The “Substance” Era for Cyprus Investment Firms (CIFs)

With Cyprus holding the Presidency of the Council of the EU in the first half of 2026, CySEC has shifted into high-gear. The issuance of Circular C751 has made one thing clear: technical defaults in DORA reporting are now a top enforcement priority. CIFs are no longer just being asked for policies; they are being audited for “Digital Substance.”

Key 2026 Compliance Hurdles for CIFs:

• DORA Register of Information: You must now submit a granular map of all ICT third-party providers (TPPs) through the CySEC portal.

• New Fee Structure: CySEC’s 2026 fee proposal introduces “complexity-based” increments. Accurate turnover and clientele reporting are essential to avoid overpayment or fines.

• Product Governance: Regulators are now using AI to scan marketing materials and “finfluencer” collaborations for balanced risk disclosures.

How Enactia Powers the 2026 CIF:

1. Automated C751 Reporting: Pre-configured templates for Major ICT Incident Reporting and the Register of Information.

2. Marketing & Affiliate Oversight: A centralized module to vet and audit third-party promotions, ensuring they meet the latest “Balance and Prominence” rules.

3. Real-Time Risk Registers: Link your market risk, operational risk, and ICT risk into a single board-ready dashboard.

Meet CySEC’s 2026 expectations without the manual overhead. > Request a Demo for Cyprus Investment Firms →