EU: Council adopts DORA
The Council of the European Union announced, on 28 November 2022, the adoption of Regulation on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014 and (EU) No 909/2014 ('DORA'), thus marking the final step in the legislative process, following the adoption by the European Parliament on 10 November 2022. In particular, the Council highlighted that, now that DORA is formally adopted, each Member State will be required to transpose the requirements set out therein into national legislation. At the same time, the Council specified that the relevant European supervisory authorities will develop technical standards for all financial services institutions to abide by, from banking to insurance and asset management, while the respective national competent authorities will take the role of compliance oversight and enforce the DORA as necessary.
Notably, the Minister of Finance of Czechia, Zbyněk Stanjura, stated that, "We live in uncertain times. Banks and other companies which provide financial services in Europe already have plans in place for their IT security, but we need to go one step further. Thanks to the harmonised legal requirements which we adopted today, our financial sector will be better able to continue to function at all times. If a large-scale attack on the European financial sector is launched, we will be prepared for it".