July 2025 Regulatory Roundup

Digital Operational Resilience Act (DORA)

ESMA publishes Principles for supervisory oversight of third-party risk

On 12 June 2025, ESMA published newly developed Principles on third-party risks supervision.

These principles aim at supporting a common and effective EU-wide supervisory culture.  The 14 principles on third-party risks were developed to address the growing risks observed over recent years in the use of outsourcing, delegation or other types of third-party services by supervised firms. The principles provide a common supervisory basis to National Competent Authorities (NCAs) and ESMA, enhancing the robustness of supervisory frameworks and help supervised entities understand and manage third-party risks.

Going forward, ESMA will support the progressive implementation of the principles through supervisory discussions and case studies among NCAs.

EU Delegated Regulation on threat-led penetration testing published in Official Journal

On 18 June 2025, Commission Delegated Regulation (EU) 2025/1190 of 13 February 2025 was published in the Official Journal of the European Union.

The Delegated Regulation supplements the Digital Operational Resilience Act (DORA) with regard to regulatory technical standards (RTS) related to threat-led penetration testing (TLPT). The RTS specify the criteria for identifying financial entities required to carry out TLPT, and establish detailed requirements regarding the scope of testing, the methodologies to be used and the handling and reporting of results. Further, the RTS also sets out the requirements and standards governing the use of internal testers, ensuring their independence and competence, and outlines the framework for supervisory and other forms of cooperation necessary for implementation of TLPT and the mutual recognition testing.

The Delegated Regulation will enter into force on the twentieth day following its publication in the Official Journal of the European Union, which is 8 July 2025.

Anti-money laundering

European Commission adopts Delegated Regulation updating AML/CFT high-risk third country List

On 10 June 2025, the European Commission adopted a Delegated Regulation amending Delegated Regulation (EU) 2016/1675 to update the list of high-risk third countries with strategic deficiencies in their anti-money laundering and countering the financing of terrorism (AML/CFT) regimes, pursuant to Article 9 of the Anti-Money Laundering and Terrorist Financing Directive VI.

The amending Regulation adds Algeria, Angola, Côte d’Ivoire, Kenya, Laos, Lebanon, Monaco, Namibia, Nepal and Venezuela to the list of high-risk third countries which have provided a written high-level political commitment to address the identified deficiencies and have developed an action plan with the FATF.  It removes Barbados, Gibraltar, Jamaica, Panama, the Philippines, Senegal, Uganda and the United Arab Emirates from that list, having demonstrated significant improvements in their AML/CFT frameworks following the implementation of their respective agreed action plans.

The update of the list takes the legal form of a delegated regulation, which will enter into force after scrutiny and non‑objection of the European Parliament and the Council within a period of one month (which can be prolonged for another month).

UCITS and AIFMD

ESMA updates its UCITS Q&As

On 27 June 2025, ESMA updated its UCITS Q&As in relation to Updates of notification letters for the cross-border marketing of UCITS (2575)

ESMA invites feedback on how to simplify funds’ data reporting

On 23 June 2025, ESMA launched a discussion paper to gather feedback and inputs on how to integrate funds reporting, aiming to reduce the burden for market participants.

Funds reporting in the asset management sector is now subject to significant fragmentation due to the coexistence of several reporting regimes at national and European level, resulting in high compliance burdens. 

To identify solutions, the discussion paper outlines options for improving different aspects of reporting, such as the scope of data, reporting processes and systems to ensure more efficient reporting and sharing of data between the authorities. Among the possibilities, there are proposals related to the integration of multiple reporting templates and the centralisation of reporting processes and infrastructures.

This paper adds to ESMA’s simplification and burden reduction initiative, launched earlier this year, and it is directly contributing to the debate on how to simplify, harmonise and eliminate barriers to produce an effective burden reduction in the financial sector, while preserving the main objectives of financial stability, orderly markets and investor protection.

ESMA’s actions mark a shift from technical sectorial amendments to an integrated approach in funds supervisory reporting, similar to the comprehensive approach to financial transaction reporting. The idea is to take a step back and review reporting in a more comprehensive manner rather than focusing on the incremental sectorial changes.

ESMA welcomes input to support the assessment of the costs and benefits of the approaches presented in the discussion paper until 21 September 2025. This assessment will be performed following the consultation period, in cooperation with the relevant authorities and the conclusions and recommendations will be published in the final report, expected in April 2026.

