European Union lawmakers Thursday showed support for strict cybersecurity rules on crypto providers and other financial firms in a 556-18 vote.
The European Commission proposed the bill in 2020 given fears that banks were outsourcing data to the same handful of major, unsupervised cloud computing companies – but the impact it will have on a crypto sector that is plagued by cyberattacks and other exploits remains disputed.
The Digital Operational Resilience Act (Dora) is “a cornerstone of our work on digital finance in the European Union, making sure that we support innovation and do it in a safe way,” European Commissioner Mairead McGuinness said in a Wednesday night debate on the law. “Protecting the financial system from cyber attacks and cyber fraud is vital.”
Financial institutions will have to monitor and report major cyber incidents and test defenses, and the big tech firms offering them services must submit to supervisory oversight, McGuinness said.
The vote formalizes a deal struck between the European Parliament and EU member governments in May. As well as banks and payment firms, it applies to crypto companies such as wallet providers who are set to be regulated under the bloc’s Markets in Crypto Assets Regulation (MiCA) and indeed the two laws were originally proposed as a package.
“After the vote on the cryptocurrency legal act and blockchain, this is one more step towards Europe's digital sovereignty,” said centrist French lawmaker Stéphanie Yon-Courtin. “This will protect European investors on the one hand, but it will also prepare financial enterprises against cyber attacks on the other.
In the EU, that could be a significant change for the crypto sector, which may have lost as much as $3 billion in hacks worldwide this year – but some are concerned it comes at the cost of privacy.
“When cryptocurrencies appeared people went there because they thought they would be free from surveillance,” said Ivan Sinčić, who is president of, and only EU lawmaker for, Croatia’s Ključ Hrvatske party. “If we regulate it now we'll have another world where they will be controlled with biometric control … these measures are undermining the idea of cryptocurrencies.”
MiCA itself is set to be voted on by a plenary session of the parliament in February, after suffering delays due to its length and complexity.
Quotes have been translated from the original language.
CORRECTION (November 10, 2022, 13:27 UTC): corrects voting numbers in first paragraph.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.