Provisional Agreement reached on the EU’s Digital Operational Resilience Act

Published: Thursday, 12 May 2022 08:07

On May 10th the European Council presidency and the European Parliament reached a provisional agreement on the Digital Operational Resilience Act (DORA), which will make sure the financial sector in Europe is able to maintain resilient operations through a severe operational disruption.

DORA will establish uniform requirements for the security of network and information systems of companies and organizations operating in the financial sector as well as critical third parties that provide ICT-related services to them, such as cloud platforms or data analytics services.

DORA creates a regulatory framework on digital operational resilience where all regulated firms will need to make sure they can withstand, respond to and recover from all types of ICT-related disruptions and threats.

Key points under the provisional agreement include:

The provisional agreement is subject to approval by the Council and the European Parliament before going through the formal adoption procedure. Once the DORA proposal is formally adopted, it will be passed into law by each EU member state. The relevant European Supervisory Authorities (ESAs), such as the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA), will then develop technical standards for all financial services institutions to abide by, from banking to insurance to asset management. The respective national competent authorities will take the role of compliance oversight and enforce the regulation as necessary.

More details.