DORA: Key Developments in Q1 2025

The Digital Operational Resilience Act (DORA), along with its regulatory technical standards (RTS) and implementing technical standards (ITS), has been applied since 17 January 2025.

Below is a brief overview of additional publications made so far:

• 22 January: The European Commission confirms that financial services are not “ICT services”

• 31 January: European Commission rejects draft RTS on Subcontracting

• 18 February: European Supervisory Authorities (“ESAs”) publish a roadmap to designate critical ICT third-party service providers

• 28 February: CSSF announces the postponement of notification to financial entities of their obligation to report major incidents on weekends or bank holidays

• 7 March: ESAs Opinion on the Subcontracting RTS

• 19 March: ESAs update FAQs on the Register of Information

• 28 March: ESAs update FAQs on the Register of Information

The MAQIT’s team closely follows all the regulatory developments and provides expert support to its clients.

For further information please contact info@maqit.lu.

MAQIT S.A. is a Luxembourg-based RegTech solution provider and IT management company. It provides IT regulatory and AML/CFT advisory services, helping businesses become compliant, stay compliant, and turn compliance into a competitive advantage.

We stand ready to assist financial entities in preparing for full compliance with DORA.