The Financial Services Regulatory Authority (FSRA) of ADGM announced on Tuesday the implementation of amendments to its regulatory framework for Authorized Persons and Recognized Bodies in relation to cyber risk management. The implementation of the amendments follows extensive industry engagement and feedback received on Consultation Paper No. 3 of 2025.
The FSRA noted that compliance with the amendments will be required from January 31, 2026.
In a statement, ADGM’s FSRA explained that the amendments require firms to integrate cyber risk management into their existing risk frameworks and build upon the authority’s Information Technology Risk Management Guidance and Governance Principles and Practices to Mitigate Cyber Threats and Crime.
“These amendments reflect the FSRA’s ongoing commitment to operational resilience and cybersecurity. By continuing to integrate global best practices into our framework, we safeguard the integrity of the financial services industry in ADGM,” said Emmanuel Givanakis, CEO of ADGM’s FSRA.
Feedback received during the consultation period supported the amendments as a natural evolution of the FSRA’s regulatory framework in this dynamic risk area.
In response to this feedback, the FSRA has enhanced the proposed amendments by providing firms with a six-month period to ensure compliance, clarifying the principles of proportionality and integration of cyber risk management frameworks, and adapting requirements for arrangements with IT service providers.
Read: Multiply Group posts 39 percent rise in revenue to $136.94 million in Q2 2025
“These recent developments demonstrate our ongoing dedication to responsible innovation and further position ADGM as a leading jurisdiction for secure and forward-looking financial activity,” added Givanakis.
The FSRA has also revised its guidance to assist firms in assessing the materiality of cyber incidents and is planning to update its cyber incident notification template before the end of the year.
