Bill of Law 8291 concerning DORA was voted on 13 June

Sabika Ishaq,
Magdalena Mihalcea
insight featured image
The CSSF and the CAA are authorised to impose administrative sanctions and measures for violations of specific articles of the EU regulation 2022/2554. These sanctions can be applied to both individuals and organisations, including directors and responsible persons within the entities.

Sanctions include:

  1. Orders to cease and desist from violations.
  2. Temporary or permanent cessation of practices deemed contrary to the regulation.
  3. Administrative fines up to €5,000,000 for individuals.
  4. Administrative fines up to €5,000,000 or 10% of total annual turnover for organisations.
  5. Public declarations identifying the responsible party and nature of the violation.

Additionally, fines ranging from €250 to €250,000 can be imposed for obstructing oversight and investigation, ignoring orders, or providing false information.

Only 7 months remain to achieve compliance with DORA, and the CSSF recently announced that they expect full compliance by January 15, with no delays.

Need to perform an efficient and rapid gap assessment? Contact us for a demo of our online DORA tool:



In any case of questions, please contact our Chief Information Security Officer Sabika Ishaq, or our Senior Information Security Manager, Magdalena Mihalcea.