EU lawmakers vote to approve stronger cybersecurity protection for crypto assets

Editor’s Note: With so much market volatility, stay on top of daily news! Get caught up in minutes with our speedy summary of today’s must-read news and expert opinions. Sign up here!

(Kitco News) –  The European Parliament has provisionally passed the Digital Operational Resilience Act (DORA), which establishes new rules related to cybersecurity for crypto asset service providers. Lawmakers elected to pass the legislation in a dominant fashion, with 556 voting in favor with only 18 against. 

The goal of DORA is to make sure the financial sector in Europe is able to maintain resilient operations through a severe operational disruption, according to the European Council. 

To accomplish this, the legislation establishes uniform requirements for the security of network and information systems of companies and organizations operating in the financial sector. Third-party providers of Information Communication Technology-related services, such as cloud platforms or data analytics services, are also required to adhere to the measure.  

With its passage, the EU is looking to standardize risk management requirements and processes for reporting cybersecurity incidents. Financial institutions are now required to monitor and report security events, and tech service providers are subject to oversight by European regulators. 

All EU-regulated financial entities will be required to adhere to the new law, including traditional banking and investment firms, electronic money transmitters and crypto-asset service providers. Auditors will not be subject to DORA but will be part of a future review of the regulation, where a possible revision of the rules may be explored.

The provisional agreement is subject to approval by the Council and the European Parliament before going through the formal adoption procedure. Once the proposal is fully adopted, it will be passed into law by each EU member state. 

The regulations established by the law will take effect 24 months after its publication in the Official Journal of the EU, which means that the earliest new law will be fully enforced is 2025.

The need for the bill was explained by Frances Fitzgerald, a center-right member of the European Parliament who co-drafted the law, who said, “Financial institutions and companies, including in the crypto space, hold extremely sensitive information about customers and it is vital that EU-wide digital security measures are put in place to defeat the threat that exists.”

“We need to implement stronger protections for our citizens. We do not want to see anyone’s personal financial information hacked,” Fitzgerald stressed, adding that DORA will “ensure that Europe will remain an important center for investment.”