The Cyprus Securities and Exchange Commission (CySEC) this week issued new guidance on annual fees under the Digital Operational Resilience Act for the financial sector, known as DORA.
The announcement applies to a wide range of financial entities, including investment firms, crypto-asset service providers authorised by CySEC, issuers of asset-referenced tokens, central securities depositories, central counterparties, trading venues, alternative investment fund managers, management companies, and crowdfunding service providers.
CySEC said that following the publication of Directive DIR73-2009-07 and Policy Statement PS-03-2025 regarding DORA fees, financial entities are required to complete a form for self-categorisation and calculation of the first annual ICT fee for 2025.
Entities must fill in the grey cells in fields 1.1 to 1.7 of the form according to the instructions provided, the regulator added.
When submitting the form, financial entities must attach extracts from their most recent audited financial statements showing total annual turnover and the annual balance sheet for the relevant year.
Entities must also provide evidence regarding the number of persons employed, CySEC said.
The completed and signed form must be submitted to CySEC via its portal by October 31, 2025, at the latest, along with the relevant financial statements.
Financial entities without portal access are instructed to send the form by email to [email protected].
From 2026 onwards, the self-categorisation form must be submitted between September 1 and 15 each year, after which CySEC will issue and send an invoice by email.
The annual fee for 2025 will be calculated on a pro rata basis for the period from August 15, 2025, to December 31, 2025, the commission said.
Payment must be completed by December 31, 2025.
From 2026, the relevant annual fee will need to be paid by November 30 of each year, CySEC added.
