The Cyprus Securities and Exchange Commission issued a policy statement setting the fees payable by financial entities under its supervision that fall within the scope of Regulation (EU) 2022/2554 on digital operational resilience for the financial sector. Annual supervision fees range from EUR 2,000 to EUR 20,000 depending on the size of the entity, and the assessment fee for Threat-Based Penetration Testing is set at EUR 20,000. The fees were calculated taking into account stakeholder comments submitted in response to public consultation document CP-01-2025. CySEC highlighted reductions in annual fees for micro and small enterprises and a reduction in the fee for Threat Led Penetration Tests. For 2025, in-scope entities must declare their undertaking category to CySEC between 2 and 31 October 2025, based on their latest audited financial statements and including the number of employees, annual turnover and annual balance sheet total, in line with the First Annex of Directive 73-2009-07. The annual fee for 15 August 2025 to 31 December 2025 is payable on a pro-rata basis, with payment due by 31 December 2025.
Cyprus Securities and Exchange Commission 2025-09-04
Cyprus Securities and Exchange Commission sets DORA supervision fees and Threat-Based Penetration Testing assessment fee
The Cyprus Securities and Exchange Commission announced fees for financial entities under Regulation (EU) 2022/2554 on digital operational resilience, with annual supervision fees ranging from EUR 2,000 to EUR 20,000 and a EUR 20,000 fee for Threat-Based Penetration Testing. Fee reductions were made for micro and small enterprises following stakeholder feedback. Entities must declare their category to CySEC in October 2025, with pro-rata fees for the year due by 31 December 2025.