Read the CySEC Circular C701
Memo #27-2025
CySEC Circular No: C701
Date: 10/04/2025
Subject: Updated Electronic Cross-Border Form, Freedom to Provide Investment Services and Activities (‘Cross Border Activity’)
Purpose: To bring to the attention of the CIFs that the EBA published the amendment of the EBA Guidelines on ICT and security risk management (EBA/GL/2025/02).
In Summary:
CySEC has issued the Circular C701 on 09/04/2025 to bring to the attention of the Cyprus Investment Firms (the “CIFs”) that the EBA published on 11/02/2025, the amendment of the EBA Guidelines on ICT and security risk management (EBA/GL/2025/02).
CySEC informs that to avoid duplication of requirements and to provide legal clarity to the market, the EBA has amended its Guidelines on ICT and security risk management (EBA/GL/2019/04) and narrowed down the scope of EBA/GL/2019/04 due to the application of the harmonized ICT risk management requirements under the Digital Operational Resilience Act (DORA) from 17/01/2025.
It is noted that According to the amendment of the EBA Guidelines on ICT and security risk management (EBA/GL/2025/02) the scope of application of EBA/GL/2019/04, as set out in its paragraphs 7 and 8, is deleted and therefore EBA/GL/2019/04 no longer applies to Investment Firms.
Although the amendment of the EBA Guidelines on ICT and Security Risk Management (EBA/GL/2025/02) has not yet been translated into the official EU languages and published on the EBA website, it is noted that CIFs are not required to follow the guidelines EBA/GL/2019/04.
Given these developments, CySEC’s Circulars C571 and C609 are hereby withdrawn.
The EBA Guidelines EBA/GL/2025/02 can be found on the following link:
Read the CySEC Circular C701
Read more news at Regulatory News
