The European Commission is considering amending the existing rules for the financial sector regarding digital operational resilience, with a view to unifying and strengthening the legal framework in this area.

The proposed change to legislation would amend the existing Network and Information Security (NIS) Directive and create a new regulation on digital operational resilience, known as the Digital Operational Resilience Act (DORA). The new rules would extend to 20 types of regulated EU financial entities, including fintechs.

The adopted act is open for public feedback until 18 May 2021. All feedback received will be summarised by the European Commission and will be presented to the European Parliament and Council with the aim of feeding this into the legislative debate.

Our recent client alert available here examines the reasoning and objectives behind these proposed changes, as well as the new obligations under the proposed rules.