The EU Commission, EU Council and EU Parliament have reached agreement on the Commission’s proposal for a Digital Operational Resilience Act (DORA).
The new rules aim to harmonise and strengthen digital operational resilience requirements across the financial services sector and will create a regulatory framework to ensure that firms can withstand ICT-related threats.
They will apply to financial entities regulated at EU level, such as banks, payment providers, electronic money providers, investment firms and cryptoasset service providers. They will also apply to ICT third-party service providers.
MEPs will also explore establishing a single EU hub for reporting of major ICT related incidents within two years.