
Account information service providers
Investment firms
AIFMS
Cryptoasset service providers
Payment institutions
Central securities depositories
Credit rating agencies
Data reporting service providers
Insurance and reinsurance undertakings
Insurance intermediaries

Is your organisation well prepared for DORA?

The ‘Digital Operational Resilience Act’ or DORA (Regulation (EU) 2022/2554) seeks to enhance and improve ICT operational risk requirements across various financial sectors. What was once a piecemeal approach scattered amongst various laws is now being consolidated into one singular EU regulation. It will become applicable as of 17th January 2025.

Mamo TCV DORA Overview

DORA Law & Guidance

If you think that DORA is applicable to you please ask for our assistance

Contact us

UNDERSTANDING DORA

DORA at a glance

The financial sector is increasingly dependent on technology and on tech companies to deliver financial services. This makes financial entities vulnerable to cyber-attacks or incidents.

When not managed properly, ICT risks can lead to disruptions of financial services offered across borders. This in turn, can have an impact on other companies, sectors and even on the rest of the economy, which underlines the importance of the digital operational resilience of the financial sector.

This is where the Digital Operational Resilience Act, or DORA, comes into play.

WHAT WE BELIEVE IN

How can we help?

Our Reputation

Mamo TCV Advocates is a leading Maltese law firm with years of experience in the field of technology law. With clients ranging from world-famous multinational IT companies to individual service providers we can provide your organisation practical advice regardless of the situation you are in.

DORA Compliance

Over the past years we have carried out several legal audits and training sessions for our diverse portfolio of clients and we are now assisting clients with their various new DORA-related legal obligations. From rules relating to direct marketing to data retention obligations, we have you covered.

What we Offer

Assistance with identifying applicability of DORA.
Negotiation, vetting and amending of contracts between key stakeholders to ensure DORA compliance.
Assistance with reporting obligations.
Provision of comprehensive expert legal advice to facilitate compliance.

Key Contacts

Claude Micallef Grimaud

Antoine Camilleri

Stay updated with our latest insights

Explore Insights

Mamo TCV Advocates - Integration of EU’s MiCAR in Maltese law

FinTech

FinTech Insights #7 –
Integration of EU’s MiCAR in Maltese law

Malta has been a forerunner in regulating digital assets with the introduction of the Virtual Financial Assets Act, Chapter 590 of the Laws of Malta (the “VFA Act”) back in 2018. Following its approval in 2022 and publication in 2023, Regulation (EU) 2023/1114 of the European Parliament and Council on markets in crypto-assets (“MiCAR”) has an 18-month window to become fully enforceable by 30th December 2024. However, MiCAR’s Title III and Title IV on issuing and regulating stablecoins will be applicable from 30th June 2024 according to Article 149 MiCAR. Rules on crypto-asset service providers in Title V of MiCAR…

Banking & Finance

Are you ready for DORA?

The ‘Digital Operational Resilience Act’ or “DORA” (Regulation (EU) 2022/2554) shall be enhancing and improving Information and Communications Technology (‘ICT’) operational risk requirements across various financial sectors. Subsequently, it imposes obligations on a vast array of different financial entities, as well as certain ICT service providers that assist such financial entities. These financial entities include the following: Credit institutions Account information service providers Investment firms Alternative Investment Fund Managers Crypto-asset service providers Payment institutions Central securities depositories Credit rating agencies Data reporting service providers Insurance and reinsurance undertakings Insurance intermediaries Crowdfunding service providers Mamo TCV Advocates can provide assistance by…

Mamo TCV Advocates: Proposed Amendments to the Depositor Guarantee Scheme Directive. Such proposal has been adopted by the European Parliament on 24 April 2024.

Banking & Finance

European Parliament Adopts Amendments to the Depositor Guarantee Scheme Directive

On the 24th of April 2024 the European Parliament (hereunder the ‘EP’) adopted the Proposal for the amendments to the Directive 2014/49/EU as regards the scope of deposit protection, use of deposit guarantee schemes funds, cross-border cooperation and transparency (the Directive hereunder referred to as the ‘DGSD’). The EP adopted the proposal with additional amendments to be assessed in line with the applicable European legislative process and, hence, the text is not final. These amendments are part of the proposed European package amending the framework on banks’ crisis management . One of the concepts considered under the DGSD is that…

Banking & Finance

Payments Insights #3 –
Existing and Upcoming Strong Customer Authentication Requirements for PSPs

Mamo TCV Advocates: The Central Bank of Malta repeals Directive no. 18 on Moratorium on Credit Facilities with immediate effect. Find out more about this update here.

Banking & Finance

CBM Repeals Directive no. 18 on Moratorium on Credit Facilities

Banking & Finance

Digital Operational Resilience Act (DORA)

Does DORA apply to me?

Is your organisation well prepared for DORA?