S&Ds ensure balanced protection of the EU financial system against cyberattacks
The European Union has negotiated an agreement to protect the European financial system against cyberattacks. During the negotiations, the S&Ds ensured that the legislation was balanced and designed to create a resilient cybersecurity model and to protect the integrity of the European financial system. The legislation comes at the right time, especially in view of Russian threats of war against Ukraine, stressed the Socialists and Democrats, the provisional agreement on the matter having been reached last night *.
S&D MEP Alfred Sant, negotiator on the single rule book maximizing the cybersecurity of financial services in the EU, said:
“The new legislation will ensure that banks, insurers and financial institutions in the European Union are better equipped to prevent, detect and resolve operational risks and digital disruptions.
“The S&Ds have ensured that we have balanced legislation with the right amount of flexibility and proportionality. We have also made sure that the loopholes are closed. This means that service providers outside the EU, such as large cloud companies that are crucial for the functioning of the European financial sector, are subject to strict harmonized rules.
“In addition, the group worked to ensure that the new requirements would also apply to auditors. This would be important because they have privileged access to the IT infrastructures of financial entities and therefore play an important role in the financial system. At our insistence, a review clause has been introduced to assess the need to include auditors in the legislation in the future.
“We now expect that sufficient resources will be put in place to make this new protection available as soon as possible. This should be considered an urgent priority. The current geopolitical context means that such regulation is essential as cyberattacks are on the rise.
*Note to Editors:
European Parliament and EU Council negotiators have reached a provisional political agreement on the Digital Operational Resilience Act (DORA). The new rules aim to harmonize and strengthen requirements across the financial services industry to protect against information and communication technology incidents. The agreement must now be formalized by the Parliament and the Council. The rules should apply 24 months after their entry into force.