CSSF Circular 25/881 amending CSSF 20/750 on ICT and security risk management.
Aligning the foundational 20/750 circular (ICT risks) with the DORA Regulation.
Who is concerned?
This circular is broken down into 4 sections analysed one by one, each with the official text and Luxgap practical guidance for compliance in Luxembourg.Key obligations
Aligning the foundational 20/750 circular (ICT risks) with the DORA Regulation.
Luxgap supports CSSF-supervised entities (banks, PFS, payment and e-money institutions, management companies, funds) in complying with this circular: gap analysis, policy and register updates, CSSF inspection readiness, articulation with the DORA Regulation and the NIS 2 framework where relevant.
Deadlines
See the official CSSF text for precise application dates. Most recent ICT circulars articulate with the DORA Regulation, applicable since 17 January 2025.
Sanctions for non-compliance
Non-compliance exposes entities to CSSF administrative sanctions: injunctions, pecuniary sanctions, restrictions or suspension of authorisation.
How Luxgap helps
Aligning the foundational 20/750 circular (ICT risks) with the DORA Regulation.
Luxgap supports CSSF-supervised entities (banks, PFS, payment and e-money institutions, management companies, funds) in complying with this circular: gap analysis, policy and register updates, CSSF inspection readiness, articulation with the DORA Regulation and the NIS 2 framework where relevant.
Let's set up your CSSF compliance.
Configure a quote for a compliance audit on this circular. Reply within one business day.
Build my quote →