EU and UK Strike Deal to Strengthen Banks’ Digital Resilience

European and British regulators have signed a memorandum of understanding to cooperate on rules designed to make banks’ digital operations more secure.

The agreement, which is part of the EU’s Digital Operational Resilience Act (DORA), focuses on oversight of critical third-party technology providers (CTPPs) and aims to ensure banks can withstand cyber threats and operational disruptions.

DORA, which came into effect in January 2025, establishes a harmonized framework for digital risk management across EU member states. It requires banks, insurers, and investment firms to implement consistent measures to respond to and recover from cyber incidents, reducing regulatory fragmentation that can complicate cross-border operations.

The memorandum brings together the European Supervisory Authorities — EBA, EIOPA, and ESMA — and UK regulators, including the Bank of England, the Prudential Regulation Authority, and the Financial Conduct Authority.

It sets out clear principles for co-operation, information-sharing, and oversight coordination, giving banks greater certainty on compliance expectations.

A key feature of the deal is that any information exchanged with a third-country authority must meet equivalent confidentiality and professional secrecy standards. The EU authorities assessed the UK regime and confirmed it aligns with DORA’s requirements.

For banks, the agreement provides a framework to manage risks from third-party technology providers more effectively, reduce operational uncertainty, and maintain continuity. It also reflects growing emphasis on cyber resilience and cross-border collaboration as banks increasingly rely on digital infrastructure.