Topic: Digital operational resilience in financial services dora

On 19 June 2023 the European Supervisory Authorities (ESAs) launched a public consultation on a first batch of regulatory and implementing technical standards (RTS and ITS) under Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (DORA). This covers the draft RTS and ITS that the ESAs are expected to submit to the European Commission by 17 January 2024.

On 26 May 2023, the European Supervisory Authorities (ESAs) published a joint Discussion Paper on criteria for critical ICT third-party service providers and oversight fees. This Discussion Paper follows the request for technical advice that was sent by the European Commission (Commission) to the ESAs in late December 2022.

On 1 March 2023, the Dutch Authority for the Financial Markets (Autoriteit Financiële Markten, the AFM) published the results of an exploratory investigation into IT incident management in the capital markets. The AFM carried out this study in relation to eight trading venue operators and proprietary traders based on a self-assessment and IT incident notifications reported to the AFM.

On 6 February 2023 the three European Supervisory Authorities (ESAs) held a joint public hearing on the implementation of Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (“Digital Operational Resilience Act” or DORA). As per a follow up press release, the event – held online – gathered over 2,000 representatives from credit and payment institutions, investment firms, (re)insurance undertakings, ICT third-party service providers and other financial entities. The focus of the joint hearing was to provide an opportunity for industry participants to engage with regulators on the new legislation, share their initial views and raise any potential areas of concern regarding the policy mandates that the ESAs have to develop over the course of 2023 and 2024.

On December 27, 2022, the European Regulation on digital operational resilience for the financial sector was published. It entered into force on January 17, 2023 and will apply as of January 17, 2025.

On 16 January 2023, the Regulation on digital operational resilience for the financial sector (DORA) entered into force.

On 27 December 2022, there was published in the Official Journal of the European Union (OJ)

On 4 January 2023 the European Banking Authority (EBA) published a letter from the European Commission (“the Commission”) to the European Supervisory Authorities (ESAs) requesting advice on designation criteria and fees for the oversight framework for critical third-party service providers set out under Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (DORA). Together with the letter, the EBA published the content of the Call for Technical Advice, which sets out in more detail the scope of the advice requested by the Commission. As per the mandate set out in DORA, the ESAs are requested to deliver technical advice on two delegated acts.

On 28 November 2022, the Council of the European Union adopted the Digital Operational Resilience Act (DORA).

On 11 May 2022, it was announced that the Council presidency and the European Parliament had reached provisional agreement on the Digital Operational Resilience Act (DORA). The provisional agreement is subject to approval by the Council and the European Parliament before going through the formal adoption procedure.