DORA Register of Information — MFSA filing guide (2026)

Malta is a primary MiCA licensing hub, so many MFSA-authorised firms carry a double load: the DORA Register of Information and MiCA market-abuse obligations — often on a small team. This guide covers the MFSA deadline, the format, and the checks that matter.

Filing deadline — MFSA (Malta)

21 March 2026

Ten days before the 31 March headline. Easy to miss if you plan to month-end.

Format required

EBA XBRL-CSV is required — the structured format MFSA's systems ingest. Spreadsheet submissions are rejected.

Reference date

31 December 2025.

What MFSA checks

LEI checksums against GLEIF on every provider
Reconciled cross-references between the ESA tables
Exit-strategy and audit clauses on critical/important providers

Common errors that get flagged

Missing exit strategies on critical providers
Invalid LEIs
Gaps in fourth-party chains for outsourced crypto infrastructure

Who's in scope

Crypto-asset service providers (CASPs) — many Malta-licensed
Investment firms, payment institutions and insurers under MFSA

The double obligation

Most Malta CASPs owe both the DORA Register of Information and MiCA Article 92 market-abuse monitoring. CleanDesk handles the register today, with market-abuse surveillance as the next module — one place for both, sized for a lean team.

MFSA's deadline is 21 March — free register check, nothing uploaded.

Run your register free →

No signup · nothing uploaded · runs in your browser

DORA filing guides by regulator

This guide is general information, not legal advice, and deadlines and formats can change — always confirm the current requirement directly with the Malta Financial Services Authority (MFSA) before you file.