The European Union has negotiated a deal to protect the European financial system against cyberattacks. During the negotiations, the S&Ds ensured the legislation is balanced and designed to create a resilient cybersecurity model and to protect the integrity of the European financial system. The legislation is very timely, in particular considering the threats of the Russian war against Ukraine, underlined the Socialists and Democrats, as the provisional agreement on the matter was reached last night*.
S&D MEP Alfred Sant, the negotiator on the single rulebook maximising cybersecurity for financial services in the EU, said:
“The new legislation will make sure that banks, insurers and financial institutions in the European Union are better equipped to prevent, detect and resolve digital operational risks and disruptions.
“The S&Ds have ensured we have balanced legislation with the right amount of flexibility and proportionality. We have also made certain that loopholes are closed. This means that service providers from outside the EU, such as big cloud companies that are crucial for the functioning of the European financial sector, are subject to tight harmonised rules.
“Moreover, the group tried hard to guarantee that the new requirements would also apply to auditors. This would be important because they have a privileged access to the information technology infrastructures of financial entities and hence play an important role in the financial system. At our insistence, a review clause has been introduced to assess the need to include auditors in the legislation in the future.
“We now expect that sufficient resources will be put in place for this new protection to be available as soon as possible. This should be considered an urgent priority. The current geopolitical context means such regulation is critical as cyberattacks are on the rise.”
*Note to editors:
Negotiators from the European Parliament and the EU Council have reached a provisional political agreement on the Digital Operational Resilience Act (DORA). The new rules aim to harmonise and strengthen the requirements across the financial services sector to protect it against incidents related to information and communication technology. The agreement now needs to be formalised by the Parliament and the Council. The rules should apply 24 months after they enter into force.
