The Council of the EU adopts DORA

On the 28th November 2022, the Council of the European Union (“EU”) adopted the Digital Operational Resilience Act (“DORA”) proposal. A year earlier, on the 24th November 2021, the Council of the EU adopted its negotiating mandate on DORA, and on the 10th May 2022 a provisional agreement was ended between the co-legislators. The latest adoption by the Council of the EU is the final legislative step in the promulgation of DORA.

First introduced in the 24th September of 2020, the DORA proposal is part of the European Commission’s Digital Finance Package, aiming to foster technological development and ensure financial stability and consumer protection. The aim of the DORA proposal is to strengthen and ensure the financial sector’s resilience to the ever-increasing cyber-attacks and severe operational disruptions. It aims to do this by setting uniform requirements for the security of network and information systems of entities within the financial sector, together with critical third parties providing ICT-related services (such as cloud platforms, data analytics).

Since the Council of the EU has now formally adopted the DORA proposal, certain aspects that require national transposition will be transposed into law by each EU Member State. The European Supervisory Authorities will also develop technical standards to provide further guidance on these legislative developments.

The Digital Finance Package is a well-needed legal development to bridge existing gaps within the EU legal system, eliminate obstacles to the use of new digital financial instruments, and ensure that such instruments are covered by financial regulation and operational risk managements arrangements.

Feel free to contact us for assistance or more information on the above.