The EACB is grateful that the proposed ‘Digital Operational Resilience Act' (DORA) looks to achieve an integrated approach for all participants in the financial system and across Europe to mitigate cyber-attacks and other ICT risks.
The EACB welcomes the harmonization of the various regulatory requirements in Europe and national approaches for operational resilience, which is one of the main challenges of the digital age. Consistency around the ICT risk management requirements is important to the financial sector with all participants.
Among the EACB’s key messages are our requests to amend the definition of microenterprises and align it to that of “small and non-complex institution” enshrined in the CRR2; exclude statutory auditors and audit firms from the DORA scope; exclude ICT intra-group service providers from the oversight framework; streamline ICT incident reporting; and increase the accountability of ICT Third Party Providers.