ESMA provides advice on eligible assets for UCITS

On 26 June 2025, ESMA published its Technical Advice to the European Commission on the review of the UCITS Eligible Assets Directive (EAD).

The EAD is an implementing directive providing clarification on the assets a UCITS can invest in. In the Technical Advice ESMA provides a comprehensive assessment of the EAD’s implementation across Members States and makes proposals to ensure regulatory clarity and uniformity across jurisdictions. 

A central element of Technical Advice is the application of a look-through approach as a fundamental criterion for determining the eligibility of asset classes for at least 90% of the UCITS portfolio. Allowing a certain degree of flexibility, the advice proposes to permit indirect exposures to alternative assets up to 10% (subject to regulatory safeguards e.g. on liquidity and valuation) with a view to improving risk diversification and generating returns from uncorrelated asset classes.

Also, in the spirit of the EU’s ambitions to create a Savings and Investment Union, ESMA sets out high level considerations for improving retail investor access to EU AIFs, through harmonising currently divergent national rules on cross-border marketing and the potential creation of a retail AIF product. 

Technical Advice proposes clarifications of various key concepts and definitions included in the UCITS EAD and the UCITS Directive concerning the criteria for the UCITS eligibility of asset classes. Finally, it also includes considerations and proposals on the alignment with other EU pieces of legislation.  

ESMA expects the European Commission to take this Technical Advice into account as it reviews the UCITS EAD.

Omnibus package

Council agrees position on sustainability reporting and due diligence requirements to boost EU competitiveness

On 25 June 2025, Member States’ representatives announced they had agreed the Council’s negotiating mandate on the Omnibus package simplifying sustainability reporting and due diligence requirements the Corporate Sustainability Reporting Directive (CSRD) and the Corporate Sustainability Due Diligence Directive (CS3D).

This proposal aims at simplifying the directives by reducing the reporting burden and limiting the trickle-down effect of obligations on smaller companies.  The EU has already published Directive (EU) 2025/794 which implemented the “stop-the-clock” proposal, postponing the application date of aspects of CSRD and CS3D.

Key changes to the CSRD proposals in the Council’s mandate are:

• introduction of a net turnover threshold of over USD 450 million (in addition to the 1,000-employee threshold) for mandatory reporting under CSRD, to ensure the reporting burden is limited to the largest companies; and
• adjustments to the CSRD review clause, taking account of the proposed change to CSRD’s scope and ensuring sufficient availability of corporate sustainability information.

Key changes to the CS3D proposals in Council’s mandate include:

• increasing the threshold for in-scope companies from 1000 to 5000 employees and USD 1.5 billion in net turnover;
• changing the focus of CS3D due diligence requirements from an entity- to a risk-based approach; and
• limiting the obligation for companies to adopt transition plans for climate change mitigation and postponing the obligation to adopt transition plan by two years.

The Council of the EU will now enter negotiations with the European Parliament once the latter has adopted its own negotiating position. The proposed changes will take effect following agreement by the co-legislators and publication in the Official Journal of the European Union.

European Sustainability Reporting Standards supervision

ESMA publishes statement on ESRS supervision in the omnibus environment

On 20 June 2025, the European Securities and Markets Authority (ESMA) issued a public statement on its intended approach to supervision of the European Sustainability Reporting Standards (ESRS), confirming its commitment to transparent sustainability reporting while acknowledging the need for proportionality.

During the first few years of ESRS application, the Guidelines for Enforcement of Sustainability Information (GLESI) will need to be applied proportionately and realistically. National regulators can also help by conducting informal dialogues with issuers on areas for improvement in their reporting and by bearing in mind that uncertain regulatory context in which issuers are operating. National regulators will also continue to promote a harmonised supervisory approach under ESMA’s coordination.

Sustainable Finance

ESMA finds improvements needed in supervision of sustainability risks and disclosures

On 30 June 2025, ESMA published its report on the Common Supervisory Action (CSA) carried out in 2023 and 2024 with National Competent Authorities (NCAs) on the integration of sustainability risks and disclosures in the investment management sector.

The level of compliance with the framework on the integration of sustainability risks and disclosures is overall satisfactory. Still, ESMA has found that improvements are needed in the integration of sustainability risks, entity level SFDR disclosures and product level SFDR disclosures.  

