Cryptocurrency companies operating in European Union member states will be required to strengthen their cybersecurity and risk management as the economic bloc implements new regulation.
The European Union authorities recently announced that Digital Operational Resilience Act (DORA) Entering into force on January 17, it is a comprehensive and coordinated regional regulatory framework that will govern the digital operational resilience of financial institutions and cryptocurrency companies in member states.
The new regulation
EU authorities view the DORA policy as a crucial step to strengthen the digital operational resilience framework for financial institutions operating in countries that are part of the regional bloc, saying the new regulation aims to address inconsistencies and gaps in cyber risk management within the bloc.
DORA regulation does not only apply to financial institutions and banks as it also covers crypto asset service providers, insurance companies, investment companies and management companies.
Cryptocurrency Businesses in the European Union are subject to new cybersecurity regulations with DORA coming into effect on January 17.
How will this affect VASP?
Analysts believe that the cybersecurity and resilience practices of virtual asset service providers (VASPs) in the European bloc will be significantly affected by the imposition of DORA.
Legal intelligence JD Supra reported that one of the provisions under the new EU rule is Development and review of information and communications technology Third-party risk management strategies such as mandatory provisions in contracts with ICT service providers and an “information register documenting all existing contractual arrangements”.
This DORA requirement will affect Internet service providers In the region because EU financial entities will have to obtain a comprehensive record of their contractual arrangements with third-party IT service providers.
An official of cryptocurrency exchange Gemini believes that DORA is necessary to improve the operational resilience of the financial sector against ICT-related risks.
“In preparation for DORA, we implemented a digital operational resilience strategy, an ICT risk management framework, ensured clear governance structures, and adopted best practices to ensure the continuity, security and resilience of our services,” explained Mark Jennings, Gemini’s head of Europe. .
Expanding the MiCA base
Cryptocurrency analysts said the new EU regulation aims to expand the Markets in Crypto Assets (MiCA) regulation, saying DORA’s goal is to strengthen the resilience of cryptocurrency companies against disruptions and cyberattacks, protect investors and enhance market integrity.
An executive at cryptocurrency infrastructure company MoonPay said that the new regulation will have a significant impact on MiCA-licensed cryptocurrency companies.
“All crypto asset service providers licensed under MiCA are subject to DORA requirements,” said Matt Sullivan, MoonPay’s Deputy General Counsel and Head of Ireland.
Sullivan revealed that their cryptocurrency infrastructure company is already taking steps to become a DORA complaint entity. MoonPay obtained a MiCA license from the Netherlands Financial Market Authority only on December 30, 2024.
A challenge for small service providers
VASPs can address DORA’s provisions and will likely implement stringent cybersecurity measures to maintain compliance with the new regulations, said Wormhole Foundation General Counsel Cathy Yun.
However, Yoon expressed concern that startups and small service providers may find it difficult to gain compliance with DORA.
“Taking a proactive approach to security and building cybersecurity measures in line with DORA could have significant implications for smaller providers, especially startups with limited capital to comply with DORA,” Yoon said.
Featured image from Dataddo blog, chart from TradingView
Comments are closed, but trackbacks and pingbacks are open.