The Council of the European Union and the European Parliament have reached an agreement provisional with respect to The DORA regulation, on digital operational resilience for financial entities.. This text is intended to reinforce the IT security of the companies concerned, in the event of a serious operational disruption.
The Union wants more security for financial entities
On May 11, 2022, the Council of the European Union issued a press release stating that the agreement was a good step forward for financial entities. Council members state that, in light of the ever-increasing risks of cyberattacks, the European Union “strengthens the IT security of financial entities such as banks, insurance companies and investment firms”.
According to the press release, the DORA regulation sets uniform requirements for the security of networks and information systems of companies and organizations operating in the financial sector. It allows The establishment of a regulatory framework on digital operational resilience. under which all businesses must ensure that they can withstand all types of disruptions and threats associated with emerging threats.
The text will be incorporated into the legislation of each Member State
This provisional agreement between the Council of the European Union and the European Parliament provides a solid framework for boost cybersecurity among financial entities particularly prone to attacks. Early 2020, the London Stock Exchange had for example been victim of a cyber attack. More recently, in 2021, the Central Bank of New Zealand was targeted by hackers. In January of last year, the Governor of the Central Bank had acknowledged that his establishment had been hacked.
Under the tentative agreement, almost all financial entities will be subject to the new regulations. Even critical providers established in a third country, which provide IT services to financial entities in the Union, will be required to establish a European subsidiary, “so that supervision can be properly implemented”. The agreement also provides for regular penetration testing.
The press release states that once the proposed regulation has been formally adopted, it will be incorporated into the legislation of each EU member state. Thereafter, it will be up to the competent European authorities, namely the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA), to establish technical standards for financial entities.