In the course of 2023 and 2024, NCAs regularly shared their knowledge and experience to promote supervisory convergence on how they supervise the integration of sustainability risks and disclosures. The aim of the CSA was to assess, foster and enforce the compliance of supervised entities with the purpose of assessing the compliance of supervised asset managers with the relevant provisions in the SFDR, the Taxonomy Regulation and relevant implementing measures, including the relevant provision in the UCITS and AIFMD implementing acts on the integration of sustainability risks.

This CSA has helped NCAs to identify several breaches that were addressed by the supervised entities.

Building on the findings of the CSA exercise, ESMA will facilitate discussions among NCAs on the topic of sustainability risks and disclosures. Going forward, ESMA encourages NCAs to continue proactive engagement with market participants and follow up with cases where they detect vulnerabilities. 

ESAs launch consultation on how to integrate ESG risks in the financial stress tests for banks and insurers

On 27 June 2025, the European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) launched a public consultation on their draft Joint Guidelines on ESG stress testing, as mandated by the Capital Requirements Directive and the Solvency II Directive. The draft Guidelines set out how competent authorities for the banking and insurance sectors should integrate environmental, social and governance (ESG) risks when performing supervisory stress tests. They aim to harmonise methodologies and practices among supervisors in banking and insurance, to ensure proportionality and to enhance the effectiveness and efficiency of ESG stress testing. The consultation runs until 19 September 2025.

The draft Guidelines, put forward by the Joint Committee of the ESAs, establish a common framework for developing ESG-related stress testing methodologies and standards across the EU’s financial system. They provide comprehensive guidance on the design and features of stress tests with ESG elements, as well as the organisational and governance arrangements such stress tests would need to have. These include sufficient human resources with relevant expertise, data collection and management systems that support access to high-quality ESG data and appropriate timelines for scenario analysis.

Aiming to foster a consistent and long-term approach to ESG stress testing, the draft Guidelines are designed to accommodate future methodological advancements and improvements in data availability. 

The ESAs invite stakeholders to provide their feedback on the consultation paper by responding to the questions via an online survey no later than 19 September 2025. All responses will be published on the ESAs’ respective websites unless otherwise requested.

The ESAs will hold an online public hearing on the draft Guidelines on 26 August 2025, from 10:00 to 12:00 CEST. Further details, including dial-in credentials, will be provided closer to the date of the event.

ESMA promotes clarity in sustainability-related communications

On 1 July 2025, ESMA published a thematic note on sustainability-related claims used in non-regulatory communications.

This publication outlines four guiding principles on making sustainability claims, aligned with previous publications from the European Insurance and Occupational Pensions Authority (EIOPA) and the European Banking Authority (EBA), and offers practical do’s and don’ts, illustrated through concrete examples of good and poor practices, based on observed market practices. 

The thematic note focuses on sustainability credentials such as labels or awards, as these references are among the most used claims in retail-investor focused communications. It does not introduce new regulatory or reporting requirements, but aims to support market participants making clear, fair and not misleading sustainability claims.

ESMA’s activities in 2024

On 16 June 2025, ESMA published its Annual Report for 2024.

The activities conducted and results achieved in 2024 support ESMA’s strategic priorities and thematic drivers – to foster stable and effective markets, strengthen supervision, and enhance retail investor protection while enabling sustainable finance and facilitating technological innovation and the use of data.

A major milestone for ESMA was the publication of the position paper introducing 20 recommendations for strengthening the effectiveness of the EU capital markets and addressing the needs of European citizens and businesses.

Through putting into practice the spirit of its recommendations, ESMA made significant progress or finalised measures across its remit:

• Finalised the Report on shortening the settlement cycle to T+1, a significant step forward in improving markets efficiency and competitiveness and launched the implementation work;
• Finalised the Rules and guidance for the selection of consolidated tape providers (CTPs);
• Finalised the policy work under the regulatory regime for crypto-assets, dedicated significant efforts to promote consistency in the application of the new rules and put in place an integrated monitoring of the crypto-asset markets;
• Made significant progress in the development of the European Single Access Point (ESAP), which will become operational in 2026 and bring simplification and benefits to investors and the industry;
• Implemented steps to optimise the use of financial market data across the EU, while at the same time introducing the changes in the transparency framework under the MIFIR review that will contribute to a significant reduction in the reporting burden for market participants;
• Enhanced investor protection by running common supervisory actions and a mystery shopping exercise on marketing communications which allowed ESMA to identify and publicise key risks;
• Improved the information available to investors by issuing guidelines on the use of ESG and sustainability-related terms in fund names to reduce the risk of greenwashing; and
• Strengthened ESMA’s role as a data hub by upgrading data collection and analysis, advancing AI-powered tools and improving data accessibility, and migrating all ESMA’s datasets and analytical tools to its new ‘big data’ platform.

