The ADGM Financial Services Regulatory Authority has implemented amendments to its regulatory framework for Authorised Persons and Recognised Bodies covering cyber risk management, with firms required to comply from 31 January 2026. The package follows industry engagement and feedback on Consultation Paper No. 3 of 2025 and requires firms to integrate cyber risk management into their existing risk management frameworks, building on the FSRA’s Information Technology Risk Management Guidance and Governance Principles and Practices to Mitigate Cyber Threats and Crime. The final amendments include a six-month transition period to support implementation, additional clarification on proportionality and the integration of cyber risk management frameworks, and adapted requirements for arrangements with IT service providers. The FSRA has also revised its guidance to help firms assess the materiality of cyber incidents and plans to update its cyber incident notification template before the end of 2025.
ADGM Financial Services Regulatory Authority 2025-07-29
ADGM Financial Services Regulatory Authority implements cyber risk management rule amendments with compliance required from 31 January 2026
The ADGM Financial Services Regulatory Authority has amended its regulatory framework for Authorised Persons and Recognised Bodies to enhance cyber risk management, effective 31 January 2026. The changes, following industry feedback, require integrating cyber risk management into existing frameworks and include a six-month transition period. Revised guidance clarifies proportionality, IT service provider arrangements, and cyber incident materiality assessment, with an updated notification template expected by year-end 2025.