Article 44, International Cooperation, Digital Operational Resilience Act (DORA)

Overview

1. Without prejudice to Article 36, EBA, ESMA and EIOPA may, in accordance with Article 33 of Regulations (EU) No 1093/2010, (EU) No 1095/2010 and (EU) No 1094/2010, respectively, conclude administrative arrangements with third-country regulatory and supervisory authorities to foster international cooperation on ICT third-party risk across different financial sectors, in particular by developing best practices for the review of ICT risk management practices and controls, mitigation measures and incident responses.

2. The ESAs shall, through the Joint Committee, submit every five years a joint confidential report to the European Parliament, to the Council and to the Commission, summarising the findings of relevant discussions held with the third countries’ authorities referred to in paragraph 1, focusing on the evolution of ICT third-party risk and the implications for financial stability, market integrity, investor protection and the functioning of the internal market.

Summary Of Article 44

Article 44 of the Digital Operational Resilience Act (DORA) addresses international cooperation regarding ICT third-party risks in the financial sector. It grants the European Supervisory Authorities (EBA, ESMA, and EIOPA) the ability to collaborate with third-country regulatory and supervisory bodies. This collaboration includes sharing best practices on ICT risk management, mitigation strategies, and incident response across borders. Every five years, the ESAs, via the Joint Committee, must submit a confidential report to the European Parliament, the Council, and the Commission. 

The report covers the evolution of ICT third-party risks and their implications on financial stability, market integrity, investor protection, and the overall functioning of the European internal market. This process is critical in ensuring the resilience of the financial sector against growing ICT risks from international third-party providers. The article emphasizes the need for global cooperation and constant monitoring of evolving ICT risks to protect the stability of financial systems and markets.