DORA Watch – June and July 2024

As financial entities and ICT service providers undergo the final stages of implementation of the Digital Operational Resilience Act (DORA) requirements into their systems and processes, it is imperative to understand the legal developments and ongoing updates arising from EU Member States as they go through their respective transposition and alignment processes. Through TerraLex - our global legal network, which provides us with access to 22,000 lawyers from highly regarded and carefully vetted law firms stretching more than 120 countries – we have collated legal updates focusing on DORA and its implications in EU jurisdictions.

Subscribe to DORA Watch

DORA Watch will be published every few weeks. The format allows you to gain insight to each jurisdiction's updates from a short summary. If you would like further information, we and the firms listed would be very happy to answer any questions you may have.

Please note that any jurisdictional coverage is based on relevant updates, which are subject to change issue-to-issue.

Finland

On 6 June, the Ministry of Finance of Finland presented a government bill to Parliament concerning the DORA regulation. The current version of the Government bill does not propose any new or extensive requirements beyond those outlined in the DORA regulation. The bill aims to impose minimal additional regulation. Notably, the preparatory works indicate that there are no carve-outs for third-country financial market participants with respect to the applicability of the DORA framework to ensure digital operational resilience. As a result, organisations such as third country investment firms and credit institutions providing investment services have now been brought into scope, most likely due to a legislative omission to consider third country firms.

The Finnish Financial Supervisory Authority is proposed to be designated as the supervisory authority for both financial market participants and ICT third-party service providers, including matters related to TLPT.

The Government Bill is subject to parliamentary review.

For more information, please contact Olli Kiuru or Lauri Liukkonen of Waselius.

Slovakia

A proposed amendment to Act No. 747/2004 on financial market supervision has been submitted for public review. This amendment primarily implements provisions of the DORA regulation and transposes the EU Directive 2022/2556 on digital operational resilience for the financial sector. It includes revisions to sector-specific acts, such as those governing banks, securities, stock exchanges, supplementary pension savings, payment services, collective investment, crisis management, and insurance. The proposal will be reviewed by the European Central Bank. On 19 June 2024, a workshop was held on the first package of ITS/RTS under DORA by the National Bank of Slovakia, covering ICT risk management frameworks, policies for third-party ICT service contracts, contract information registers, and incident classification and reporting. The National Bank discussed the application of DORA in Slovakia and its relation to amendments to the Cybersecurity Act transposing the NIS2 Directive.

For more information, please contact Michal Rampášek of PETERKA & PARTNERS.

Slovenia

The Financial System Directorate, functioning within the Ministry of Finance of the Republic of Slovenia, is actively preparing a regulatory framework to implement the DORA regulation. Currently, the draft is undergoing internal coordination at the Directorate and is anticipated to be publicly released soon to facilitate public consultation.

For more information, please contact Tine Mišic of ODI LLP.