About this consultation
This consultation is open to all citizens. Feedback is sought, in particular, from the following “key stakeholders”: financial institutions, market infrastructures, all other financial services providers and financial services operators, business associations, consumer representatives, ICT services providers consumers, financial services and ICT services users, civil society as well as public authorities, including supervisors and EU bodies and agencies, academia.
Why we are consulting
Over the recent years, cyber-attacks to the financial sector have increased in number, sophistication and severity. The increasing digitalisation of finance is set to accelerate this trend. In April 2019, the European Supervisory Authorities advised the Commission to propose targeted improvements to the EU financial regulatory framework to develop a single regulatory and supervisory rulebook for ICT operational resilience in the financial sector.
Through this consultation, the Commission services aim to gather stakeholders’ views on the need for legislative improvements within the financial services acquis with a view to harmonise rules across the EU in a proportionate way to make the financial sector more secure and resilient while alleviating compliance and administrative burdens. In particular, the Commission services would welcome stakeholders’ input in four main areas: (1) requirements on ICT and security risk management in the legislative acquis applicable to the financial sector, (2) incident reporting requirements (3) digital operational resilience testing framework and (4) oversight of ICT third party providers to the financial institutions.
Responding to the questionnaire
You can contribute to this consultation by filling in the online questionnaire. If you are unable to use the online questionnaire, please contact us using the email address below.
Questionnaires are available in some or all official EU languages. You can submit your responses in any official EU language.
For reasons of transparency, organisations and businesses taking part in public consultations are asked to register in the EU’s Transparency Register.
Personal data and privacy statement
The European Union is committed to protecting your personal data and to respecting your privacy. When carrying out public consultations we adhere to the policy on 'protection of individuals with regard to the processing of personal data by the Community institutions', based on Regulation (EU) 2018/1725 on processing of personal data by the EU institutions.
Further information on the protection of your personal data