Archive: February 2025

On 20 February 2025, the following was published in the Official Journal of the EU (OJ).

On 18 February 2025, the European Supervisory Authorities (ESAs) issued a roadmap to the designation of critical ICT third-party service providers (CTPPs) under the Digital Operational Resilience Act (DORA).

On 13 February 2025, there was published in the Official Journal of the EU (OJ), Commission Delegated Regulation (EU) 2025/295 of 24 October 2024 supplementing the Regulation on digital operational resilience for the financial sector with regard to regulatory technical standards on harmonisation of conditions enabling the conduct of the oversight activities.

On 13 February 2025, the European Commission adopted a draft Delegated Regulation supplementing the Regulation on digital operational resilience for the financial sector with regard to regulatory technical standards

On 11 February 2025, the Eurosystem updated its European framework for threat intelligence-based ethical red-teaming (TIBER-EU framework) to align with the regulatory technical standards (RTS) of the Digital Operational Resilience Act (DORA) on threat-led penetration testing (TLPT).

Key Takeaways:
• SEC, Binance reach stay in enforcement action as other cases halt
• More civil lawsuits against Pump.Fun

At the start of last year there was an expectation that momentum in the FinTech sector would pick up, including as a result of anticipated improvements in global macroeconomic conditions.

On 31 January 2025, the European Commission (Commission) published a letter (dated 21 January 2025) it had sent to the Chair of the Joint Committee of the European Supervisory Authorities (ESAs).

On 11 February 2025, the European Banking Authority (EBA) issued an updated version of its guidelines on ICT and security risk management measures which were built on the provisions of Article 74 of the Capital Requirements Directive IV and the Payment Services Directive 2.

On 5 February 2025, the Advocate General of the Court of Justice of the European Union (CJEU) issued its opinion in the case of C 413/23 P European Data Protection Supervisor (EDPS) v Single Resolution Board (SRB) (Opinion).