AmCham EU publishes position on Digital Operational Resilience Act (DORA)

The use of technology in financial services is not new. In fact, the financial services industry has always been at the forefront of testing and adopting new technologies to transform the financial services industry, increase competition and efficiency, as well as offering new solutions to its customers. What is new is the speed of innovation we are seeing in recent years covering all aspects of the financial services sector and leading to the development of new business models, services and products.

Amongst these new developments is the use of information and communications technology (ICT), which finds itself at continuously greater use in the sphere of finance, requiring greater security resilience for firms. The Digital Operational Resilience Act (DORA) represents thus a crucial step towards a harmonized EU framework for digital resilience in financial operations. Due to the unique factors coming together in the financial services sector, given its fast evolution, increased diversification and international nature, additional care needs to be taken into consideration in the adoption of the new proposed regulation. Read our position here.

News

7 Mar 2021

Digital, Financial services

HomePolicy and newsLibraryAmCham EU publishes position on Digital Operational Resilience Act (DORA)

The use of technology in financial services is not new. In fact, the financial services industry has always been at the forefront of testing and adopting new technologies to transform the financial services industry, increase competition and efficiency, as well as offering new solutions to its customers. What is new is the speed of innovation we are seeing in recent years covering all aspects of the financial services sector and leading to the development of new business models, services and products.

Amongst these new developments is the use of information and communications technology (ICT), which finds itself at continuously greater use in the sphere of finance, requiring greater security resilience for firms. The Digital Operational Resilience Act (DORA) represents thus a crucial step towards a harmonized EU framework for digital resilience in financial operations. Due to the unique factors coming together in the financial services sector, given its fast evolution, increased diversification and international nature, additional care needs to be taken into consideration in the adoption of the new proposed regulation. Read our position here.

As the voice of American businesses invested in Europe, AmCham EU emphasises the transatlantic dimension and the need for a coordinated international approach to ICT risk management in this paper. The recommendations contained within this paper therefore focus on building on existing international practices and call for openness to incorporating international best practices into the implementation of the EU’s digital operational resilience.

The issues addressed in this paper include general principles; cloud computing; third-country provisions; intragroup delegation; ICT risk management; legislative consistency; the designation critical third-party providers; testing; incident reporting; EU oversight of critical third-party providers; contractual arrangements; outsourcing and sub-outsourcing; cyber threat information sharing; sanctions and penalties; oversight fees; and the implementation period.

Related items

News

24 Mar 2026

Reducing complexity in Europe’s digital rulebook

The EU’s digital regulatory landscape has expanded significantly in recent years. While the creation of these rules pursues important objectives, their interaction has not always been fully aligned, creating legal uncertainty and increased compliance burdens for businesses.

The European Commission’s proposals for a Digital Omnibus and the Digital Omnibus on AI Regulation Proposal (AI Omnibus) both offer opportunities to improve coherence across the EU’s digital rulebook while supporting Europe’s competitiveness in the digital economy. Both initiatives represent a positive step forward, but further refinements will be needed to ensure they fully deliver on their objectives while maintaining high standards for safety and fundamental rights.

The AI Omnibus focuses on the AI Act, while the Digital Omnibus addresses broader elements of the digital acquis, including data and cybersecurity legislation. Together, they aim to reduce fragmentation and streamline obligations across multiple frameworks. Explore below how these proposals can better support innovation and competitiveness in Europe.

Digital

Simplification

Discussing digital policy priorities with MEPs in Strasbourg

From Monday, 9 to Wednesday, 11 March 2026, AmCham EU travelled to the European Parliament in Strasbourg for a series of meetings with policymakers to discuss ongoing EU digital policy initiatives. The delegation met with members of the European Parliament, accredited parliamentary assistants and group policy advisers , to discuss priorities for the EU’s digital agenda. This includes exchanges on AI Omnibus, Digital Omnibus, Cybersecurity Act review, the Digital Networks Act and the upcoming Cloud and AI Development Act. Throughout the meetings, members emphasised the importance of urgent action to support the simplification of overlapping digital rules, strengthening cybersecurity while avoiding fragmentation in the Single Market and supporting innovation through proportionate, risk-based regulation.

Digital

Advancing EU data and cybersecurity rules through the Digital Omnibus

Digital

Simplification

Policy priorities

Insights and advocacy driving Europe’s policy agenda. Our priorities support growth, innovation and a stronger transatlantic economy.

Discover our priorities

Membership

Connecting business and policymakers to strengthen the voice of American companies in Europe.

Become a member