Our legal experts recently shared their insights with the Business Post as two new EU regulations, NIS2 and DORA, approach their implementation deadlines. Both aim to strengthen digital resilience across the European Union, with significant implications for Irish businesses.
NIS2, an update to the 2016 Network and Information Security Directive, must be implemented in Ireland by 17 October. DORA, focusing on the financial services sector, requires compliance by January 2025.
Julie Austin, Privacy and Data Security Partner, highlighted the scale of the challenge for many Irish businesses. She commented: “When they start looking at gaps in compliance, they won’t be near ready. Some of these organisations won’t have their vendor due diligence, technical and organisational measures, or risk assessments in place.”
DORA introduces new oversight measures, particularly for cloud service providers. This shift presents unique challenges, as Liam Flynn, Financial Services Sector Lead Partner, explained: "There is a very different culture in technology providers – 'move fast, break things, make mistakes, move on' is not the culture of financial services anymore, and it's not a culture that financial services regulations will tolerate."
While the Central Bank of Ireland is expected to take a measured approach to DORA enforcement, firms should not be complacent. Joanne O'Rourke, Of Counsel in our Financial Services team, cautioned: "We don't expect significant fines in 2025. There will be a learning exercise carried out by both firms and Central Bank. We expect there to be communications issued and engagement with industry, but the one big exception would be a major ICT outage or incident that affects consumers, post January 2025."
Read the full article in the Business Post (behind paywall).
The content of this article is provided for information purposes only and does not constitute legal or other advice. If you have a question about any of the topics discussed, don't hesitate to contact a member of our Technology or Financial Services teams.
