Get in touch by sending us a message or by contacting us directly.
DORA EU Legislation
Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Digital and Operational Resilience Act’)
Regulatory Technical Standards
Regulatory Technical Standards (RTS) on ICT risk management framework and on simplified ICT risk management framework
RTS to specify the policy on ICT services supporting critical or important functions provided by ICT third-party service providers (TPPs)
Stay updated with our latest insights
European Commission Rejects Draft Regulatory Technical Standards on ICT Subcontracting
The European Commission has communicated its rejection of the draft Regulatory Technical Standards (RTS) on subcontracting ICT services supporting critical or important functions supplementing the Digital Operational Resilience Act (DORA). In its communication, the Commission held that the European Supervisory Authorities (ESAs) exceeded their mandate under Article 30(5) of DORA (which came into effect on 17 January 2025) by introducing requirements not specifically linked to the conditions for subcontracting in Article 5 of the RTS. The Commission has made it clear that Article 5 and the related recital 5 of the draft RTS must be omitted from the draft RTS…
EU AI Act: Banned AI Practices from 2 February 2025
The EU AI Act becomes applicable across the EU, including Malta, on 2 August, 2026 (you may read our general overview here). However, the AI Act’s general provisions and the provisions on prohibited AI practices that present an unacceptable level of risk, will come into force as early as 2 February 2025. With this deadline fast approaching, organisations subject to the AI Act must ensure compliance accordingly. AI Literacy By 2 February 2025, providers and deployers of AI systems, including those based in Malta, must take steps to guarantee an adequate level of AI literacy among their staff and any…
MFSA Issues Two Circulars on ICT Risk
On the 16th of January 2025, the MFSA published a circular on the register of information-reporting-timelines for MFSA-authorised persons. Subsequently, on the 17th of January 2025, the MFSA published another circular outlining several resources uploaded to its website to assist compliance with Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (“DORA”). The circular issued on 16th of January 2025 focuses on the Register of Information required under Article 28(3) of DORA. This register mandates financial entities to document all contractual arrangements with ICT Third-Party Service Providers (“ICT TPPs”), ensuring transparency in…