Financial Resiliency: How Europe Will Regulate Third-Party IT
New landmark legislation will place some information and communications technology (ICT) providers under financial regulators’ authority for the first time.
When it comes to investing in digital resiliency, two sectors are known to spend more, proportionally, than all the others: professional IT service operators and financial services.
The critical role of these industries makes these investments necessary. But outages do still occur and when they do, they are often disproportionately expensive and disruptive.
The importance of these sectors and the disruption that IT failures can cause, means that regulators and governments are increasingly concerned about the resiliency of these sectors’ digital infrastructure.
However, there is a disconnect: while the financial industry is strictly regulated, the cloud/data center service companies, on which they are so dependent, are generally far less regulated.
In Europe, this imbalance is starting to change and is influencing regulators around the world. New laws are in the pipeline that will mean third-party service providers (TSPs) of digital services — including colo, software as a service and cloud providers, and hosting companies — become much more tightly regulated and accountable for their security and resiliency.
This report will look into the key elements and expected impacts of the European Union’s Digital Operational Resilience Act (DORA), which is expected to be passed in 2022, after which EU member states will have a year to comply with the legislation.
- Andy Lawrence, Executive Director of Research at Uptime Institute
- Douglas Donnellan, Research Associate at Uptime Institute