The latest resilience news from around the world

European Parliament approves new cyber resilience rules and amends DORA

In a European Parliament Plenary Session on Thursday 10th November the European Parliament considered two pieces of EU legislation relating to cyber and ICT resilience.

The NIS2 Directive: A high common level of cybersecurity in the EU

New rules requiring EU countries to meet stricter supervisory and enforcement measures and harmonise their sanctions were approved. The NIS2 Directive: A high common level of cybersecurity in the EU, already agreed between MEPs and the Council in May, will set tighter cyber security obligations for risk management, reporting obligations, and information sharing. The requirements cover incident response, supply chain security, encryption, and vulnerability disclosure, among other provisions.

Under the legislation entities in ‘essential sectors’ (such as the energy, transport, banking, health, digital infrastructure, public administration and space sectors) will be covered by new security provisions. All medium-sized and large companies in these sectors will be impacted

The legislation also establishes a framework for better cooperation and information sharing between different authorities and member states and creates a European vulnerability database.

MEPs adopted the text with 577 votes to 6, with 31 abstentions.

The European Council now has to formally adopt the law before it will be published in the EU’s Official Journal.

More details.

The Digital Operational Resilience Act (DORA)

In a separate vote, MEPs approved changes to the EU directive on the Digital Operational Resilience Act; better aligning these new rules to existing financial services legislation.

The DORA legislation will now pass to the European Commission. The Commission will need to refer DORA back to the European Parliament if it ‘replaces, substantially amends or intends to substantially amend’ the European Parliament’s amendments.

Read the amended Digital Operational Resilience Act.

What is DORA?

DORA will establish uniform requirements for the security of network and information systems of companies and organizations operating in the financial sector as well as critical third parties that provide ICT-related services to them, such as cloud platforms or data analytics services.

DORA creates a regulatory framework on digital operational resilience where all regulated firms will need to make sure they can withstand, respond to and recover from all types of ICT-related disruptions and threats.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.