The Financial Services Regulatory Authority (FSRA) of Abu Dhabi Global Market has announced new cyber risk management requirements for financial institutions.

Key measures include:

• Mandatory integration of cyber risk management into existing frameworks
• Updated IT risk management guidance
• Revised requirements for IT service provider arrangements
• New cyber incident notification procedures

Implementation details:

• Six-month transition period for compliance
• Applies to all Authorised Persons and Recognised Bodies
• Changes follow Consultation Paper No. 3 of 2025
• Updated incident notification template to be released by year-end

The amendments were finalised following industry consultation, with modifications made to:

• Clarify proportionality principles
• Refine integration requirements
• Adjust IT service provider arrangements
• Update incident materiality assessment guidance

For more news and content, try Lexis Middle East. Click on lexis.ae/demo to begin your free trial of Lexis® Middle East platform.

You can also explore the legal landscape by subscribing to our Weekly Newsletter.

Want to learn more about Lexis® Middle East? Visit https://www.lexis.ae/lexis-middle-east-law/.