Speakers
Objectives
This session will assess the initial outcomes of the DORA implementation across the EU financial sector, examine progress in setting up the CTPP oversight regime, and identify emerging priorities for strengthening cyber-resilience at both the European and global levels.The first round of discussion will focus on early lessons from the application of DORA’s ICT risk management and incident reporting requirements, as well as the progress and challenges in implementing the critical third-party service provider (CTPP) oversight regime.The second round will explore whether additional measures are needed to address evolving cyber risks, including those stemming from digital assets, third-party dependencies, and geopolitical threats. Panellists will also discuss how new technologies, particularly AI and cloud, can be harnessed to reinforce operational resilience, and whether further safeguards or international coordination are required.
Points of discussion
- First lessons from the DORA implementation: What are the first lessons from the implementation of the DORA requirements that became applicable in January 2025?
- Are they achieving their objectives in terms of cyber and digital operational resilience?
- How is the EU progressing in setting up the new CTPP oversight regime and are there significant challenges to overcome?
- How are other major jurisdictions approaching these risks and is there sufficient consistency?
- Emerging priorities and gaps: Are new cyber risks emerging that are inadequately covered by DORA?
- Does more need to be done to tackle systemic cyber-risks and enhance the consistency of frameworks at the international level?
- Can technology and AI in particular play a greater role in mitigating emerging risks and strengthening digital operational resilience of the financial sector?