Do Not Get Lost in the Cloud.How EU Financial Institutions Could Avoid Legal and Practical Problems with Cloud Services Arising Under Dora
44 Pages Posted: 20 Jun 2023 Last revised: 12 Sep 2023
Abstract
Financial institutions frequently turn to cloud services and entrust cloud providers with increasingly important tasks. The relation between these two groups remains largely outside regulatory parameter and Digital Operational Resilience Act (DORA) is supposed to change that. This paper constitutes an attempt to address two relevant issues in that regard. First, it identifies legal and practical problems that EU financial institutions could encounter while adopting and then using cloud services. The ones at the adoption stage include challenge of provider selection, decision on transfer of critical or important functions and on choice of contractual clauses. During the stage of usage data security and financial stability constitute the most problematic issues. Overarching difficulties, that challenge financial institutions at every stage of cloud technology implementation, are layering and concentration risk. Fortunately, as this paper argues, these hurdles could be overcome if a financial institution chooses adequate cloud deployment and service models.
This paper has been prepared by the author under the Legal Research Programme 2022 sponsored by the ECB. Any views expressed are only those of the author and do not necessarily represent the views of the ECB or the Eurosystem.
Keywords: cloud computing, financial institutions, DORA, hybrid cloud, concentration risk, layering
Suggested Citation: Suggested Citation