Cyber resilience - an analysis of Art 8 (1) and (2) DORA-DG

back to overview

Type and Duration

FFF-Förderprojekt, July 2024 until December 2024

Coordinator

Economic Criminal Law, Compliance and Digitalization

Main Research

Business Law

Description

On Tuesday, January 30, 2024, the Government of Liechtenstein approved the consultation report concerning the enactment of a law to implement Regulation (EU) 2022/2554 on digital operational resilience in the financial sector (Digital Operational Resilience Act; DORA-DG) and the amendment of further laws. The enactment of DORA establishes a uniform European regulation that strengthens the financial sector in terms of digital operational resilience. DORA sets uniform requirements for the European Economic Area (EEA) on information and communication technology (ICT) risk management, the handling, classification, and reporting of ICT-related incidents, testing of digital operational resilience, management of third-party ICT risks, and information exchange. DORA will be applicable to financial intermediaries in the EU starting January 17, 2025. In Liechtenstein, DORA will take immediate effect upon its incorporation into the EEA Agreement. However, some provisions of the regulation require national implementation, for which the DORA-DG was created, which is to come into force in Liechtenstein simultaneously with the incorporation of DORA into the EEA Agreement. Article 8 of the DORA-DG contains the penal provisions, where, in particular, paragraph 1 provides for a judicial penal provision and paragraph 2 regulates several administrative offenses, which primarily refer to provisions in DORA. The project analyzes these two paragraphs and aims to highlight the new criminal liability risks in a timely manner before the planned implementation. Initially, the area of cybercrime should be explained, against which cyber resilience is a strategy for defense.

Project Manager

Prof. Dr. Konstantina Papathanasiou, LL.M.