The Malta Financial Services Authority (MFSA) has launched a public consultation on the national implementation of the EU’s Digital Operational Resilience ACT (DORA), ahead of it becoming fully applicable by 17 January 2025, following a two-year implementation period which started in January 2023. The consultation exercise also covers the transposition of the EU Directive which aligns several directives within the financial services sector to the requirements of the DORA Regulation.

The DORA regulation forms part of the EU’s Digital Finance Package, which aims to develop a harmonised European approach to digital finance, fostering technological development while ensuring financial stability and consumer protection. The DORA Regulation is setting requirements for the security of network and information systems which are used to support business processes within financial entities. More specifically, this new Regulation introduces certain provisions for financial entities in the areas of ICT risk management, ICT-related incident management, classification and reporting, as well as digital operational resilience testing. Other provisions include voluntary information-sharing arrangements, and the management of ICT third-party risk, such as through the newly set up Oversight Framework of critical ICT-third party providers.

Alan Decelis, MFSA’s Head of Supervisory ICT Risk and Cybersecurity said,“ In an effort to raise the level of preparedness around DORA, the Authority has been actively engaging with the local financial services industry through several outreach initiatives in the past year, including a series of podcasts and the publication of circulars. This consultation is yet another touchpoint which will facilitate the sharing of feedback by all entities concerned, ensuring the successful implementation of the DORA Regulation on a national level.”

The MFSA encourages financial entities and other stakeholders to send in their views on the proposed legal measures required for the implementation of the DORA Regulation, as well as the transposition of the DORA Amending Directive by not later than 16 February 2024. The Consultation Document, relevant documentation and instructions for submission of feedback can be found on the MFSA’s website.