Read the CySEC Circular C751

Memo #3-2026
CySEC Circular No: C751
Date: 19/01/2026
Subject: Digital Operational Resilience Act – Reporting, Governance and Portal related obligations
Purpose: To provide guidance to Regulated Entities in relation to certain obligations arising under the Digital Operational Resilience Act – ‘DORA’.

In Summary:

CySEC has issued the Circular C751 on 19/01/2026 to provide guidance to Cyprus Investment Firms (‘CIFs’), Central Securities Depositories, Trading Venues, Crypto-Asset Providers (CASPs), Alternative Investment Fund Managers (‘AIFMs’) and UCITS Management Companies (‘UCITS’), in relation to certain obligations arising under Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (the Digital Operational Resilience Act – ‘DORA’).

The Circular C751 refers to: 

A) Major ICT-Related Incident Reporting, 
B) Register of Information - Submission format
C) ICT risk management framework
D) Information in CySEC Portal

In accordance with Circular C751, CySEC has observed deficiencies in the classification and reporting of ICT-related incidents by Regulated Entities. In particular, incidents that should be classified and reported as major ICT-related incidents have not been reported, while in other cases incidents that were reported were incorrectly classified as major.

Regulated Entities are reminded of the requirements set out in Article 6 of DORA concerning the ICT risk management framework, including the obligation to establish, implement and maintain a well-documented framework that enables effective and continuous management of ICT risks.
 
It is also noted that Regulated Εntities, other than microenterprises, are required to designate in the CySEC Portal the ICT auditor responsible for the internal audit of the ICT risk management framework, as per Article 6(6) of DORA, as well as to designate in the CySEC Portal under the Personnel section, the person responsible for the control function entrusted with the management and oversight of ICT risk, as per Article 6(4) of DORA.

The Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (the Digital Operational Resilience Act – ‘DORA’) can be found on the following link:


Read the CySEC Circular C751

Read more news at Regulatory News

Our Location

7, Alkaios street, Alkaios Court, Flat 103
3090 Limassol, CYPRUS


P.O. Box 59565
4010 Limassol, CYPRUS

Follow Us

External Links

Menu

Copyright © 2019 GP Global Ltd| Developed and Hosted by
{* *}