Article 49 Digital Operational Resilience Act (DORA), Professional Secrecy

Sep 12, 2024

Article 49 of the Digital Operational Resilience Act (DORA) sets stringent requirements regarding the confidentiality and professional secrecy of information received, exchanged, or transmitted under the regulation. This article establishes a legal framework to ensure that sensitive information remains protected, thereby safeguarding the integrity of the financial sector and the privacy of individuals and entities involved.

Article 49 Digital Operational Resilience Act (DORA), Professional Secrecy

Obligation of Professional Secrecy

The cornerstone of Article 49 is the obligation of professional secrecy, which applies to all individuals who are or have been involved with competent authorities under DORA. This obligation extends to any person or entity, including auditors, experts, or any third parties to whom competent authorities have delegated their powers. The overarching principle is that any confidential information that these individuals or entities come into contact with during their duties must be kept strictly confidential.

Professional secrecy is a fundamental aspect of maintaining trust within the financial sector. It ensures that sensitive information about business operations, financial conditions, or personal matters does not fall into the wrong hands. The obligation of professional secrecy is not only a matter of regulatory compliance but also a cornerstone of ethical conduct within the financial sector.

Restrictions on Disclosure of Information

Article 49 imposes strict limitations on the disclosure of information covered by professional secrecy. Such information cannot be disclosed to any other person or authority unless specific provisions laid down by Union or national law permit it. This means that even if there is a legitimate interest in accessing such information, disclosure can only occur if it is expressly allowed by law.

This restriction serves several critical purposes. First, it protects the confidentiality of sensitive information, ensuring that it is not disclosed indiscriminately or used for purposes other than those for which it was intended. Second, it provides clear guidelines for competent authorities and other entities about when and how they can share information, thereby reducing the risk of unauthorized disclosures.

Furthermore, by limiting the disclosure of confidential information to situations explicitly provided for by law, Article 49 helps prevent potential misuse or exploitation of sensitive data. This is particularly important in the context of the financial sector, where the improper handling of information could lead to significant economic damage, loss of market confidence, and erosion of trust.

DORA Compliance Framework

Confidentiality of Information Exchanged Between Competent Authorities

Another key aspect of Article 49 is the confidentiality of information exchanged between competent authorities under DORA. Any information that pertains to business or operational conditions, as well as other economic or personal affairs, is considered confidential. This information is subject to the requirements of professional secrecy, ensuring that it is protected from unauthorized access or disclosure.

However, there are specific circumstances under which such information may be disclosed. If a competent authority explicitly states at the time of communication that the information may be disclosed, or if the disclosure is necessary for legal proceedings, then the confidentiality obligations may be lifted. This exception allows for flexibility in situations where disclosure is essential, such as in the pursuit of justice or when required by law.

The Role of Professional Secrecy in Protecting the Financial Sector

The stringent requirements laid out in Article 49 underscore the importance of professional secrecy in maintaining the integrity and stability of the financial sector. By ensuring that sensitive information remains confidential, DORA protects the interests of financial institutions, market participants, and individuals alike.

The obligation of professional secrecy also plays a crucial role in fostering cooperation and trust among competent authorities and other entities involved in the financial sector. When parties are confident that their information will be handled with the utmost care and confidentiality, they are more likely to engage in open and honest communication, which is essential for effective regulation and supervision.

Moreover, the clear guidelines and restrictions on the disclosure of information help to prevent potential conflicts of interest and reduce the risk of information being used for purposes other than those intended. This contributes to a more secure and resilient financial sector, better equipped to withstand the challenges of the digital age.

Conclusion

Article 49 of DORA provides a robust framework for ensuring the professional secrecy of sensitive information within the financial sector. By imposing strict obligations on those who come into contact with confidential information and setting clear restrictions on its disclosure, DORA safeguards the integrity and stability of the financial system. These measures are essential for maintaining trust and confidence in the sector, ensuring that it can continue to operate effectively in an increasingly digital and interconnected world. The emphasis on professional secrecy also reflects a broader commitment to upholding the highest standards of ethical conduct and regulatory compliance within the financial sector.

DORA Compliance Framework