Article 55 Digital Operational Resilience Act (DORA), Amendments To Regulation (EU) No 600/2014

Sep 12, 2024

The Digital Operational Resilience Act (DORA) is part of the European Union's efforts to ensure the resilience and security of financial institutions, particularly in the face of increasing digital risks. By amending existing regulations, DORA aims to integrate digital resilience and Information and Communication Technology (ICT) risk management into the regulatory framework. Among these amendments are changes to Regulation (EU) No 600/2014, which is part of the Markets in Financial Instruments Regulation (MiFIR). These changes, outlined in Article 55 of DORA, introduce updates to organizational requirements, particularly with regard to the management of ICT systems, to improve the resilience of the financial infrastructure.

Article 55 Digital Operational Resilience Act (DORA), Amendments To Regulation (EU) No 600/2014

Amendments To Article 27g: Data Reporting Service Providers

The first set of amendments focuses on Article 27g, which concerns data reporting service providers. These entities play a crucial role in the transparency of financial markets, as they handle large volumes of sensitive data. The amendments aim to refine the organizational requirements to ensure that these service providers are adequately equipped to manage their operations securely and efficiently.

  • Deletion of Paragraph 4: The deletion of paragraph 4 removes specific provisions that were previously in place regarding organizational requirements. The rationale behind this change could be to simplify or streamline the regulations governing data reporting service providers, allowing for more flexible interpretations or updated practices in line with DORA’s broader objectives.
  • Amendment to Paragraph 8, Point (c): The amendment to paragraph 8, point (c), refines the organizational requirements that data reporting service providers must adhere to. The new language refers to the "concrete organizational requirements laid down in paragraphs 3 and 5." This clarification ensures that data reporting service providers are still subject to specific organizational rules, but these requirements are now clearly defined and aligned with the broader principles set forth in DORA. By referencing these particular paragraphs, the amendment provides a more focused and structured framework for organizational compliance.
DORA Compliance Framework

Amendments To Article 27h: Consolidated Tape Providers

The second set of amendments pertains to Article 27h, which relates to consolidated tape providers. These providers are responsible for aggregating market data and ensuring that it is available to market participants in a timely and accurate manner. Given their critical role in the financial infrastructure, the amendments aim to strengthen their organizational structure to handle digital risks effectively.

  • Deletion of Paragraph 5: The removal of paragraph 5 signifies a restructuring of the regulatory requirements for consolidated tape providers. While this paragraph may have outlined specific organizational requirements, its deletion likely reflects an effort to harmonize the rules with DORA’s broader digital resilience framework, ensuring that regulatory standards are more adaptable to evolving technological risks.
  • Amendment to Paragraph 8, Point (e): Paragraph 8, point (e) is amended to clarify the organizational requirements for consolidated tape providers. The updated language now refers specifically to the requirements laid down in paragraph 4. This adjustment provides clearer guidance on what is expected of these providers in terms of their organizational structure, ensuring they are equipped to handle both operational and digital risks in line with the new regulatory focus introduced by DORA.

Amendments To Article 27i: Authorisation And Supervision 0f Data Reporting Service Providers

The final set of amendments concerns Article 27i, which addresses the authorization and supervision of data reporting service providers. These updates focus on the concrete organizational requirements that these providers must meet to obtain and maintain their authorization to operate within the EU’s financial system.

  • Deletion of Paragraph 3: The deletion of paragraph 3 further streamlines the regulatory framework for the authorization and supervision of data reporting service providers. Removing this provision may indicate that the organizational requirements in this paragraph have either been integrated into other parts of the regulation or are no longer necessary in the context of DORA’s focus on digital resilience and ICT risk management.
  • Amendment to Paragraph 5, Point (b): The amendment to paragraph 5, point (b) refines the organizational requirements for data reporting service providers. The new language specifies that these providers must comply with the requirements laid out in paragraphs 2 and 4. By narrowing the focus to these specific paragraphs, the amendment ensures that the organizational standards for data reporting service providers are both clear and practical, aligning with DORA’s objective to enhance the digital resilience of financial institutions.

Conclusion

The amendments to Regulation (EU) No 600/2014 introduced by DORA underscore the importance of integrating digital resilience into the organizational structures of financial institutions. These changes, particularly in Articles 27g, 27h, and 27i, focus on refining the organizational requirements for data reporting service providers and consolidated tape providers. By streamlining and clarifying the regulatory framework, the amendments ensure that these critical financial service providers are better equipped to manage ICT risks and maintain operational continuity in the face of potential digital disruptions. In particular, the removal of certain paragraphs and the refinement of others signal a shift toward a more focused and efficient regulatory approach. By aligning these organizational requirements with the broader digital resilience objectives of DORA, the amendments help create a more robust and secure financial infrastructure across the EU. 

DORA Compliance Framework