Overview
The Cypriot Capital Markets Authority has issued a new policy statement—DP-03-2025—detailing the fee structure applicable to financial entities governed by the Digital Operational Resilience Act (DORA). This announcement marks a significant regulatory update aimed at enhancing operational resilience while reducing the sector’s dependency on public funding.
Fee Structure and Adjustments
Under the new framework, the annual supervisory fee is set to range between €2,000 and €20,000 based on the size and scale of each entity. Additionally, a fixed evaluation fee of €20,000 has been established for Threat-Led Penetration Testing (TLPT). These fees have been refined following a public consultation process (ED-01-2025), resulting in notable reductions for very small and small enterprises as well as adjustments in the TLPT fee structure.
Follow THE FUTURE on LinkedIn, Facebook, Instagram, X and Telegram
Compliance and Transitional Payment Process
For the year 2025, financial entities subject to DORA are required to submit a category declaration between October 2 and October 31, providing detailed information on employee numbers, turnover, and balance sheet metrics. Entities must also remit the annual fee by December 31, 2025, with the amount being calculated pro rata for the period from August 15 to December 31.
Enhancing Institutional Independence and Market Integrity
Dr. George Theocharidis, President of the Capital Markets Authority, emphasized that the DORA regulation extends its impact beyond traditional supervision, necessitating a robust funding model to meet increasing regulatory obligations. The adjustment aligns with DORA’s proportionality criteria and supports the Ministry of Finance’s objective to reduce the Authority’s reliance on state funding. This move not only bolsters the independence of the regulatory body but also reinforces market integrity.
