The European Commission’s proposal
The European Commission is considering amending the existing rules for the financial sector regarding digital operational resilience, with a view to unifying and strengthening the legal framework in this area.
The proposed change to legislation would amend the existing Network and Information Security (NIS) Directive and create a new regulation on digital operational resilience, known as the Digital Operational Resilience Act (DORA). The new rules would extend to 20 types of regulated EU financial entities, including fintechs.
The adopted act is open for public feedback until 18 May 2021. All feedback received will be summarised by the European Commission and will be presented to the European Parliament and Council with the aim of feeding this into the legislative debate.
The need for operational resilience has become more urgent due to the rapid digital growth in the fintech industry, for example, in the use of blockchain technologies. The current legislative framework for information and communication technology (ICT) risk and operational resilience across the financial services sector is fragmented and inconsistent, with different guidance from the European Banking Authority, the European Insurance and Occupational Pensions Authority and the European Securities and Market Authority. By harmonising the legal framework, the European Commission hopes to remedy this.