Financial firms in the European Union will have to show how quickly they could recover from a cyber attack as they rely more for key services on ‘cloud computing’ giants such as Amazon, Microsoft, Google and IBM, the EU said on Monday.
Regulators worry about the speed and scale at which banks, insurers and investment firms are moving critical functions and market operations onto a handful of cloud platforms.
A glitch at one cloud company could potentially bring down services across many financial firms, regulators have said.
The EU Council, which represents the 27 member states, said it has completed the bloc’s final approval stage for the new Digital Operational Resilience Act, known as DORA.
Banks and other financial firms already have plans for IT security but more was needed so they stay resilient through a severe disruption, said Zbynek Stanjura, finance minister for the Czech Republic, which holds the EU presidency.
“Thanks to the harmonised legal requirements which we adopted today, our financial sector will be better able to continue to function at all times,” Stanjura said.
The requirements will apply to financial firms and “critical” third parties supplying cloud based services.