European Union lawmakers Thursday showed support for strict cybersecurity rules on crypto providers and other financial firms in a 612-18 vote.
The European Commission proposed the bill in 2020 given fears that banks were outsourcing data to the same handful of major, unsupervised cloud computing companies – but the impact it will have on a crypto sector that is plagued by cyberattacks and other exploits remains disputed.
The Digital Operational Resilience Act (Dora) is “a cornerstone of our work on digital finance in the European Union, making sure that we support innovation and do it in a safe way,” European Commissioner Mairead McGuinness said in a Wednesday night debate on the law. “Protecting the financial system from cyber attacks and cyber fraud is vital.”
Financial institutions will have to monitor and report major cyber incidents and test defenses, and the big tech firms offering them services must submit to supervisory oversight, McGuinness said.
The vote formalizes a deal struck between the European Parliament and EU member governments in May. As well as banks and payment firms, it applies to crypto companies such as wallet providers who are set to be regulated under the bloc’s Markets in Crypto Assets Regulation (MiCA) and indeed the two laws were originally proposed as a package.
“After the vote on the cryptocurrency legal act and blockchain, this is one more step towards Europe's digital sovereignty,” said centrist French lawmaker Stéphanie Yon-Courtin. “This will protect European investors on the one hand, but it will also prepare financial enterprises against cyber attacks on the other.
In the EU, that could be a significant change for the crypto sector, which may have lost as much as $3 billion in hacks worldwide this year – but some are concerned it comes at the cost of privacy.
“When cryptocurrencies appeared people went there because they thought they would be free from surveillance,” said Ivan Sinčić, who is president of, and only EU lawmaker for, Croatia’s Ključ Hrvatske party. “If we regulate it now we'll have another world where they will be controlled with biometric control … these measures are undermining the idea of cryptocurrencies.”
MiCA itself is set to be voted on by a plenary session of the parliament in February, after suffering delays due to its length and complexity.