Banks Face Heightened Security Scrutiny as EU Tightens Standards, Tech Suppliers Also Under Spotlight

European banks and their technology providers are gearing up for a significant regulatory shift as the European Union sets its sights on securing the financial sector against a wide range of cyber threats. By January 2025, a new European Union law known as the Digital Operational Resilience Act (DORA) will come into full effect, placing stringent cyber resilience requirements on financial entities and their critical third-party service suppliers.

Simultaneously, another trailblazing piece of legislation by the European Union is making headlines – the European Union Artificial Intelligence Act. This act represents a pioneering move as it is billed as the world's first major law specifically tailored to regulate the application of artificial intelligence across not just financial institutions but all sectors. Although the two legislations address different domains of digital regulation — cybersecurity and artificial intelligence — they underscore the European Union's ambitious drive to set global standards for digital and technological practices.

While DORA focuses specifically on the cybersecurity framework necessary to ensure the operational resilience of financial systems, the European Union Artificial Intelligence Act casts a wider net, addressing the ethical implications, risks, and governance of artificial intelligence applications broadly. It outlines strict prohibitions on certain uses of artificial intelligence that are considered harmful and lays down a risk-based classification system for other applications. High-risk categories under the law include critical infrastructures that could endanger people's safety and fundamental rights if used inappropriately.

One of the core objectives of the European Union Artificial Intelligence Act is to foster trust and safety in artificial intelligence technologies by ensuring they adhere to high standards of transparency and accountability. For example, high-risk systems must undergo rigorous assessment procedures to ensure compliance with the act, focusing heavily on documenting algorithms, data, and system processes utilized by these technologies.

Organizations that fail to comply with these new regulations face substantial penalties, which can amount to up to 6% of their global turnover, serving as a stringent deterrent against non-compliance. For banks, which are already under the purview of DORA, this means double-checking not only their cybersecurity measures but also the ways in which they deploy artificial intelligence, particularly in areas such as credit scoring, risk assessment, and fraud detection.

As the deadline approaches, financial institutions and their technological partners are advised to anticipate potential overlaps between these two significant regulatory frameworks. Understanding the interplay between DORA and the European Union Artificial Intelligence Act will be vital in navigating the complexities introduced by these groundbreaking laws, ensuring both cybersecurity and ethical deployment of artificial intelligence within the finance sector.

This content was created in partnership and with the help of Artificial Intelligence AI