Financial Services category powered by
CySEC seeks views on the introduction of ICT oversight fees for entities covered by DORA
Press Release 15:09 - 31 January 2025
The Cyprus Securities and Exchange Commission (CySEC) has published a consultation paper setting out plans for financial entities regulated under DORA to pay an annual ICT oversight fee and undertake enhanced cyber security tests (available here).
Certain entities within the scope of the EU Digital Operational Resilience Act (DORA) will be required to perform a Thread Lead Penetration Test or TLPT, testing their resilience against ever-evolving cyber threats. The proposals include the payment of an annual ICT oversight fee and a fee for the TLPT assessment. The deadline for responses to the consultation paper is 7 March 2025.
The proposal impacts Cyprus investment firms, crypto-asset service providers, central securities depositories, AIF managers, management companies, crowdfunding services providers and others authorised by CySEC that fall under the DORA Regulation.
Depending on the entities’ categorisation under the DORA Regulation, annual ICT oversight fees range from €3,000 for microenterprises to €20,000 for large financial entities authorised by CySEC. In addition, entities subject to a TLPT requirement will be required to pay €50,000 for the assessment of their TLPT test under the proposals.
Financial entities will be required to submit a self-categorisation in September each year, based on their most recent financial statement. The first ICT oversight fee would be paid in 2025.
CySEC’s Chairman, Dr George Theocharides said "DORA is much more than just a compliance requirement; it’s a pathway to financial market resilience. By implementing DORA’s cybersecurity protocols, resilience testing, incident reporting, and third-party risk management, financial institutions can build a culture of proactive risk management. Ultimately, DORA will strengthen the entire financial ecosystem and protect financial entities and their clients against ever-evolving cyber threats."
Market participants and investors are invited to return their responses to the proposed changes in CySEC’s policy by email to policy@cysec.gov.cy
News Feed
3 hours, 8 minutes ago Economy
EU report reveals Cyprus has highest share of online clothes shoppers and social media users17 hours, 47 minutes ago Companies
TITAN among Europe’s Climate Leaders by Financial Times for second year running19 hours, 8 minutes ago Technology
Chief Scientist promotes Cyprus as innovation and investment hub in Asia19 hours, 24 minutes ago Companies
Marios Loucaides: Significant acceleration in mergers and acquisitions is anticipated19 hours, 57 minutes ago Real Estate
Prodea Investments now owns almost 100% of MHV after €92.3m 20% acquisition from Flowpulse20 hours, 28 minutes ago Companies
PASYLE's clear message about DRS: "The cost should not be transferred to supermarkets and consumers"21 hours, 56 minutes ago Companies
Baker Tilly South East Europe hosting Baker Tilly 2025 Europe Conference in Athens