The Cyprus Securities and Exchange Commission (CySEC) has published a Policy Statement outlining the fees payable by financial entities falling within the scope of Regulation (EU) 2022/2554 on Digital Operational Resilience for the financial sector (DORA Regulation).
The annual supervision fee ranges between €2,000 and €20,000 depending on the size of each entity and the assessment fee for Threat-Based Penetration Testing was set at €20,000. The fees were calculated by CySEC, taking into consideration comments submitted by stakeholders in the Public Consultation Document CP-01-2025 as published in early 2025. The most significant changes concern the reduction of annual fees for micro and small enterprises, as well as the reduction of the assessment fee for Threat Led Penetration Tests.
Specifically, financial entities subject to the DORA Regulation and under CySEC supervision in 2025 should inform CySEC of the category of undertaking they fall under (2–31 October 2025), in accordance with the First Annex of Directive 73-2009-07, based on their latest audited financial statements. These must include the number of employed persons, the annual turnover and the annual balance sheet.
Financial entities must pay the annual fee for the period from 15 August 2025 to 31 December 2025, calculated on a pro-rata basis according to the fees set out in the First Annex of Directive 73-2009-07. The payment deadline is 31 December 2025.
George Theocharides, CySEC Chairman said that “the DORA Regulation impacts National Competent Authorities, including CySEC, in ways not only confined to supervision. To meet these growing obligations adequate funding is essential. The fees are aligned with DORA’s proportionality criteria as well as the Ministry of Finance’s objective for CySEC to reduce reliance on public funding. This will enhance CySEC’s independence and ensure it can continue to safeguard market integrity effectively.”
(Source: CNA)
