Regulation (EU) 2022/2554 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011

Author (Corporate) ,
Series Title
Series Details L 333, Pages 1-79
Publication Date 27/12/2022
Content Type , ,

Summary:

Regulation (EU) 2022/2554 - formally adopted by the co-legislators on 14 December 2022 - seeking to improve digital operational resilience for the financial sector. It introduces amendments to Regulation (EC) No 1060/2009, Regulation (EU)  648/2012, Regulation (EU) 600/2014, Regulation (EU) No 909/2014 and Regulation (EU) 2016/1011. It is also known as the Digital Operational Resilience Act (DORA). This is a text with EEA relevance.

Further information:

This Regulation lays down uniform requirements concerning the security of network and information systems supporting the business processes of financial entities, seeking to secure a high common level of digital operational resilience in the European Union (EU).

The draft law was adopted by the European Commission on 24 September 2020 as part of its Digital Finance Package, including a Communication setting out a Digital Finance Strategy for the EU. The need for this framework arose from the increasing focus by policymakers on the risks stemming from reliance on information and communication technologies (ICT). While action was carried out to enhance resilience, this only indirectly addressed ICT areas in the financial sector as part of measures to address operational risks more broadly. The absence of detailed and comprehensive rules on digital operational resilience at EU level led to the proliferation of national regulatory initiatives and supervisory approaches. However, action at national level only has a limited effect given the cross-border nature of ICT risks. National initiatives also resulted in overlaps, inconsistencies, duplicative requirements, high administrative and compliance costs. The situation fragmented the single market, undermined stability and integrity of the sector, and jeopardised consumer and investor protection.

The Council of the European Union adopted its general approach on 24 November 2021. The plenary of the European Parliament endorsed a negotiating position on 15 December. A provisional agreement between the co-legislators on a compromise text for this file was reached on 10 May 2022. This was formally endorsed by the Parliament on 10 November and by the Council on 28 November. The Act was signed by the co-legislators on 14 December 2022 and published in the Official Journal on 27 December 2022.
Source Link http://data.europa.eu/eli/reg/2022/2554/oj
Related Links
Commentary and Analysis
PriceWaterhouseCooper (PwC Malta): Insights: Introducing the Digital Operational Resilience Act. Harmonising security across the EU financial sector https://www.pwc.com/mt/en/publications/technology/dora.html
EPRS: Briefing, December 2020: Strengthening digital operational resilience in the financial sector - Initial Appraisal of a European Commission Impact Assessment https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2020)654210
Association for Financial Markets in Europe (AFME): Press Release, 12/05/2022: AFME welcomes agreement on the Digital Operational Resilience Act (DORA) https://www.afme.eu/News/Press-Releases/Details/AFME-welcomes-agreement-on-the-Digital-Operational-Resilience-Act-DORA
Deloitte (Luxembourg): Regulatory News Alert, 25/07/2022: The EU’s Digital Operational Resilience Act has been agreed: implications for the financial services sector https://www2.deloitte.com/lu/en/pages/risk/articles/eu-dora-agreed-implications-financial-services-sector.html
Simmons&Simmons: Insights, 11/08/2022: Digital operational resilience for the financial sector and beyond https://www.simmons-simmons.com/en/publications/ckhbqfxvh1b9e09221w4u8id4/digital-operational-resilience-for-the-financial-sector-and-beyond
Stibbe: Publications & Insights, 04/10/2022: Digital operational resilience as key priority for financial institutions https://www.stibbe.com/publications-and-insights/digital-operational-resilience-as-key-priority-for-financial-institutions
EPRS: At a Glance, November 2022: Digital operational resilience act (DORA) https://www.europarl.europa.eu/thinktank/en/document/EPRS_ATA(2022)738197
Clifford Chance: Briefings, 15/11/2022: DORA: What the new European framework for digital operational resilience means for your business https://www.cliffordchance.com/briefings/2022/11/dora--what-the-new-european-framework-for-digital-operational-re.html
Official
EUR-LEX: COM(2020)595: Proposal for a Regulation on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014 and (EU) No 909/2014 https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=COM:2020:595:FIN
EUR-LEX: SWD(2020)198: Staff Working Document accompanying the Proposal - Impact Assessment Report https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=SWD:2020:198:FIN
EUR-LEX: SWD(2020)199: Staff Working Document accompanying the Proposal - Executive Summary of the Impact Assessment Report https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=SWD:2020:199:FIN
European Parliament: Legislative Observatory: Procedure File for Proposal on Digital finance: Digital Operational Resilience Act (DORA) (2020/0266(COD)) https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?lang=en&reference=2020/0266(COD)
European Parliament: Legislative Train Schedule: Digital operational resilience for the financial sector https://www.europarl.europa.eu/legislative-train/theme-a-europe-fit-for-the-digital-age/file-cross-sectoral-financial-services-act-1
European Commission: Publications: Digital Finance Package https://finance.ec.europa.eu/publications/digital-finance-package_en
European Commission: DG Financial Stability, Financial Services and Capital Markets Union: Digital finance https://finance.ec.europa.eu/digital-finance_en
General Secretariat of the Council: Policies: Digital Finance https://www.consilium.europa.eu/en/policies/digital-finance/
European Commission: Press Release, 24/09/2020: Digital Finance Package: Commission sets out new, ambitious approach to encourage responsible innovation to benefit consumers and businesses https://ec.europa.eu/commission/presscorner/detail/en/ip_20_1684
European Commission: Q&A, 24/09/2020: Questions and Answers: Digital Finance Strategy, legislative proposals on crypto-assets and digital operational resilience, Retail Payments Strategy https://ec.europa.eu/commission/presscorner/detail/en/qanda_20_1685
European Commission: Press remarks by Executive Vice-President Valdis Dombrovskis on the Capital Markets Union and Digital Finance (24 September 2020) https://ec.europa.eu/commission/presscorner/detail/en/speech_20_1739
Council of the European Union: Press Release, 24/11/2021: Digital finance package: Council reaches agreement on MiCA and DORA https://www.consilium.europa.eu/en/press/press-releases/2021/11/24/digital-finance-package-council-reaches-agreement-on-mica-and-dora/
European Parliament: Press Release, 10/05/2022: Provisional deal on protecting the EU’s financial system from cyber attacks and ICT disruptions https://www.europarl.europa.eu/news/en/press-room/20220510IPR29221/
Council of the European Union: Press Release, 11/05/2022: Digital finance: Provisional agreement reached on DORA https://www.consilium.europa.eu/en/press/press-releases/2022/05/11/digital-finance-provisional-agreement-reached-on-dora/
Council of the European Union: Press Release, 28/11/2022: Digital finance: Council adopts Digital Operational Resilience Act https://www.consilium.europa.eu/en/press/press-releases/2022/11/28/digital-finance-council-adopts-digital-operational-resilience-act/
Subject Categories ,
Subject Tags , , , ,
Keywords
International Organisations