The Digital Operational Resilience Act (DORA): what (re)insurers and (re)insurance intermediaries must expect
21/12/2020

In September 2020, the European Commission adopted the Digital Finance Package, including a digital finance strategy and legislative proposals on crypto-assets and digital resilience, for a competitive EU financial sector that gives consumers access to innovative financial products, while ensuring consumer protection and financial stability. 

As part of this Digital Finance Package, the European Commission published its Proposal of Regulation on digital operational resilience for the financial sector, the so-called Digital Operational Resilience Act (Proposal of Regulation of the European Parliament and of the Council on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014 and (EU) No 909/2014)).

BACKGROUND

Currently the legal framework for ICT risk and operational resilience is fragmented and is constituted by various legislative acts as well as guidance from the European Banking Authority, the European Insurance and Occupational Pensions Authority, and the European Securities and Market Authority. 

With the Proposal of Digital Operational Resilience Act, the European Commission aims to adopt harmonised legislation regarding digital operational resilience, including identification, mitigation and management of cyber-risk, outsourcing and concentration risk in order to set a common standard across the EU financial system.

The Digital Operational Resilience Act will apply to all financial entities, including credit institutions, payment institutions, (re)insurers and (re)insurance intermediaries as well as ICT third-party service providers.

KEY ELEMENTS

The key elements of the Digital Operational Resilience Act for financial entities are the following:

  • financial institutions must have a sound, comprehensive and well-documented ICT risk management framework to address ICT risk quickly, efficiently and comprehensively. Such framework must include a wide range of strategies, policies, procedures, ICT protocols and tools;
  • financial institutions must manage ICT third-party risks and must have in place contractual arrangements for the use of ICT services to run their business operations;
  • financial institutions must implement an ICT-related incident management process to detect, manage and notify ICT-related incidents and shall put in place early warning indicators; and
  • financial institutions must have the possibility to exchange information on cyber threats and intelligence.
     

NEXT STEPS

The Proposal of Digital Operational Resilience Act is now going through the EU’s ordinary legislative procedure. The final text is expected to come into effect in the first months of 2022 and will transform the provisioning of financial services significantly across the European Union. 

 

Related : Lydian ( Ms. Olivia Santantonio ,  Mr. Bastiaan Bruyndonckx ,  Ms. LIese Kuyken )

[+ http://www.lydian.be]

Ms. Olivia Santantonio Ms. Olivia Santantonio
Counsel
olivia.santantonio@lydian.be
Mr. Bastiaan Bruyndonckx Mr. Bastiaan Bruyndonckx
Partner
bastiaan.bruyndonckx@lydian.be
Ms. LIese Kuyken Ms. LIese Kuyken
Associate
liese.kuyken@lydian.be

Click here to see the ad(s)

Lastest articles by Ms. Olivia Santantonio

The E-Privacy Regulation: light at the end of the tunnel?
18/02/2021

On 10 February 2021, after years of failed attempts, the Council of the European Union finally agreed on a negotiating&nbs...

Read more

Belgian DPA’s Litigation Chamber publishes procedural rules
30/01/2021

As we found out last year, data protection remains on the rise. In the meantime, many data subjects found their way to the...

Read more

The Digital Services Act package: proposals published
04/01/2021

Since our last ezine on this topic, a lot has changed. On 15 December 2020 (initially announced for 2 December 2...

Read more

Recommendations on outsourcing to cloud service providers by (re)insurance companies
25/11/2020

The National Bank of Belgium (NBB) published 15 recommendations for (re)insurance companies that outsource to cl...

Read more

Lastest articles by Mr. Bastiaan Bruyndonckx

The E-Privacy Regulation: light at the end of the tunnel?
18/02/2021

On 10 February 2021, after years of failed attempts, the Council of the European Union finally agreed on a negotiating&nbs...

Read more

Belgian DPA’s Litigation Chamber publishes procedural rules
30/01/2021

As we found out last year, data protection remains on the rise. In the meantime, many data subjects found their way to the...

Read more

The Digital Services Act package: proposals published
04/01/2021

Since our last ezine on this topic, a lot has changed. On 15 December 2020 (initially announced for 2 December 2...

Read more

Digital Services Act – A Status Update
04/11/2020

As part of the European Digital Strategy, the European Commission has announced a Digital Services Act package to strength...

Read more

Lastest articles by Ms. LIese Kuyken

The Digital Services Act package: proposals published
04/01/2021

Since our last ezine on this topic, a lot has changed. On 15 December 2020 (initially announced for 2 December 2...

Read more

Digital Services Act – A Status Update
04/11/2020

As part of the European Digital Strategy, the European Commission has announced a Digital Services Act package to strength...

Read more

New EDPB Guidelines on targeting of social media users
25/09/2020

On 2 September 2020, the European Data Protection Board (EDPB) adopted draft guidelines n°08/2020 on targeti...

Read more

Always look on the bright side of life”: Which remuneration is due to the artists when playing ...
18/04/2020

In these difficult times, where live music performance and events are postponed or cancelled, the economic situation of ar...

Read more

LexGO Network