The European Supervisory Authorities (ESAs) have concluded a multilateral memorandum of understanding (MoU) to strengthen cooperation and information exchange with the European Union Agency for Cybersecurity (ENISA).

The MoU formalises the ongoing discussions between the ESAs (the European Banking Authority (EBA), European Insurance and Occupational Pensions Authority (EIOPA), and European Securities and Markets Authority (ESMA)), and ENISA.

Closer collaboration between the entities has been agreed as a result of the Directive on measures for a high common level of cybersecurity (NIS2 Directive) and the Digital Operational Resilience Act (DORA).

The MoU outlines the framework for cooperation and exchange of information on tasks of ‘mutual interest’, such as policy implementation, incident reporting, and oversight of ICT third-party providers.

Furthermore, it will aim to promote regulatory convergence, facilitate cross-sectorial learning and capacity building on areas of mutual interest, and information exchange on emerging technologies.

“This new cooperation agreement that we sign today will reinforce the collaboration between the ESAs and ENISA,” commented ESA joint committee chair and ESMA chair, Verena Ross.

“By bringing together the ESAs working on cybersecurity risk in the financial sector and ENISA as the EU’s cybersecurity agency, we are further strengthening our commitment to safeguarding the financial system from information security risks.

“In an interconnected world, ICT risk does not limit itself to one geographical or sectoral area, making cooperation in this field crucial. Through facilitating collaboration and resource sharing, we continue to enhance our capability to detect and respond to cybersecurity threats.”

ENISA executive director, Juhan Lepassaar, added: “The MoU signed today showcases our willingness to move forward with a common and comprehensive approach in cybersecurity both at sectorial and horizontal level.

“Our efforts towards the implementation and harmonisation of NIS2 and DORA provisions, such as those on incident reporting, are paving the way to intensify our endeavours in creating a robust mechanism for cybersecurity in financial ICT systems.”

---