Get in touch by sending us a message or by contacting us directly.
MFSA Guidance
Update on the Guidance on Technology Arrangements, ICT and Security Risk Management, and Outsourcing Arrangements
Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector – Legal Entity Identifier (‘LEI’) for Register of Information Reporting
Necessary Legal Measures Published for the Purposes of the National Implementation of Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector
Commission Delegated Regulations under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector Published in the EU Official Journal (Update 1)
Second Set of Technical Standards under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector Submitted to the European Commission
Information Sharing Arrangements under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector
ESAs Joint Committee Public Consultation on the Harmonisation of Conditions Enabling the Conduct of the Oversight Activities under Article 41(1) Point (c) of Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector
Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector: ‘Dry-Run’ 2024 ad hoc Exercise on the Data Collection of Registers of Information
MFSA Minimum Expectations in Relation to Financial Entities’ Preparedness to Regulation (EU) 2022/2554 on Digital Operational Resilience
Feedback Statement to Queries Raised by Consulted Stakeholders on Regulation (EU) 2022/2554 on Digital Operational Resilience (the ‘DORA Regulation’)
First Set of Technical Standards under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector Submitted to the European Commission
Consultation Document on the National Implementation of Regulation (EU) 2022/2554 and Transposition of Directive (EU) 2022/2556 on Digital Operational Resilience for the Financial Sector
European Commission Public Consultation on Two Delegated Acts under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector
Regulation (EU) 2022/2554 and Amending Directive (EU) 2022/2556 on Digital Operational Resilience for the Financial Sector published on the EU Official Journal
Stay updated with our latest insights
European Commission Rejects Draft Regulatory Technical Standards on ICT Subcontracting
The European Commission has communicated its rejection of the draft Regulatory Technical Standards (RTS) on subcontracting ICT services supporting critical or important functions supplementing the Digital Operational Resilience Act (DORA). In its communication, the Commission held that the European Supervisory Authorities (ESAs) exceeded their mandate under Article 30(5) of DORA (which came into effect on 17 January 2025) by introducing requirements not specifically linked to the conditions for subcontracting in Article 5 of the RTS. The Commission has made it clear that Article 5 and the related recital 5 of the draft RTS must be omitted from the draft RTS…
EU AI Act: Banned AI Practices from 2 February 2025
The EU AI Act becomes applicable across the EU, including Malta, on 2 August, 2026 (you may read our general overview here). However, the AI Act’s general provisions and the provisions on prohibited AI practices that present an unacceptable level of risk, will come into force as early as 2 February 2025. With this deadline fast approaching, organisations subject to the AI Act must ensure compliance accordingly. AI Literacy By 2 February 2025, providers and deployers of AI systems, including those based in Malta, must take steps to guarantee an adequate level of AI literacy among their staff and any…
MFSA Issues Two Circulars on ICT Risk
On the 16th of January 2025, the MFSA published a circular on the register of information-reporting-timelines for MFSA-authorised persons. Subsequently, on the 17th of January 2025, the MFSA published another circular outlining several resources uploaded to its website to assist compliance with Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (“DORA”). The circular issued on 16th of January 2025 focuses on the Register of Information required under Article 28(3) of DORA. This register mandates financial entities to document all contractual arrangements with ICT Third-Party Service Providers (“ICT TPPs”), ensuring transparency in…