Fintech Focus Podcast | Navigating IT and Security Risks in Fintechs in Light of Impending DORA Deadline
The Digital Operational Resilience Act (DORA) is a transformative regulation introduced by the European Union to bolster the resilience of financial institutions against Information and Communication Technology (ICT) risks....more
The European Securities and Markets Authority (ESMA) has published a final report in relation to certain changes being made as a result of the MiFID II/MiFIR review, together with an accompanying press release. The changes...more
Welcome to the January - March 2025 issue of our Irish Quarterly Legal and Regulatory Developments report for asset management and investment funds. This report covers key dates and developments during the quarter, such...more
The CRA will affect a broad range of digital products placed on the EU market (including by those based outside the EU), including connected hardware/devices, software and remote data processing solutions. The EU has adopted...more
On March 24 2025, the European Commission (EC) adopted the final draft Delegated Regulation setting out Regulatory Technical Standards (RTS) for subcontracting ICT services supporting critical or important functions under the...more
On 24 March 2025, the following two developments relating to the implementation of the EU Digital Operational Resilience Act (DORA) took place...more
Introduction to DORA and its Implications - As of Jan.17, 2025, the European Union’s Digital Operational Resilience Act (DORA) became enforceable. This new regulatory framework significantly impacts financial institutions and...more
The European Commission (EC) has announced that it has opened infringement procedures by sending a letter of formal notice to 13 Member States (Belgium, Bulgaria, Denmark, Greece, Spain, France, Latvia, Lithuania, Malta,...more
Commission Delegated Regulation 2025/420 has been published in the Official Journal of the EU. This Delegated Regulation supplements Regulation 2022/2554 on digital operational resilience for the financial sector (DORA)...more
The European Commission has adopted a Delegated Regulation supplementing Regulation 2022/2554 on digital operational resilience for the financial sector (DORA) with regard to regulatory technical standards specifying the...more
1. Bank regulation - 1.1 PRUDENTIAL REGULATION - a) General - (i) EU - EBA: Updated methodology on the regulatory and supervisory equivalence of non-EU countries - Status: Final - The EBA has published its updated...more
1. Bank regulation - 1.1 PRUDENTIAL REGULATION - a) General (i) EU - EBA: Updated methodology on the regulatory and supervisory equivalence of non-EU countries - Status: Final - The EBA has published its updated...more
In a recent webinar forming part of DLA Piper’s ‘Digital Evolution in conversation with’ series, Rami Zayat caught up with Jan Geert Meents, Joanna Sykes-Saavedra and Sophie Levett to discuss the future of cloud...more
Translations have been published of the joint guidelines on the estimation of aggregated annual costs and losses caused by major ICT-related incidents...more
Katten's Privacy, Data and Cybersecurity Quick Clicks is a monthly newsletter highlighting the latest news and legal developments involving privacy, data and cybersecurity issues across the globe....more
The EU Digital Operational Resilience Act (DORA) took effect on 17 January 2025 after a two-year implementation period. DORA sets out new requirements for financial entities (FEs) and their information technology and...more
The European Securities and Markets Authority (ESMA) has published a letter (dated 3 March) addressed to the European Commission on the prioritisation of ESMA's 2025 deliverables. ESMA's letter sets out specific items which...more
The European Securities and Markets Authority (ESMA) has published official translations of the guidelines on the maintenance of systems and security access protocols for offerors and persons seeking admission to trading of...more
The European Securities and Markets Authority (ESMA) has published official translations of its guidelines on situations in which a third-country firm is deemed to solicit clients established or situated in the EU and...more
EU national supervisory authorities will collect the Register of Information (ROI) pursuant to the EU’s Digital Operational Resilience Act (DORA) from in scope financial entities in April 2025, with the reference date set as...more
The European Supervisory Authorities (ESAs) have published a roadmap for the designation of critical ICT third-party service providers (CTPPs) under the EU Digital Operational Resilience Act (DORA). The roadmap of key dates...more
Between January 2023 and June 2024, cyber threats targeting Europe’s financial sector escalated, posing risks to banks, financial service providers, and regulatory bodies. According to the ENISA Threat Landscape: Finance...more
Two delegated acts were published in the Official Journal of the European Union (OJ) in respect of the EU Digital Operational Resilience Act (DORA). These are: - Commission Delegated Regulation (EU) 2025/301, which comprises...more
The European Central Bank (ECB) has published an updated version of the threat intelligence-based ethical red teaming framework (TIBER-EU framework) (dated January) to align with the Digital Operational Resilience Act (DORA)...more