On Thursday 10 November in plenary session, the European Parliament approved by a large majority (556 votes in favour, 18 against and 38 abstentions) the provisional agreement with the Council of the EU on the draft ‘DORA’ regulation on digital operational resilience (see EUROPE 12950/2). The second text of the regulation was approved by 553 votes in favour, 19 against and 40 abstentions.
“This is about ensuring the integrity of our financial services, it’s about protecting the financial systems, but more importantly, it’s about protecting citizens”, stressed the rapporteur of the first text, Billy Kelleher (Renew Europe, Irish), during a debate held the day before. “It's about ensuring that citizens have confidence that their information, that their money, that the systems that they use every day in a modern, functioning, digitised world has the integrity at its heart in terms of cybersecurity protections”, he added.
“Regular testing and transparent conditions not only ensure resilience, but also harmonise rules across Europe”, explained the other rapporteur, Mikuláš Peksa, (Greens/EFA, Czech).
European Commissioner for Financial Services Mairead McGuinness noted that financial institutions are more and more dependent on technology and that more and more people and businesses are managing their finances online. “So protecting the financial system from cyber attacks and cyber-fraud is vital”, she said.
Frances Fitzgerald (EPP, Irish) called for the text to be rapidly implemented. “If Europe wants to become a leading centre for financial services investment, we do need urgently a cybersecurity system in which people can have full and total confidence”, she said.
Welcoming the text, Alfred Sant (S&D, Maltese) warned about the impact of the ‘DORA’ regulation on small and medium-sized enterprises (SMEs). “Although proportionality is embedded in DORA, in reality, SMEs interfacing with banks and financial services could need stringent levels of cybersecurity compliance as they might otherwise pose a risk”, he warned.
José Gusmão (The Left, Portuguese) welcomed the text, but believed the lack of ambition was a shame, especially in terms of information from financial institutions to regulators. He also deplored the fact that the text does not address financial deregulation, which he said was the cause of the financial collapses seen in recent years.
View the text of the ‘DORA’ regulation: https://aeur.eu/f/40i
View the text of the Operational Resilience Directive: https://aeur.eu/f/40k (Original version in French by Anne Damiani)