ESMA significantly advanced its supervisory effectiveness in 2024, scaling up risk-based and data-driven supervision across its mandates. Key actions included the execution of EU-wide stress tests with over 30 central counterparties (CCPs), the enhancement of third-country CCP oversight, enforcement measures such as the sanctioning of a credit rating agency for conflicts of interest, and the roll-out of transversal guidelines to harmonise supervisory practices. ESMA also published the first consolidated report on sanctions and measures imposed by the NCAs and launched supervisory colleges for complex cross-border entities. These efforts reflect ESMA’s commitment to effective supervision, now also tracked through a dedicated Key Outcome Indicator measuring the proportion of elevated supervisory risks addressed through direct supervision and convergence actions.

Finally, ESMA focused on preparations for new supervisory mandates notably in relation to its upcoming supervisory role over EU green bond verifiers and ESG rating providers, as well as ensuring a sound process for the selection and authorisation of the future CTPs.

ESMA’s activities in 2024

ESMA puts forward a Q&A on the shared order book model under MiCA

On 20 June 2025, ESMA published a new Q&A 2579 on the non-compliance of the shared order book model with the Markets in Crypto-Assets Regulation (MiCA).

The Q&A addresses the model where two or more crypto-asset platforms merge their individual order books into a single, unified order book from which orders are matched. This is known as the shared order book model. ESMA clarifies that where such a model involves non-EU trading platforms, it breaches the authorisation requirements under MiCA. 

ESMA issued this Q&A to inform applicants who are requesting authorisations under MiCA.

Circular C709: ESMA Survey on the level of Artificial Intelligence (AI) adoption by financial institutions in the Securities Sector

On 03 June 2025, CySEC issued Circular C709 (‘the Circular’) to inform regulated entities that ESMA has launched a voluntary survey (the ‘Survey’) to assess the level of Artificial Intelligence (AI) adoption by financial institutions in the securities sector.

The Survey, developed by ESMA, is being distributed by national competent authorities, including CySEC, to their Regulated Entities, as well as to entities directly supervised by ESMA. Its purpose is to understand how entities are using AI, including their strategies and policies, levels of investment, and specific use cases (e.g. technologies used, materiality, security, and explainability).

Participation is voluntary, but CySEC encourages all Regulated Entities to take part, regardless of the maturity of their AI use cases. The Survey is available for completion and submission via the following link: https://ec.europa.eu/eusurvey/runner/AI_survey_EU. Guidance for completing the Survey is available at the same link. The deadline for submission is 29 August 2025.

Circular C710: Annual Report of the Unit for Combating Money Laundering (MOKAS) for 2024

On 06 June 2025, CySEC issued Circular C710 (‘the Circular’) to inform regulated entities that MOKAS has published its Annual Report for 2024 (the ‘Annual Report’, ‘Report’) (available in Greek).

The Report provides an overview and analysis of key report types submitted by obliged entities and Financial Intelligence Units, including Suspicious Activity Reports (SARs), Suspicious Transaction Reports (STRs), Additional Information Files (AIF-S or AIF-T), Cross-border Reports, and Cross-border Disseminations.

It also covers key areas such as the development of the Private Public Partnership model, enhanced cross-border cooperation under the Egmont Group framework, actions related to the freezing and confiscation of assets, and the publication of MONEYVAL’s new evaluation report in May 2024.

CySEC encourages Regulated Entities to review the Report and utilise the insights provided.

Circular C711: CoE and DG REFORM training event titled ‘Trade-Based Sanction Evasion Tactics – Review of Red Flags, tactics and typologies of illicit actors used to move assets and funds through trade activity linked to Russia’

On  12 June 2025, CySEC issued Circular C711 (the ‘Circular’) to inform all regulated entities about an upcoming training event organised by the Council of Europe and the European Commission’s DG REFORM.

CySEC considers it beneficial for Regulated Entities to attend this Training Event, therefore calls the Regulated Entities who are interested to proceed with registration.

CySEC Consultation Paper CP (2025-02) on amending the alternative Investment Funds Law regarding AIFs in the form of limited partnership without legal personality – Partnerships

On 12 June 2025, CySEC published a consultation paper proposing amendments to the Alternative Investment Funds Law of 2018 (L. 124(I)/2018), specifically regarding AIFs structured as limited partnerships without separate legal personality.

