EU Parliament passes cybersecurity legislation for crypto and fintech firms

Quick Take

  • The European Parliament passed cybersecurity legislation for digital finance and crypto asset service providers.
  • The new law will come into effect in 2025.

The European Parliament passed the Digital Operational Resilience Act, which creates new rules on cybersecurity for crypto asset service providers. 

The legislation passed by a margin of 556 in favor, and 18 against.

DORA is intended to harmonize risk management requirements and processes for reporting cybersecurity incidents. Financial institutions will be required to monitor and report security events, and tech service providers will be subject to oversight by European regulators.  

The new law will apply to EU regulated financial entities. Those include traditional finance banking and investment firms as well electronic money and crypto-asset service providers. Companies providing tech services, like data analytics, are also included.

“Financial institutions and companies, including in the crypto space, hold extremely sensitive information about customers and it is vital that EU-wide digital security measures are put in place to defeat the threat that exists,” Frances Fitzgerald, a center-right member of the European Parliament who co-drafted the law, said in a statement. 

Regulations related to the law will take effect 24 months following its publication in the Official Journal of the EU, meaning the new law is anticipated to be fully enforced in 2025.

The Block previously reported that the month of October had the highest hacking activity for digital assets in a year. On top of that, hacks resulted in more than $3 billion losses across 125 breaches in 2021, according to analytics firm Chainalysis. 

“We need to implement stronger protections for our citizens. We do not want to see anyone's personal financial information hacked,” Fitzgerald added. The MEP continued that DORA will “ensure that Europe will remain an important center for investment.”

DORA stems from the European Union's 2020 package on digital finance, which includes the Markets in Crypto Assets bill, that sets out laws to regulate crypto assets and their service providers. The vote on MiCA has been postponed to February next year due to the lengthy translation process.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.