25 Jul 2024

DIGITALEUROPE response to ECB consultation on outsourcing cloud services to cloud service providers

Executive summary 

DIGITALEUROPE welcomed the opportunity to provide feedback to the ECB’s “Guide on outsourcing cloud services to cloud service providers” consultation (15 July 2024). 

We strongly support the efforts of EU policymakers and regulators to enhance the operational resilience of the EU’s financial sector and believe DORA provides an opportunity to deliver on this objective by facilitating the adoption of best-in-class technology by financial entities operating in the EU.  

The ECB Guide, however, introduces uncertainty for both supervised entities and technology providers given many of the provisions effectively go beyond the requirements set out in the DORA legislative text or are not aligned with the DORA text. Indeed, the proposed Guide is incompatible on several aspects with the requirements set out in DORA, including those related to (i) tech neutrality, (ii) the principle or proportionality, and (iii) the risk-based approach set out in the Regulation. As a secondary effect, such uncertainty would i) be passed to the broad financial sector impacting financial entities’ cloud outsourcing strategy and ii) create fragmented approaches at supervisory level.         

While the clarification of supervisory expectations by the SSM will, in due course, support the work of financial entities as they look to implement their cloud strategies, the proposed Guide seems to give the SSM a policy-making role which is not in line with the regulatory architecture of the EU. These incremental expectations land at a time when the industry is already faced with very short timelines for DORA. Further, given several Level 2 texts are still not final, the Guide risks creating confusion and bifurcating readiness activities.  

The Guide also risks intra-EU fragmentation of the harmonised regime for ICT services that DORA was intended to create. Further, while we appreciate the need to identify and address the evolving risk profiles that outsourcing generates as a result of the adoption of cloud services, it is always important to remain technology-neutral. The Guide does not recognise the overall benefits of this technology in terms of enhanced resiliency and security as widely acknowledged by international regulators and international standard-setting bodies, such as the FSB and the BIS.  

The Guide also puts cloud users and providers at a disadvantage to other financial entities and ICT third party providers as they have to address incremental expectations within an already compressed time frame.  

 

Download the full response
For further information, please contact:
Laura Chaney
Manager for Digital Finance Policy
laura.chaney@digitaleurope.org +32 4 93 09 87 42
Back to
View the complete
PDF
Our resources on ****
25 Jul 2024 resource
Assessing merits and bottlenecks in Europe’s standardisation system
Read more
PDF
05 Jul 2024 resource
The Download: Closing the digital skills gap
Read more
PDF
02 Jul 2024 resource
Overcoming Europe’s connectivity challenges to reclaim global leadership
Read more
PDF
View all resources
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.
Decline
Accept