This session will first discuss how the preparation of the Level 2 requirements of DORA is progressing and the key questions remaining to be addressed and clarified in the perspective of the implementation of the regulation.
The panel will then assess whether the agreed DORA and NIS2 texts and the amendments to existing financial regulations proposed in the context of the Digital Finance Package will allow the tackling of the main cyber and digital operational resilience risks that financial institutions are facing and identify potential issues that may remain to be addressed.
Points of discussion
- DORA implementation and CTPP oversight regime: Is the preparation of the Level 2 requirements of DORA on the right track? Are the key issues to be specified appropriately identified? What are the key pending questions? Are there major implementation challenges to be considered regarding the DORA and NIS2 frameworks?
- Expected impacts of DORA and further issues to consider: Will DORA allow an appropriate tackling of ICT and cyber-risks with adequate proportionality and future-proofing? What further issues may remain to be tackled in terms of cyber- and operational resilience (system-wide cyber-resilience, single points of failure, interaction between DORA, NIS2 and existing requirements, international cooperation…)?