Week 51: Security Legislation Changes
Welcome to the Week 51 regulatory news review. Legislative work has progressed rapidly, especially regarding CER and DORA.
Welcome to the Week 51 regulatory news review. Christmas is approaching, and soon it will be time to relax and spend time with loved ones. However, legislative work has progressed rapidly in the run-up to the holidays, particularly regarding CER and DORA. As a small bonus, we present the Finnish Government’s recent Defence Report and what it covers.
CER Directive (Critical Entities Resilience)
On December 19, 2024, the Government submitted a proposal to Parliament for a new Act on the Protection and Resilience of Critical Infrastructure.
The objective is to ensure that vital services, such as energy, transport, and healthcare, remain operational during disruptions. The new act transposes the requirements of the EU CER Directive into Finnish law, harmonizing the identification and supervision of critical entities. At the same time, it establishes clear rules to help businesses and authorities prepare for future risks and safeguard the operational reliability of society.
The scope of the act covers eleven sectors, and its implementation involves several ministries and supervisory authorities. In practice, entities identified as critical will be required to carry out risk assessments, improve their resilience, and implement stricter preparedness measures. This aims to create a stronger foundation for Finland to better cope with both domestic and international challenges.
Government proposal (in Finnish): https://www.eduskunta.fi/FI/vaski/HallituksenEsitys/Sivut/HE_205+2024.aspx
DORA (Digital Operational Resilience Act)
On December 17, 2024, the European Supervisory Authorities (EBA, EIOPA, and ESMA) published a summary of the 2024 dry run exercise, which tested the reporting of registers of information on ICT third-party contracts under the DORA framework.
The quality of the registers submitted by nearly a thousand European financial entities met supervisors’ expectations, considering it was the first such exercise. Although only 6.5% of the registers passed all quality checks, the majority of the remaining registers required only minor improvements.
The tools and guidance provided by the ESAs are designed to facilitate preparations for actual reporting by participants and other entities. Financial entities should utilize the feedback received on data quality and continue development work to reliably identify critical ICT third-party service providers. The ESAs will publish an updated technical reporting package, including refined quality requirements, a data model, and validation rules.
Original publication: https://www.esma.europa.eu/press-news/esma-news/esas-dry-run-exercise-shows-goal-reporting-registers-information-under-digital
As another DORA update, the Financial Supervisory Authority (Finanssivalvonta) published a newsletter detailing specifics of the regulation. We believe this newsletter is intended to clarify practical aspects of the regulation before the actual application date, which is already January 17, 2025.
Newsletter (in Finnish): https://www.finanssivalvonta.fi/tiedotteet-ja-julkaisut/valvottavatiedotteet/2024/asetus-finanssialan-digitaalisesta-hairionsietokyvysta/
Other
On December 19, 2024, the Government published a new Defence Report detailing how Finland will develop its defence up to 2030 following NATO membership.
Minister of Defence Antti Häkkänen emphasizes that Finland must strengthen its own defence capabilities and work closely with NATO to counter growing threats, particularly Russia’s increased activities. The report is divided into four main areas: national defence, NATO’s deterrence and defence, cooperation with other NATO countries, and comprehensive national defence. The goal is to ensure that Finland remains strong and capable of defending itself effectively alongside its allies. In addition, the importance of reserves and conscription is highlighted, as well as the fact that NATO membership has enhanced Finland’s security and deterrence.
Government Defence Report 2024 (in Finnish): https://julkaisut.valtioneuvosto.fi/handle/10024/166002
Conclusion
We welcome feedback from our readers for future updates. Tekve Oy provides support in navigating and implementing regulatory requirements, so feel free to contact us. See you next week!