Article 62, Amendments To Regulation (EU) No 600/2014, Digital Operational Resilience Act (DORA)

Overview

Regulation (EU) No 600/2014 is amended as follows:

(1) Article 27g is amended as follows:

(a) paragraph 4 is replaced by the following:

‘4. An APA shall comply with the requirements concerning the security of network and information systems set out in Regulation (EU) 2022/2554 of the European Parliament and of the Council (*4).

(*4) Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (OJ L 333, 27.12.2022, p. 1).’;"

(b) in paragraph 8, point (c) is replaced by the following:

‘(c) the concrete organisational requirements laid down in paragraphs 3 and 5.’;

(2) Article 27h is amended as follows:

(a) paragraph 5 is replaced by the following:

‘5. A CTP shall comply with the requirements concerning the security of network and information systems set out in Regulation (EU) 2022/2554.’.

(b) in paragraph 8, point (e) is replaced by the following:

‘(e) the concrete organisational requirements laid down in paragraph 4.’;

(3) Article 27i is amended as follows:

(a) paragraph 3 is replaced by the following:

‘3. An ARM shall comply with the requirements concerning the security of network and information systems set out in Regulation (EU) 2022/2554.’;

(b) in paragraph 5, point (b) is replaced by the following:

‘(b) the concrete organisational requirements laid down in paragraphs 2 and 4.’

Summary Of Article 62

Article 62 of the Digital Operational Resilience Act (DORA) amends Regulation (EU) No 600/2014 to strengthen digital operational resilience across key financial market infrastructures. The amendments primarily focus on Articles 27g, 27h, and 27i, specifying that Approved Publication Arrangements (APAs), Central Counterparties (CTPs), and Approved Reporting Mechanisms (ARMs) must comply with the security requirements set out in Regulation (EU) 2022/2554. This regulation outlines the necessary measures for securing network and information systems within the financial sector.

In Article 27g(4), the amendment clarifies that APAs must meet the security standards defined by Regulation (EU) 2022/2554. Similarly, Article 27h(5) applies these requirements to CTPs, and Article 27i(3) extends the same obligation to ARMs. Additionally, the amendments revise the organizational requirements for these entities, specifying concrete organizational measures in Articles 27g(8)(c), 27h(8)(e), and 27i(5)(b).

These updates aim to enhance the resilience of financial infrastructures against cyber threats and operational disruptions, ensuring a secure digital environment. The changes align financial entities with DORA's broader goal of improving the sector's resilience to digital risks, ensuring better protection and continuity of critical services within the financial system.