What the EU is doing and why
The digital finance sector faces a continuous and evolving cyber threat landscape, where malicious actors constantly devise advanced techniques to exploit vulnerabilities and compromise the security of financial institutions, transactions, and sensitive customer data.
The growing dependency of the financial sector on software and digital processes increases these risks.
Cyber resilience means being prepared for, as well as being capable of enduring, recovering from, and adapting to cyber threats.
The EU adopted a legislative framework the Regulation on Digital Operational Resilience (DORA), in order to strengthen companies’ capacity, not just for preventing incidents but also for minimising disruptions and ensuring swift recovery after ICT-related disruptions. It also includes an oversight mechanism on service providers, such as Big Techs, which provide cloud computing services to financial institutions.
This initiative connects to a wider workstream ongoing at European and international level to strengthen the cybersecurity in financial services and address broader operational risks.
Policy making timeline
- 13 March 2024Legislation - Digital operational resilience (DORA)
- 22 February 2024Legislation - Digital operational resilience (DORA)
- 16 November 2023Legislation - Digital operational resilience (DORA)
Launch of a 4-week feedback process on 2 delegated acts in view of their adoption.
End date: 14 December 2023 - 16 January 2023Legislation - Digital operational resilience (DORA)
The Digital Operational Resilience Regulation (DORA) came into force.
- 27 December 2022Legislation - Digital operational resilience (DORA)
Publication of the Digital Operational Resilience Regulation (DORA) in the Official Journal.
- 11 May 2022Political agreement - Digital operational resilience (DORA)
- 24 September 2020Legislative proposal - Digital operational resilience (DORA) & crypto-assets (MiCa)
Digital finance package containing
- a digital finance strategy with
- legislative proposals for an EU regulatory framework on digital operational resilience: prevent and mitigate cyber threats (including DORA)
- legislative proposals on crypto-assets to draw on the possibilities offered by crypto-assets, while mitigating risks for investors and financial stability (including MiCa)
- legislative proposals for an EU regulatory framework on digital operational resilience: prevent and mitigate cyber threats (including DORA)
- a renewed strategy for modern and safe retail payments
- a digital finance strategy with
- 3 April 2020Consultation - Digital finance strategy
The Commission launched a consultation on a new digital finance strategy for Europe / FinTech action plan.
End date: 26 June 2020 - 19 December 2019Consultation - Digital operational resilience & crypto-assets
The Commission launched two consultations
- 10 April 2019Technical advice - ICT risks in finance