Derisk Advisory regularly shares thought leadership and insights on ICT, cybersecurity risk management, and regulatory developments to support organizations across industries in enhancing resilience and compliance.
The CSSF has published Circular CSSF 25/900, updating the annual reporting framework for UCI administrators (UCIAs) under Circular CSSF 22/811. The changes apply from 31 December 2025 and aim to simplify reporting while reflecting the EU framework on digital operational resilience.
The European Supervisory Authorities (EBA, EIOPA, and ESMA) have officially released the list of 19 ICT third-party service providers now designated as “Critical” (CTPPs) under the Digital Operational Resilience Act (DORA).
As part of the Members Day of the Ordre des Experts-Comptables (OEC) Luxembourg, Derisk Advisory recently had the pleasure of presenting to an audience of Luxembourg-based accountants and fiduciaries, addressing the critical cybersecurity challenges their profession faces.
The Commission de Surveillance du Secteur Financier (CSSF) has published its Annual Report for 2024, offering a crucial overview of the challenges and priorities for Luxembourg’s financial sector. In an environment marked by geopolitical uncertainty and rapid technological change, the report serves as an essential guide for navigating the regulatory landscape.
In June 2025, Derisk Advisory joined forces with DSM Avocats à la Cour to host a webinar on DORA and the practical implications of the new CSSF circulars.
The CSSF recently published an FAQ highlighting the most frequent issues observed in their submission and correction process. By now, financial entities should have received a confirmation stating: “We consider your submission process of your Register of information as finished. No future action is required from your side at the current stage.”
Derisk Advisory recently had the opportunity to contribute to a Paperjam article discussing how the Digital Operational Resilience Act (DORA) is influencing regulatory expectations in Luxembourg — and what financial institutions should anticipate as the CSSF begins to sharpen its focus on enforcement.
As of today, 17 January 2025, DORA is in full force. Earlier this week, the CSSF issued a communiqué with updates on reporting obligations.
Happy New Year! The AI Act mandates businesses to take action by February 2025. This regulation is a pivotal moment, urging businesses to act promptly. The deadline of February 2, 2025, signifies a crucial milestone.
In our latest article, we dive into key findings from the Commission de Surveillance du Secteur Financier (CSSF)’s 2023 Annual Report.
In September 2024, Derisk Advisory joined forces with DSM Avocats à la Cour to host a webinar on DORA’s implications for Luxembourg financial institutions.