European Commission: Financial services – improving resilience against cyberattacks (new rules)

19 December 2019

The consultation aims to gather stakeholders’ views on the need for legislative improvements within the financial services acquis with a view to harmonise rules across the EU to make the financial sector more secure and resilient while alleviating compliance and administrative burdens.

Over the recent years, cyber-attacks to the financial sector have increased in number, sophistication and severity. The increasing digitalisation of finance is set to accelerate this trend.

In April 2019, the European Supervisory Authorities advised the Commission to propose targeted improvements to the EU financial regulatory framework to develop a single regulatory and supervisory rulebook for ICT operational resilience in the financial sector.

In particular, the Commission services would welcome stakeholders’ input in four main areas:

• requirements on ICT and security risk management in the legislative acquis applicable to the financial sector,
• incident reporting requirements,
• digital operational resilience testing framework and
• oversight of ICT third party providers to the financial institutions.

This consultation is open to all citizens. Feedback is sought, in particular, from the following “key stakeholders”: financial institutions, market infrastructures, all other financial services providers and financial services operators, business associations, consumer representatives, ICT services providers consumers, financial services and ICT services users, civil society as well as public authorities, including supervisors and EU bodies and agencies, academia.

Full news on EC

© European Commission