ESAs and ENISA sign a Memorandum of Understanding to strengthen cooperation and information exchange

The European Supervisory Authorities (EBA, EIOPA, and ESMA - the ESAs) today announced that they have concluded a multilateral Memorandum of Understanding (MoU) to strengthen cooperation and information exchange with the European Union Agency for Cybersecurity (ENISA).

This multilateral MoU formalises the ongoing discussions between the ESAs and ENISA to strengthen their already close cooperation, as a result of the Directive on measures for a high common level of cybersecurity (NIS2 Directive) and the Digital Operational Resilience Act (DORA).

This MoU sets out the framework for cooperation and exchange of information on tasks of mutual interest, including policy implementation, incident reporting, and oversight of critical Information Communication Technologies (ICT)third-party providers. It will also promote regulatory convergence, facilitate cross-sectoral learning and capacity building on areas of mutual interest, and information exchange on emerging technologies.

Verena Ross, Chair of the Joint Committee of the ESAs and ESMA Chair, said:

This new cooperation agreement that we sign today will reinforce the collaboration between the ESAs and ENISA. By bringing together the ESAs working on cybersecurity risk in the financial sector and ENISA as the EU’s cybersecurity agency, we are further strengthening our commitment to safeguarding the financial system from information security risks.

In an interconnected world, ICT risk does not limit itself to one geographical or sectoral area, making cooperation in this field crucial. Through facilitating collaboration and resource sharing, we continue to enhance our capability to detect and respond to cybersecurity threats.

Juhan Lepassaar, Executive Director of the European Union Agency for Cybersecurity (ENISA), highlighted:

The MoU signed today showcases our willingness to move forward with a common and comprehensive approach in cybersecurity both at sectorial and horizontal level. Our efforts towards the implementation and harmonisation of NIS2 and DORA provisions, such as those on incident reporting, are paving the way to intensify our endeavours in creating a robust mechanism for cybersecurity in financial ICT systems.

Notes to editors

The Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive) is the EU-wide legislation on cybersecurity which provides legal measures to boost the overall level of cybersecurity in the EU.

The Digital Operational Resilience Act (DORA) sets a harmonised and comprehensive regulatory framework on digital operational resilience for EU financial entities and introduces oversight over Critical Third-party ICT Providers (CTPPs).

About ENISA

The European Union Agency for Cybersecurity, ENISA, is the Union's agency dedicated to achieving a high common level of cybersecurity across Europe. Established in 2004 and strengthened by the EU Cybersecurity Act, ENISA contributes to EU cyber policy, enhances the trustworthiness of ICT products, services, and processes with cybersecurity certification schemes, cooperates with Member States and EU bodies, and helps Europe prepare for the cyber challenges of tomorrow. Through knowledge sharing, capacity building and awareness raising, the Agency works together with its key stakeholders to strengthen trust in the connected economy, to boost resilience of the Union’s infrastructure, and, ultimately, to keep Europe’s society and citizens digitally secure.

About the ESAs

The three European Supervisory Authorities (the EBA, EIOPA and ESMA) have the objective to protect the public interest by contributing to the short, medium, and long-term stability and effectiveness of the financial system, for the Union economy, its citizens, and businesses. The ESAs are tasked with developing and implementing a common regulatory framework and convergent supervisory practice across the EU. While most ongoing supervision of financial institutions still rests with the national supervisory authorities, the ESAs also carry out micro-prudential supervision of the EU financial markets along with the national supervisory authorities of the member states, as well as direct supervision of some market players.

Through the Joint Committee, the three ESAs coordinate their supervisory activities in the scope of their respective responsibilities regularly and closely and ensure consistency in their practices. The three ESAs Joint Committee is chaired alternately each year by one of the authorities. In 2024 the forum is chaired by ESMA.