Protect banks against Russian, Chinese or Iranian hackers

“We are now all more conscious than ever of the threat posed by hackers to European citizens, including from regimes such as Russia, China, or Iran. Recent months have highlighted the need to increase our vigilance and defend vital European infrastructure. This must now include our financial services industries, which hold important data related to European citizens and businesses. It is for this reason that we are putting in place robust cyber security rules, which are essential to help the digitalisation of European finance and provide enhanced consumer protection”, explained Frances Fitzgerald MEP, EPP Group negotiator of the Digital Operational Resilience Act (DORA), ahead of tomorrow's vote in the European Parliament.

"With the new rules, we are setting high uniform minimum standards for the security of network and information systems operated by banks, insurance companies and investment firms. If we want to remain both secure and a globally competitive market where people can invest with confidence, we must make sure the financial sector in Europe is able to identify, withstand, and respond to all potential disruptions and threats", she continued.

“In concrete terms, we will ask companies to maintain appropriate security controls over their digital infrastructure. These controls include encryption, authentication, access controls, and incident response plans. Of course, we have worked in order to ensure that this Regulation will not overburden the financial sector. Instead, it will highlight significant risks and help institutions manage them adequately.”

“Cyberattacks do not stop at national borders and our Member States, when acting in unison, are much better equipped to fight against the thousands of assaults that affect the banking sector every day. This is an area where European cooperation will deliver huge benefits, by strengthening financial stability and providing improved consumer protection for all”, added Isabel Benjumea Benjumea MEP, EPP Group negotiator on a draft law accompanying the DORA Regulation that will also be voted on tomorrow.

Furthermore, the EPP Group has succeeded in including external service providers, such as cloud platforms and data analytics services, to the scope of the law. They will be required to establish a subsidiary within the EU so that they can be properly supervised.