The Council of the European Union announced, on 11 May 2022, that it had reached a provisional agreement with the European Parliament on the Digital Operational Resilience Act ('DORA'). In particular, the Council highlighted that DORA aims to prevent and mitigate cyber threats and ensure resilient operations across EU financial entities such as banks, insurance companies, and investment firms. To achieve this, DORA establishes uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector, as well as critical third parties which provide ICT-related services to them, such as cloud platforms or data analytics services.
News
EU: Council and Parliament reach agreement on new cybersecurity rules for financial sector
May 13, 2022
Summary
The Council of the European Union and the European Parliament have provisionally agreed on the Digital Operational Resilience Act (DORA), which sets uniform cybersecurity requirements for financial entities in the EU, including banks and insurance companies. DORA also mandates that critical third-country ICT service providers to EU financial entities establish an EU subsidiary for proper oversight. The act builds on the existing NIS Directive, providing clarity and addressing overlaps with a lex specialis exemption. Additionally, a provisional agreement on the revised NIS 2 Directive, which updates the original, has been reached. Once DORA is adopted, EU supervisory authorities will develop technical standards and national authorities will oversee compliance.