The proposed amendments aim to remove the current requirement for the external manager of an AIF, AIFLNP, or RAIF in this legal form to also act as the general partner. Under the new framework, the external manager—still required to be one of the entities listed in Article 6(2)(b) of the Law—would be appointed by the general partner and would no longer be required to assume that role themselves.

CySEC also proposes clarifying legislative language applicable to limited partnerships to ensure more effective implementation. The initiative seeks to remove disincentives currently discouraging use of this legal form, such as the general partner’s unlimited liability and licensing requirements under CySEC, which raise both costs and legal exposure for external managers.

To date, limited uptake of the limited partnership structure has indicated a lack of interest, which CySEC attributes partly to these constraints. The proposed changes are expected to align with third-party management principles, maintain regulatory oversight, and reduce burdens without compromising investor protection.

Interested parties may submit their views to the Policy Department of CySEC at policy@cysec.gov.cy.

Directive DI73-2009-06: Operation of Market Infrastructure Using Distributed Ledger Technology (DLT) of 2005

On 17 June 2025, CySEC issued Directive DI73-2009-06 to implement Regulation (EU) 2022/858 (‘Regulation’), introducing a national framework for DLT-based market infrastructures under the EU pilot regime. The Directive outlines the procedure for applying for a special operating licence for:

• Multilateral Trading Facility DLT (MTF DLT),
• Settlement System DLT (SS DLT),
• Trading and Settlement System DLT (TSS DLT).

It also sets out the requirements for accompanying documentation, accepted languages (Greek or English), and CySEC’s right to request further information.

The Directive includes provisions on notifications under Article 11 of the Regulation, the applicable application and annual fees, and CySEC’s ability to recover unpaid amounts through legal action. Documents may be submitted in hard copy or electronically. The Directive entered into force upon its publication in the Official Gazette of the Republic.

Law 101(I)/2025: Law on the Establishment and Operation of Cyprus Management Companies for Collective Investment Schemes and Related Matters

On 18 June 2025, Law 101(I)/2025 (‘Law’) was published in the Official Gazette, which is an amendment to Law 78(I)/2012 (The Open-Ended Undertakings for Collective Investment Law of 2012).

Law 101(I)/2025 introduces key amendments to the existing framework governing Open-Ended Undertakings for Collective Investment (UCIs) in Cyprus. The Law aims to enhance the regulatory framework for Management Companies (ManCos) managing UCIs, aligning national rules with recent EU developments and strengthening investor protection, governance, and supervisory oversight.

Affected entities are encouraged to review the amending law and assess any implications for their operations.

Circular C712: ESMA Guidelines on standard forms, formats and templates to apply for permission to operate a DLT market infrastructure

On 18 June 2025, CySEC issued Circular C712 (‘the Circular’) to inform applicants seeking specific permissions to operate Distributed Ledger Technology (DLT) Market Infrastructures, as defined under Article 2(5) of Regulation (EU) 2022/858 (“DLTPR Regulation”), that it has adopted the ESMA Guidelines on standard forms, formats, and templates for such applications.

The Guidelines were issued by ESMA on 8 March 2023 and apply from 23 March 2023. CySEC expects all prospective applicants to align their submissions with these standardised templates going forward.

Circular C713: ESMA Guidelines on Transfer Services, Reverse Solicitation, and Portfolio Management under MiCA

On 20 June 2025, CySEC issued Circular C713 (‘the Circular’) to inform Crypto-Asset Service Providers (CASPs) of the adoption of three sets of ESMA Guidelines under the Markets in Crypto-Assets Regulation (MiCA, Regulation (EU) 2023/1114).

Firstly, CySEC adopted the Guidelines on transfer services, issued by ESMA on 26 February 2025, concerning the procedures and policies, including client rights, applicable when CASPs provide crypto-asset transfer services under Article 82 of MiCA. These Guidelines aim to ensure consistent and effective supervisory practices and investor protection standards across the EU.

Secondly, CySEC adopted the Guidelines on reverse solicitation, issued by ESMA on 17 December 2024. While directed at national competent authorities, CASPs are advised to review these Guidelines carefully, particularly paragraphs 16 and 22 and the accompanying examples. These outline when a third-country firm is likely to be considered as soliciting clients in the EU, thereby triggering MiCA obligations.

