Financial firms in the European Union will have to demonstrate how quickly they can recover from a cyber attack as they rely more on ‘cloud computing’ giants such as Amazon, Microsoft, Google, and IBM for key services, the EU said on Monday.
Regulators are concerned about the speed and scale with which banks, insurers, and investment firms are shifting critical functions and market operations to a few cloud platforms.
According to regulators, a glitch at one cloud company could potentially disrupt services at many financial firms.
The EU Council, which represents the EU’s 27 member states, announced that the bloc’s final approval stage for the new Digital Operational Resilience Act, or DORA, has been completed.
Banks and other financial institutions already have plans for IT security, but more is needed to ensure their resilience in the face of a major disruption, according to Zbynek Stanjura, finance minister of the Czech Republic, which currently holds the EU presidency.
“Thanks to the harmonised legal requirements which we adopted today, our financial sector will be better able to continue to function at all times,” Stanjura said.
In addition to financial institutions, the conditions and requirement would also be applicable to “critical” third-party providers of cloud-based services.
“If a large-scale attack on the European financial sector is launched, we will be prepared for it,” Stanjura said.
The EU’s securities, insurance, and banking regulators will draft technical rules to implement the new legislation.
The European Parliament, which had a say in the matter, has already given its approval, and the law will go into effect around the end of 2024.
Britain, which is no longer a member of the EU, announced in June that its regulators will be given the authority to designate which outsourced services will be subject to direct supervision by the Bank of England and the Financial Conduct Authority.
(Adapted from EconomicTimes.com)