ARTICLE
16 April 2025

DORA Reporting Deadline Approaching

Ki
KPMG in Cyprus

Contributor

KPMG has been operating in Cyprus since 1948 and currently employs more than 800 professionals working from 6 offices across the island. It is a member of KPMG International Limited, a global organisation of independent professional services firms providing Audit, Tax and Advisory services. KPMG operates in 143 countries and territories and has approximately 273,000 people working in member firms around the world. Clients look to KPMG for a consistent standard of service based on high-order professional capabilities, industry insight, local knowledge and expertise.
On 8 April 2025, the Cyprus Securities and Exchange Commission (CySEC) issued Circular C700 to inform regulated entities of their reporting obligations under the Digital Operational Resilience Act (DORA)
Cyprus Technology

Urgent Alert: CySEC Circular C700

Update: CySEC Circular C700 on Digital Operational Resilience Act – reporting obligations

Background Information

On 8 April 2025, the Cyprus Securities and Exchange Commission (CySEC) issued Circular C700 to inform regulated entities of their reporting obligations under theDigital Operational Resilience Act(DORA). This framework aims to enhance the operational resilience of financial entities (as defined under DORA, article 2) by mandating specific reporting requirements related to Information and Communication Technology (ICT) services and incidents.

The circular outlines two key obligations:

1. Incident Reporting

  • Mandatory reporting of major ICT-related incidents under Article 19(1) of DORA.
  • Voluntary notification for significant cyber threats.

2. Register of Information

  • Annual submission detailing information on contractual arrangements on ICT services.

Financial entities are required to maintain detailed records of their ICT service providers and submit this data through the register of information annually

Submission Deadline

CySEC has set a deadline for the first submission of theRegister of Informationby30 April 2025, referencing data as of31 March 2025.

Key Instructions for Compliance

  • Who Must Comply?
    CySEC's circular outlines regulated entities including Cyprus Investment Firms, Central Securities Depositories, Trading Venues, Crypto-Asset Providers, Alternative Investment Fund Managers, and UCITS Management Companies.

  • Submission Process:
    The register must be submitted via CySEC's XBRL Portal using the prescribed guidance and communicated validation rules provided under DORA.

Entities are urged to ensure timely and accurate submission to avoid penalties and maintain compliance with DORA requirements.

Submit your Register of Information by 30 April 2025 to avoid penalties.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More