The Liechtenstein Financial Market Authority has amended its Guideline 2021/3 ICT Security Guideline following Liechtenstein’s advance implementation of the Digital Operational Resilience Act on 1 February 2025. The revised approach narrows the guideline’s scope so it applies exclusively to financial intermediaries that do not fall within DORA. The amendments align definitions and terminology with DORA and add clarifications in response to questions raised by intermediaries in recent years, while reflecting DORA-related simplifications compared with the previous ICT Directive approach. Key content changes include minimum requirements for establishing the register of contractual agreements, which replaces the former register of outsourcing agreements, and updated requirements for reporting ICT-related incidents to the FMA.
Liechtenstein Financial Market Authority 2025-01-07
Liechtenstein Financial Market Authority amends ICT Security Guideline to apply only to non-DORA intermediaries and update contract register and incident reporting requirements
The Liechtenstein Financial Market Authority revised its Guideline 2021/3 ICT Security Guideline to align with the Digital Operational Resilience Act (DORA), effective 1 February 2025. The updated guideline now applies only to financial intermediaries outside DORA's scope and includes changes like minimum requirements for a register of contractual agreements and updated ICT incident reporting to the FMA. Definitions and terminology have been aligned with DORA, incorporating clarifications and simplifications.