ARTICLE
28 October 2024

Cyber And Operational Resilience - Technology And Innovation Client Update: July To September 2024

AC
Arthur Cox

Contributor

Arthur Cox is one of Ireland’s leading law firms. For almost 100 years, we have been at the forefront of developments in the legal profession in Ireland. Our practice encompasses all aspects of corporate and business law. The firm has offices in Dublin, Belfast, London, New York and Silicon Valley.
The Department of the Environment, Climate and Communications published the General Scheme of the National Cyber Security Bill 2024...
Ireland Technology

NIS 2 – Transposing legislation

DATE OF UPDATE: 30 AUGUST 2024

APPLICABLE DATES:

Member States are required to transpose NIS 2 by 17 October 2024, with measures to apply from 18 October 2024

LINKS

gov.ie - General Scheme of the National Cyber Security Bill 2024 (www.gov.ie)

Are you Cyber Ready? Key Points of the NIS2 Directive

Network and Information Security Directive (NIS2) - Arthur Cox LLP

CURRENT STATUS

The Department of the Environment, Climate and Communications published the General Scheme of the National Cyber Security Bill 2024, which will transpose Directive (EU) 2022/2555 ("NIS 2") into Irish law. It will incorporate relevant provisions to establish the National Cyber Security Centre ("NCSC") on a statutory basis and provide for related matters including clarity around its mandate and role in general and in relation to other actors in the cyber area. Heads of Bill were approved in July 2024.

WHY IS THIS APPLICABLE TO CLIENTS?

NIS 2 imposes obligations across a range of sectors whether public or private entities. It defines two categories of entities: "Essential Entities" in critical sectors like energy and transport, and "Important Entities" in sectors with a high cyber risk profile (such as waste management, postal services).

NEXT STEPS

Review the General Scheme to assess its applicability and if applicable, necessary compliance measures.

DORA - Dry Run FAQ

DATE OF UPDATE: 29 JULY 2024

LINKS

DORA Dry Run FAQ (Updated).pdf (europa.eu)

Digital Operational Resilience Act (DORA) - Arthur Cox LLP

CURRENT STATUS

The European Banking Authority ("EBA") published an updated version of the DORA Dry Run FAQ. The Digital Operational Resilience Act (Regulation (EU) 2022/2554 on digital operational resilience for the financial sector) ("DORA") will apply from 17 January 2025.

WHY IS THIS APPLICABLE TO CLIENTS?

DORA applies to a wide range of financial entities, including credit institutions, electronic money institutions, investment firms, insurance undertakings and re-insurance undertakings. Importantly, DORA will also result in certain major ICT service providers formally coming within scope of supervision by the European Supervisory Authorities for the first time.

DORA - Regulatory Technical Standards on subcontracting

DATE OF UPDATE: 26 JULY 2024

LINKS

JC 2024 53 Final Report on draft RTS ob subcontracting DORA (europa.eu)

CURRENT STATUS

The three European Supervisory Authorities (European Banking Authority, EIOPA and ESMA) ("ESAs") published their Final Report on the Draft Regulatory Technical Standards ("RTS") on subcontracting under DORA.

WHY IS THIS APPLICABLE TO CLIENTS?

DORA will be supported by technical standards that provide regulatory guidance in respect of certain key areas under the Act and will be helpful for many organisations as they continue to ramp up their DORA compliance projects.

NEXT STEPS

Review the RTS where appropriate to the organisation.

DORA - Second batch of policy products

DATE OF UPDATE: 17 JULY 2024

LINKS

Delivery of First batch of policy products

ESAs published second batch of policy products under DORA (europa.eu)

DORA Spotlight: Practical insights on the second batch of draft technical standards - Arthur Cox LLP

Commission Letter signed 23/07/2024

CURRENT STATUS

The ESAs published the second batch of policy products under DORA. This batch consists of four final draft regulatory technical standards, one set of Implementing Technical Standards and two guidelines, all of which aim at enhancing the digital operational resilience of the EU's financial sector.

Later in July, the European Commission rejected the draft Implementing Regulation with regard to implementing technical standards on standard templates for the register of information ("ITS"). The ESAs sent the ITS to the Commission on 17 January 2024 with the first batch of policy products under DORA. It specifies the standard templates for the purposes of the register of information in relation to contractual arrangements on the use of ICT services provided by ICT third-party service providers.

The current implementing and delegated acts in the official journal are set out below:

WHY IS THIS APPLICABLE TO CLIENTS?

As part of DORA compliance efforts, financial entities will need to pay particular attention to the technical standards that will sit alongside DORA.

DORA - EU - SCICF

DATE OF UPDATE: 17 JULY 2024

LINKS

ESAs establish framework to strengthen coordination in case of systemic cyber incidents | European Banking Authority (europa.eu)

CURRENT STATUS

The ESAs announced that they will establish the EU systemic cyber incident coordination framework ("EU-SCICF"), in the context of DORA.

WHY IS THIS APPLICABLE TO CLIENTS?

The EU-SCICF will facilitate an effective financial sector response to a cyber incident that poses a risk to financial stability, by strengthening the coordination among financial authorities and other relevant bodies in the European Union, as well as with key actors at international level.

DORA - CASPs

DATE OF UPDATE: 3 JULY 2024

LINKS

ESMA75-453128700-1229_Final_Report_MiCA_CP2.pdf (europa.eu)

CURRENT STATUS

ESMA published its Final Report on Draft Technical Standards specifying certain requirements of the Markets in Crypto Assets Regulation (MiCA). The report notes that Crypto-asset service providers ("CASPs") are subject to DORA.

WHY IS THIS APPLICABLE TO CLIENTS?

The Report demonstrates a robust regulatory framework for crypto assets, ensuring better operational resilience and security in the digital financial sector.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More