Lastly, CASPs offering advice or portfolio management services on crypto-assets should take note of the Guidelines on portfolio management activities, issued on 26 March 2025. These Guidelines clarify the suitability requirements and the format of the periodic statement under Articles 81(1), (7), (8), (10), (11), (12), and (14) of MiCA.

The Guidelines on transfer services, on reverse solicitation and on portfolio management activities, apply 60 calendar days from the date of their publication on ESMA’s website in all official EU languages.

Circular C714: ESAs Guidelines on templates for explanations and opinions, and the standardised test for crypto-assets, under Article 97(1) of Regulation (EU) 2023/1114

On 20 June 2025, CySEC issued Circular C714 (‘the Circular’) to inform relevant stakeholders that it has adopted the ESAs Guidelines on templates for explanations and opinions, and the standardised test for the classification of crypto-assets under Regulation (EU) 2023/1114 1 (“MiCA Regulation”), which were issued on December 10, 2024.

The Guidelines are issued pursuant to Article 16 of Regulation (EU) No 1093/20102 , Regulation (EU) 1094/20103, and Regulation (EU) No 1095/20104; and establish the content and form of the explanation referred to in Article 8(4) of MiCA Regulation, as well as the content and form of the legal opinions referred to in Article 17(1)(b)(ii) and 18(2)(e). Furthermore, the Guidelines establish a common approach to determine the classification of a crypto-asset on a case-by-case basis taking into account all the attributes of the token in question through the provided flow chart.

The Guidelines apply from 12 May 2025.

Circular C715: ESMA Guidelines on the conditions and criteria for the qualification of crypto-assets as financial instruments

On 20 June 2025, CySEC issued Circular C715 (‘the Circular’) to inform offerors of crypto-assets (excluding ARTs and EMTs), issuers of asset-referenced tokens, and crypto-asset service providers that it has adopted the ESMA Guidelines on the conditions and criteria for determining whether a crypto-asset qualifies as a financial instrument. These Guidelines were issued on 19 March 2025.

The Guidelines apply in relation to Article 2(5) of MiCA Regulation; and specify conditions and criteria for determining whether a crypto-asset should qualify as a financial instrument and therefore ensuring the common, uniform and consistent application of the provisions in Article 2(4)(a) of MiCA Regulation. Furthermore, these guidelines provide clarifications on certain features of utility tokens, NFTs and hybrid tokens and contain examples for illustrative purposes.

The Guidelines apply 60 calendar days from the date of their publication on ESMA’s website in all official EU languages.

Circular C716: ESMA Guidelines on the specification of Union standards for the maintenance of systems and security access protocols for offerors and persons seeking admission to trading of crypto-assets other than asset referenced tokens and e-money token

On 20 June 2025, CySEC issued Circular C716 (‘the Circular’) to inform offerors as defined in Article 3(1)(13) of Regulation (EU) 2023/11141 (“MiCA Regulation”) and persons seeking admission to trading of crypto-assets other than asset-referenced tokens or e-money tokens; that it has adopted the ESMA Guidelines on the specification of Union standards for the maintenance of systems and security access protocols for offerors and persons seeking admission to trading of crypto-assets other than asset referenced tokens and e-money token; which were issued on February 26, 2025.

The Guidelines apply in relation to Article 14(1)(d) of MiCA Regulation. Their purpose is to specify the appropriate Union standards for offerors and persons seeking admission to trading as regards the maintenance of systems and security access protocols, including policies and procedures, while aiming to promote greater convergence in the interpretation and application of the MiCA Regulation provisions applicable to those persons.

The Guidelines apply 60 calendar days from the date of their publication on ESMA’s website in all official EU languages.

Law 9(I)/2025: Amending Law on AIF Managers Implements DORA Requirements

On 24 June 2025, Law No. 9(I)/2025 was enacted amending the Law on Alternative Investment Fund Managers (AIFMs) (L. 56(I)/2013 to 157(I)/2021). This amendment aligns the national framework with Article 3 of Directive (EU) 2022/2556, which amends several EU financial directives to integrate the Digital Operational Resilience Act (DORA).

Specifically, the amending law introduces a definition for Regulation (EU) 2022/2554 (DORA) and revises Article 18 of the principal law to explicitly require AIFMs to establish sound administrative and accounting procedures, and control and security arrangements for electronic data processing. These arrangements must include the management of network and information systems in accordance with DORA.

The amendment enhances the digital operational resilience obligations of AIFMs in line with EU standards.