ADGM Cyber Risk Management framework

ADGM’s FSRA announced cyber-risk amendments on 29 July 2025 with compliance required from 31 January 2026. The rules require integrating cyber risk into existing risk frameworks, clarifying proportionality, and strengthening third-party IT arrangements. Guidance on incident materiality will be updated, and the notification template will change later this year. The framework builds on prior IT risk guidance and followed a public consultation. A six-month transition window is intended to ease implementation.

Map current controls to the new requirements, define supplier clauses, and prepare board-level reporting packs. 

adgm.comen.adgm.thomsonreuters.com