QA Financial Forum Chicago | 9 April 2024 | BOOK TICKETS
Search
Close this search box.

European Council adopts Digital Operational Resilience Act

221207-european-council-adopts-digital-operational-resilience-act-1670427041

The Council of the EU has passed its final legislative step in adopting the Digital Operational Resilience Act (DORA). 

DORA creates a regulatory framework on digital operational resilience whereby all firms and their third parties need to make sure they can withstand, respond to and recover from all types of digital disruptions and threats, with a focus on mitigating cyber threats. 

Research completed on behalf of Expleo by QA Financial has found that only 53% of firms surveyed recognise digital operational resilience as a distinct risk category and only 20% were aware of DORA and its likely provisions.

The Commission came forward with the DORA proposal on 24 September 2020. Formal trilogues between the co-legislators started on 25 January 2022 and ended in a provisional agreement on 10 May. This adoption is the final step in the legislative process.

DORA sets uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector as well as critical third parties which provide IT-related services to them, such as cloud platforms or data analytics services. 

“Banks and other companies which provide financial services in Europe already have plans in place for their IT security, but we need to go one step further,” said Zbyněk Stanjura, minister of finance of the Czech Republic (pictured). “Thanks to the harmonised legal requirements which we adopted today, our financial sector will be better able to continue to function at all times. If a large-scale attack on the European financial sector is launched, we will be prepared for it.”

Similar legislation was introduced in UK Parliament in July, setting out proposals to ensure the resilience of critical third parties to the British financial industry. The Financial Services and Markets Bill is expected to be debated in the House of Lords in January after a series of amendments in November.

Now that the DORA proposal is formally adopted by the European Council, aspects that require national transposition will be passed into law by each EU member state. At the same time, the relevant supervisory authorities, such as the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA), will develop technical standards for all financial services institutions to abide by. The respective national competent authorities will take the role of compliance oversight and enforce the regulation as necessary.

 

[Image copyright: European Union]