CySEC aligns with ESMA on cloud outsourcing for non-DORA entities
11 May 2026
|
On 13 March 2026, the Cyprus Securities and Exchange Commission (CySEC) issued Circular 759, to inform relevant entities about the adoption of the European Securities and Markets Authority’s guidelines on outsourcing to cloud service providers (the ESMA Guidelines). This replaces Circular 457 from July 2021.
Key points include:
- Scope revision: The ESMA Guidelines now exclude financial entities covered under the Digital Operational Resilience Act (DORA) Regulation. They focus on depositaries of Alternative Investment Funds (AIFs) and Undertakings for Collective Investment in Transferable Securities (UCITS) not subject to DORA.
- Purpose: The ESMA Guidelines aim to ensure consistent supervisory practices and uniform application of requirements for cloud outsourcing. They address risks and challenges in areas like outsourcing decisions, provider selection, activity monitoring, and exit strategies.
This update ensures the ESMA Guidelines remain relevant and applicable to entities outside DORA's scope without altering their content or requirements.
CySEC’s Circular 759 can be accessed here
Key contacts
+- Related content
Regulatory Blog
ESMA launches Call for Evidence on European equity market structure: Key takeaways for market participants
Regulatory Blog
JFSC launches consultation on Phase 1 updates to the Bank Licensing Policy
Regulatory Blog
UK significantly ramps up Russia trade sanctions (May 2026): What you need to know