DORA reporting deadline approaching

On 8 April 2025, the Cyprus Securities and Exchange Commission (CySEC) issued Circular C700 to inform regulated entities of their reporting obligations under the Digital Operational Resilience Act (DORA). This framework aims to enhance the operational resilience of financial entities (as defined under DORA, article 2) by mandating specific reporting requirements related to Information and Communication Technology (ICT) services and incidents.

The circular outlines two key obligations:

1. Incident Reporting

• Mandatory reporting of major ICT-related incidents under Article 19(1) of DORA.
• Voluntary notification for significant cyber threats.
   

2. Register of Information

• Annual submission detailing information on contractual arrangements on ICT services.

Financial entities are required to maintain detailed records of their ICT service providers and submit this data through the register of information annually

CySEC has set a deadline for the first submission of the Register of Information by 30 April 2025, referencing data as of 31 March 2025.

• Who Must Comply?
  CySEC’s circular outlines regulated entities including Cyprus Investment Firms, Central Securities Depositories, Trading Venues, Crypto-Asset Providers, Alternative Investment Fund Managers, and UCITS Management Companies.
  
  
• Submission Process:
  The register must be submitted via CySEC’s XBRL Portal using the prescribed guidance and communicated validation rules provided under DORA.
  
  

Entities are urged to ensure timely and accurate submission to avoid penalties and maintain compliance with DORA requirements.

Our regulatory advisory team specialises in providing tailored solutions to help investment firms navigate and comply with the latest EU regulatory requirements, including CySEC's 2025 Supervisory Priorities, DORA, and MiCA.

We can assist you in understanding and integrating these new requirements into your internal governance, risk and compliance environment.

Specifically, our support includes:

• Assessing the impact of CySEC's 2025 Supervisory Priorities on your business model, including compliance with DORA and MiCA requirements.
• Providing advisory services on governance, reporting, and operational changes to align with evolving regulatory expectations, including ICT risk management and operational resilience.
• Conducting regulatory gap analyses and assisting with the implementation of necessary compliance measures, such as enhancing governance structures, risk management, and relevant compliance frameworks.
• Supporting regulatory filings, supervisory engagements, and CySEC reviews related to emerging trends, such as AI.

For more information on how we can assist you in meeting these requirements feel free to reach out to our team.