ARTICLE
26 February 2025

CySEC Proposes ICT Oversight Fees For Financial Entities Under DORA

H
Harneys

Contributor

Harneys is a full-service offshore law firm offering expert legal advice on the laws of jurisdictions including the British Virgin Islands, Cayman Islands, Luxembourg, and more. Established in 1960, the firm has grown to 11 global locations with over 180 lawyers, serving top law firms, financial institutions, investment funds, and high-net-worth individuals. Harneys provides comprehensive legal support across transactional, contentious, and private client matters, often in collaboration with Harneys Fiduciary, which delivers corporate and wealth management services. Known for its role in shaping offshore jurisprudence, the firm also advises on legislative developments and excels in handling complex cross-border transactions and disputes.

On 31 January 2025, the Cyprus Securities and Exchange Commission (CySEC) launched a consultation on proposed annual information...
Cyprus Finance and Banking

On 31 January 2025, the Cyprus Securities and Exchange Commission (CySEC) launched a consultation on proposed annual information and communication technology (ICT) oversight fees for financial entities under the EU Digital Operational Resilience Act (DORA). DORA aims to enhance cybersecurity and resilience in the financial sector.

CySEC proposes that entities affected, including but not limited to investment firms, crypto-asset service providers, central securities depositories, alternative investment fund managers, management companies, and crowdfunding platforms, will be required to pay annual ICT fees ranging from €3,000 to €20,000, depending on their categorisation under DORA.

Additionally, CySEC's proposed fee for firms subject to a Threat Lead Penetration Test (TLPT) is €50,000 per TLPT assessment.

Financial institutions will also need to submit a self-categorisation annually between 1 and 15 September based on their latest financial statements and pay the respective fee by 30 November. The first ICT oversight fee will be paid in 2025.

CySEC Chairman Dr Theocharides emphasised that DORA is more than a compliance requirement, highlighting its role in strengthening financial market resilience and cybersecurity preparedness.

Market participants can submit their feedback by 7 March 2025 via email at policy@cysec.gov.cy.

CySEC's press release can be found here and the consultation paper here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More