Given the ever-increasing risks of cyber attacks, the EU is strengthening the IT security of financial entities such as banks, insurance companies and investment firms. Council adopted the DORA - to ensure the EU financial sector is able to stay resilient through a severe operational disruption.
We live in uncertain times. Banks and other companies which
provide financial services in Europe already have plans in place for
their IT security, but we need to go one step further. Thanks to the
harmonised legal requirements which we adopted today, our financial
sector will be better able to continue to function at all times. If a
large-scale attack on the European financial sector is launched, we will
be prepared for it.
Zbyněk Stanjura, Minister of Finance of Czechia
DORA sets uniform requirements for the security of network and
information systems of companies and organisations operating in the
financial sector as well as critical third parties which provide ICT
(Information Communication Technologies)-related services to them, such
as cloud platforms or data analytics services. DORA creates a regulatory
framework on digital operational resilience whereby all firms need to
make sure they can withstand, respond to and recover from all types of
ICT-related disruptions and threats. These requirements are homogenous across all EU member states. The core aim is to prevent and mitigate cyber threats.
Now that the DORA proposal is formally adopted, aspects that require
national transposition will be passed into law by each EU member state.
At the same time, the relevant European Supervisory Authorities (ESAs),
such as the European Banking Authority (EBA), the European Securities
and Markets Authority (ESMA) and the European Insurance and Occupational
Pensions Authority (EIOPA), will develop technical standards for all financial services institutions to abide by,
from banking to insurance to asset management. The respective national
competent authorities will take the role of compliance oversight and
enforce the regulation as necessary.
Background
The Commission came forward with the DORA proposal on 24 September
2020. It was part of a larger digital finance package, which aims to
develop a European approach that fosters technological development and
ensures financial stability and consumer protection. In addition to the
DORA proposal, the package contained a digital finance strategy, a
proposal on markets in crypto-assets (MiCA) and a proposal on
distributed ledger technology (DLT).
This package bridges a gap in existing EU legislation by ensuring
that the current legal framework does not pose obstacles to the use of
new digital financial instruments and, at the same time, ensures that
such new technologies and products fall within the scope of financial
regulation and operational risk management arrangements of firms active
in the EU. Thus, the package aims to support innovation and the uptake
of new financial technologies while providing for an appropriate level
of consumer and investor protection.
The Council adopted its negotiating mandate on DORA on 24 November
2021. Trilogues between the co-legislators started on 25 January 2022
and ended in a provisional agreement on 10 May 2022. Today’s adoption is
the final step in the legislative process.
Council of EU
© Council of the European Union
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article