Skip to main content

Cyber resilience

The framework on digital operational resilience focuses on managing the risks associated with the financial sector relying more on software and digital processes.

What the EU is doing and why

The digital finance sector faces a continuous and evolving cyber threat landscape, where malicious actors constantly devise advanced techniques to exploit vulnerabilities and compromise the security of financial institutions, transactions, and sensitive customer data.

The growing dependency of the financial sector on software and digital processes increases these risks.

Cyber resilience means being prepared for, as well as being capable of enduring, recovering from, and adapting to cyber threats.

The EU adopted a legislative framework the Regulation on Digital Operational Resilience (DORA), in order to strengthen companies’ capacity, not just for preventing incidents but also for minimising disruptions and ensuring swift recovery after ICT-related disruptions. It also includes an oversight mechanism on service providers, such as Big Techs, which provide cloud computing services to financial institutions.

This initiative connects to a wider workstream ongoing at European and international level to strengthen the cybersecurity in financial services and address broader operational risks.

Policy making timeline

  1. 16 November 2023
    Legislation - Digital operational resilience (DORA)
  2. 16 January 2023
    Legislation - Digital operational resilience (DORA)
  3. 27 December 2022
    Legislation - Digital operational resilience (DORA)

    Publication of the Digital Operational Resilience Regulation (DORA) in the Official Journal.

  4. 24 September 2020
    Legislative proposal - Digital operational resilience (DORA) & crypto-assets (MiCa)

    Digital finance package containing

  5. 3 April 2020
    Consultation - Digital finance strategy
  6. 19 December 2019
    Consultation - Digital operational resilience & crypto-assets
  7. 8 March 2018
    Action plan - FinTech

    The Commission adopted the FinTech action plan.

Relevant legislation