EU national supervisory authorities will collect the Register of Information (ROI) pursuant to the EU’s Digital Operational Resilience Act (DORA) from in scope financial entities in April 2025, with the reference date set as...more
The European Supervisory Authorities (ESAs) have published a roadmap for the designation of critical ICT third-party service providers (CTPPs) under the EU Digital Operational Resilience Act (DORA). The roadmap of key dates...more
The European Supervisory Authorities (“ESAs”) published a roadmap to designate critical ICT third-party service providers (“CTPPs”) under the Digital Operational Resilience Act (“DORA”). To designate an ICT third-party...more
The European Supervisory Authorities have published the terms of reference for the EU systemic cyber incident co-ordination framework Forum established under the EU Digital Operational Resilience Act. The Forum will be...more
What has happened: On 21 January 2025, the European Commission sent a letter to the Chair of the Joint Committee of the ESAs with its decision to reject the draft Regulatory Technical Standards (“RTS”) on subcontracting...more
The European Supervisory Authorities have published a joint report on the feasibility of further centralization of the reporting of major ICT-related incidents by financial entities to competent authorities. The ESAs' joint...more
The European Union’s Digital Operational Resilience Act (DORA) came into effect on January 17, 2025. DORA aims to harmonise rules concerning the provision of information and communication technology (ICT) services to...more
In a Joint Report published on January 16, 2025, the European Banking Authority (EBA) and European Securities and Markets Authority (ESMA) set out the findings of their analysis on specific elements covered by Article 142 of...more
1. Bank regulation - 1.1 PRUDENTIAL REGULATION - a) General - (i) International - FSB: Plenary December 2024 - Status: Final - The FSB has set out the outcomes of its Plenary that met on 3 and 4 December. Points of...more
The EU’s Digital Operational Resilience Act (DORA) becomes binding on 17 January 2025. As the compliance deadline approaches, EU financial regulators (ESAs) have issued a flurry of statements on the act, including: - An...more
The Digital Operational Resilience Act (DORA) establishes a harmonised and comprehensive framework for information and communication technology (ICT) risk management in the financial sector. It is a directly applicable EU...more
The EU’s Digital Operational Resilience Act (DORA) comes into force from 17 January 2025. Under DORA, in-scope regulated financial services (FS) businesses operating in the EU (Firms) face new cybersecurity requirements and...more
The Digital Operational Resilience Act (DORA) regulation is part of the European Union’s (EU) strategy to enhance the overall stability of the EU financial system by ensuring that financial entities are resilient to digital...more
The Dutch Supervisory Authority (Autoriteit Persoongsgevens or "AP") has published a privacy booklet that primarily aims to support Works Council in its role with regard to privacy under the GDPR. Whilst the booklet provides...more
It has been several years since data breaches first emerged as the lead news story. Despite increasing security and technology advancements, companies are still grappling with how to stay ahead of hackers and, when they...more
The Joint Committee of the European Supervisory Authorities has published its 2020 work program, outlining revisions to the Joint Committee’s scope of work and the matters it will focus on in 2020. The Joint Committee...more
The FSB is reviewing cloud provider concentration risk in the latest example of regulator concern over reliance on leading cloud providers by financial services institutions. The Financial Stability Board (FSB), an...more
On 12 July 2019 the European Securities and Markets Authority (ESMA) reported on the status of FinTech firm licensing regimes across the EU, based on two ESMA surveys of EU national competent authorities (NCAs). ESMA's report...more
Dear GDPR, Before you were born, you already attracted a lot of attention, after all, not everyone is born over two years after they are conceived and has 28 parents! And your parents had to ?resist an enormous pressure...more
Antitrust and Competition - Transactions in the digital sector and acquisition of data continue to attract scrutiny in Europe - On 6 September 2018, the European Commission cleared without conditions the proposed acquisition...more
Shortly after the GDPR’s entry into application on May 25, 2018, several EU Supervisory Authorities have activated online Data Protection Officer (“DPO”) notification tools, allowing organizations to communicate the contact...more
The Joint Committee of the European Supervisory Authorities has published a report on risks and vulnerabilities in the EU financial system. The ESAs are the European Securities and Markets Authority, the European Banking...more
On March 15, 2018, the Joint Committee of the European Supervisory Authorities (“ESA“) published its final report, together with a factsheet, on the use of big data by financial institutions (JC/2018/04). Chapter 4 of the...more
Rating Agency Developments - On April 19, 2017, Fitch issued a report entitled Airport Operating Lease ABS Rating Criteria. On April 14, 2017, Fitch issued a report entitled North America and Asia-Pacific...more