Position paper on the NIS 2 Directive and the CER Directive

We welcome the European Commission’s proposal on the new EU Cybersecurity Strategy. Exchanges play an important role in supporting the stability of the financial system and as such are taking several measures to build up their cyber resilience.

FESE favours the harmonisation of the already existing rules on cybersecurity at the EU level. DORA is the most appropriate cybersecurity Regulation for the financial sector as it provides financial entities with the same consolidated set of requirements.

We believe that a complete lex specialis regime should be explicitly included in the articles of both Directives, i.e. by introducing an express provision exempting ‘financial entities’ as defined in DORA from their scope of application with respect to overlapping entity-level obligations.