← All laws

Compliance · CSSF circular

CSSF Circular 25/882 on requirements for ICT third-party services for DORA entities.

CSSF practical expectations on ICT third-party providers, complementing the DORA Regulation.

Build my quote → Contact us
Luxgap explorer
Browse the 4 articles of the law, with Luxgap practical guidance
Browse articles →

Who is concerned?

This circular is broken down into 4 sections analysed one by one, each with the official text and Luxgap practical guidance for compliance in Luxembourg.

Key obligations

CSSF practical expectations on ICT third-party providers, complementing the DORA Regulation.

Luxgap supports CSSF-supervised entities (banks, PFS, payment and e-money institutions, management companies, funds) in complying with this circular: gap analysis, policy and register updates, CSSF inspection readiness, articulation with the DORA Regulation and the NIS 2 framework where relevant.

Deadlines

See the official CSSF text for precise application dates. Most recent ICT circulars articulate with the DORA Regulation, applicable since 17 January 2025.

Sanctions for non-compliance

Non-compliance exposes entities to CSSF administrative sanctions: injunctions, pecuniary sanctions, restrictions or suspension of authorisation.

How Luxgap helps

CSSF practical expectations on ICT third-party providers, complementing the DORA Regulation.

Luxgap supports CSSF-supervised entities (banks, PFS, payment and e-money institutions, management companies, funds) in complying with this circular: gap analysis, policy and register updates, CSSF inspection readiness, articulation with the DORA Regulation and the NIS 2 framework where relevant.

Let's set up your CSSF compliance.

Configure a quote for a compliance audit on this circular. Reply within one business day.

Build my quote →