IBM has advised EU legislators against being overly prescriptive in upcoming negotiations between the EU parliament and council over the Digital Operational Resilience Act (DORA) for banks and financial services.

The meeting on 10 May aims to set EU standards for online defences within the financial sector.

In a blog post, IBM acknowledged the European Commission’s upcoming Digital Operational Resilience Act (DORA), is a step in the right direction as it recognises the evolving nature of risk and resilience in the increasingly digitalised financial services landscape.

However, they warned against an overly prescriptive process which may hinder futureproofing the Act and could prevent cloud and other service providers from adapting to future challenges.

IBM went on to advise that digital resilience is a global issue, and the regulation should therefore be principle-based.

If different authorities were to implement their own flavour of bespoke prescriptive rules, the result would be more confusion and complexity without improving security and resilience, the tech giant suggested.

Using international standards, schemes and protocols as a shared language to further a shared objective will enable public and private sector organisations to build confidence and advance the global cyber security and digital resilience agenda, said IBM.

IBM’s view is that resilience is a means to an end, and not an end in itself, given evolutions will necessarily continue after the enactment of DORA.

Whereas IBM views the EU as aiming to set a firm course of travel, a “solution for now” is cautioned against given the uncertainty of future evolutions which may threaten the financial sector’s resiliency.

Share Story: