Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector.
The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a “high level of operational resilience” in the financial services sector. Entities covered by DORA — such as credit institutions, payment institutions, insurance undertakings, information and communication technology (ICT) service providers, etc. — are expected to comply by January 17, 2025.
New requirements for financial entities in the EU
DORA lays out a set of requirements across ICT risk management, incident reporting, operational resilience testing, cyber threat and vulnerability information sharing, and third-party risk management. As part of those requirements and in the context of data protection and cryptography, it lays out in Article 9 (“Protection and prevention”) that financial entities “shall use ICT solutions and processes” that “(a) ensure the security of the means of transfer of data” or “(c) prevent […] the impairment of the authenticity and integrity, the breaches of confidentiality and the loss of data.”
Further elements to consider in the context of Article 9 are referred to in Article 15 and laid out in the related (draft) regulatory technical standards, which the ESA published on January 17, 2024. Particularly, JC 2023 ..
Support the originator by clicking the read the rest link below.
