DORA the enforcer passes into law

Getting your Trinity Audio player ready...

European Union lawmakers have voted 612-18 in favor of stricter cybersecurity rules on digital asset providers and other financial institutions.

First published in September 2020 as part of the EU’s Digital Finance Package (DFP), the Digital Operational Resilience Act, or DORA, aims to improve the ‘digital resiliency’ of the financial system, in particular cybersecurity vulnerabilities, reporting and testing shortcomings, and a lack of oversight of third-party providers.

The Act will introduce a common set of standards to manage digital risks across the financial sector and ensure the necessary measures are in place to protect against cyberattacks and other sources of disruption.

With this lofty ambition as the driving force, the majority of financial institutions in the EU, as well as their supply chains, will fall within the Act’s purview. This includes digital asset companies, such as wallet providers, who will be regulated under the EU’s Markets in Crypto Assets Regulation (MiCA)—a law originally proposed as a package along with DORA.

“Protecting the financial system from cyberattacks and cyber fraud is vital,” said European Commissioner Mairead McGuinness at a pre-vote debate last week. She went on to argue that DORA will be “a cornerstone of our work on digital finance in the European Union, making sure that we support innovation and do it in a safe way.”

The high standards of the Act include regular three-yearly testing periods; financial institutions will have to monitor and report major cyber incidents and test defenses, and third-party big tech firms offering services must also submit to oversight.

To avoid a mad scramble to comply, the Act comes with a grace period of 24 months for companies to get themselves up-to-code with the new regulations. However, those that move fast are likely to benefit from the increased data security it mandates.

DORA is part of a larger EU drive for modernization in its governance of a rapidly changing financial landscape, with risk management and data-sharing security at the forefront of its approach.

Like every new piece of legislation that comes with a fresh set of costly requirements to comply with, this latest Act may be met with a certain amount of weariness from the regulation-shy within the digital asset space. However, its medicine of greater ‘operational resilience’ could be just what the doctor ordered for an industry in flux.

Watch: The BSV Global Blockchain Convention panel, Law & Order: Regulatory Compliance for Blockchain & Digital Assets