The European Commission (EC) welcomes the adoption of the Digital Services Package, which includes the Digital Services Act and the Digital Markets Act proposed by EC in December 2020. Also published was a summary of the opinion of the European Data Protection Supervisor on the proposed EC regulation for a high common level of cybersecurity at the entities and agencies in European Union.
Digital Services Package. The Digital Services Act sets out a standard for accountability of online platforms and its scope covers various online intermediary services. These online intermediary services include cloud computing services; online platforms such as online marketplaces, app stores, collaborative economy platforms and social media platforms; and very large online platforms that reach over 10% of the 450 million consumers in EU. Also part of this package is the Digital Markets Act, which will apply to gatekeepers—companies that create bottlenecks between businesses and consumers and sometimes even control entire ecosystems—made up of different platform services such as online marketplaces, operating systems, cloud services, or online search engines. The Digital Markets Act establishes a set of narrowly defined objective criteria for qualifying a large online platform as a “gatekeeper.” These gatekeepers will be subject to a number of clearly defined obligations and prohibitions. The adoption of the Digital Services Package in the first reading by the European Parliament follows the political agreement that has been reached by the co-legislators on the Digital Markets Act on March 24, 2022 and the Digital Services Act on April 23, 2022. EC will enforce these rules for the largest online platforms active in EU. Following this adoption, text for both the Acts must now be formally adopted by the European Council. Finally, the Digital Services Act and the Digital Markets Act are expected to be published in the Official Journal of the European Union in Autumn 2022.
Opinion on Proposed Cybersecurity Rules. The European Data Protection Supervisor welcomes the aim of the EC proposal to improve the cybersecurity posture of the Union Institutions, bodies, offices and agencies. The European Data Protection Supervisor recommends adding in the proposal that its minimum security requirements should be at least equal or higher than the minimum security requirements of the entities of Directive on security of network and information systems (NIS Directive) and NIS 2.0 proposal. Further, the European Data Protection Supervisor strongly advises that the proposal, or at the very least a delegated act to be adopted subsequently by EC, must clearly provide a legal ground for the processing of personal data by Cybersecurity Center (CERT-EU) and the EU entities. The European Data Protection Supervisor also advises that the proposal provide for close cooperation between the CERT-EU and the European Data Protection Supervisor, when addressing incidents resulting in personal data breaches, or when addressing any significant vulnerabilities, incidents, or major attacks, that have the potential to result in personal data breaches. The European Data Protection Supervisor also strongly recommends that the proposal provide for the supervisor's participation in the Interinstitutional Cybersecurity Board (IICB).
- Press Release on Digital Services Package
- Digital Services Act
- Digital Markets Act
- Opinion on Proposed Cybersecurity Rules
Keywords: Europe, EU, Banking, Insurance, Securities, Digital Services Act, Digital Markets Act, Regtech, NIS, CERT-EU, Cyber Risk, Online Marketplaces, Cloud Computing, Data Providers, Platform Businesses, European Parliament, EC
Previous ArticleSRB Outlines Upcoming Work Priorities, Issues MREL Dashboard
The Australian Prudential Regulation Authority (APRA) has published the findings of its latest climate risk self-assessment survey conducted across the banking, insurance, and superannuation industries.
The French Prudential Supervisory Authority (ACPR) published a notice related to the methods for calculating and publishing prudential ratios under the Capital Requirements Directive (CRD IV) and the minimum requirement for own funds and eligible liabilities (MREL).
The Financial Stability Institute (FSI) of the Bank for International Settlements recently published a paper proposing a framework for classifying financial stability regulation as either entity-based or activity-based.
The European Insurance and Occupational Pension Authority (EIOPA) published the risk dashboard based on Solvency II data and the final version of the application guidance on climate change materiality assessments and climate change scenarios in the Own Risk and Solvency Assessment (ORSA).
The European Banking Authority (EBA) and the European Central Bank (ECB) published their responses to the consultations of the International Sustainability Standards Board (ISSB) and the European Financial Reporting Advisory Group (EFRAG) on sustainability-related disclosure standards.
A Consultative Group on Risk Management (CGRM) at the Bank for International Settlements (BIS) published a report that examines incorporation of climate risks into the international reserve management framework.
The European Banking Authority (EBA) published the final guidelines on liquidity requirements exemption for investment firms, updated version of its 5.2 filing rules document for supervisory reporting, and Single Rulebook Question and Answer (Q&A) updates in July 2022.
The European Insurance and Occupational Pensions Authority (EIOPA) published Version 2.8.0 of the Solvency II data point model (DPM) and XBRL taxonomy.
The European Union published, in the Official Journal of the European Union, an opinion from the European Economic and Social Committee (EESC); the opinion is on the proposal for a regulation to amend the Capital Requirements Regulation (CRR).
HM Treasury published a draft statutory instrument titled “The Financial Services (Miscellaneous Amendments) (EU Exit) Regulations 2022,” along with the related explanatory memorandum and impact assessment.