Go to content
Search Typeahead
${facet.Name} (${facet.TotalResults})
${item.Icon}
${ item.Overline }
${ item.Title }
${ item.Date } | ${ item.Authors }
${ item.PhoneNumber } ${ item.Email }
${ item.ShortDescription }
${ item.SearchLabel?.ViewModel?.Label }
See all results
Search Typeahead
${facet.Name} (${facet.TotalResults})
${item.Icon}
${ item.Overline }
${ item.Title }
${ item.Date } | ${ item.Authors }
${ item.PhoneNumber } ${ item.Email }
${ item.ShortDescription }
${ item.SearchLabel?.ViewModel?.Label }
See all results
  1. Home
  2. Our Blogs
  3. Regulatory
  4. CySEC Directive on fees payable by entities falling under the EU digital operational resilience framework (DORA)

CySEC Directive on fees payable by entities falling under the EU digital operational resilience framework (DORA)

18 Sep 2025
|

On 29 August 2025, the Cyprus Securities and Exchange Commission (CySEC) issued Directive 73-2009-07 (DORA Fees Directive), focusing on the fees payable by entities falling under with EU Regulation 2022/2554 on digital operational resilience for the financial sector (DORA) was published in the Official Gazette. Importantly, it is effective from its publication date.

The DORA Fees Directive aligns with DORA and outlines the following:

  • Scope and purpose: It applies to financial entities such as investment firms, crypto-asset service providers and central securities depositories, among others, defining annual fees and charges for operational assessments like Threat-Led Penetration Testing (TLPT).
  • Annual contributions: Financial entities must pay annual fees based on their classification (i.e. microenterprise, small, medium or large enterprises) under EU standards. Fees range from €2,000 to €20,000, with proportional adjustments for partial-year operations.
  • TLPT fees: Entities conducting advanced TLPT assessments are subject to a fee of €20,000.
  • Enforcement: Non-payment of fees may result in legal action by CySEC

The DORA Fees Directive ensures compliance with EU regulations, enhancing the financial sector's resilience against digital threats.

Directive 73-2009-07 (only available in Greek) can be found here

Authors
Aki Corsoni Husain Harneys front portrait image on a grey background
Aki Corsoni-Husain
Partner | Regulatory & Tax | London
Elina Mantrali Harneys front portrait image on a grey background
Elina Mantrali
Counsel | Regulatory & Tax | Cyprus
Angelos Lanitis Harneys front portrait image on a grey background
Angelos Lanitis
Associate | Regulatory & Tax | Cyprus
Thekla Homata Harneys front portrait image on a grey background
Thekla Homata
Associate | Regulatory & Tax | Cyprus