Letter for financial services stakeholders on CRA and DORA

Position Paper

10 Jul 2023

Digital, Financial services

HomePolicy and newsLibraryLetter for financial services stakeholders on CRA and DORA

The Cyber Resilience Act (CRA) does not delineate between products and services and applies to all elements of a financial institution’s software or digitally accessible services, despite them being covered by existing financial services regulation. This causes duplication in the requirements faced by industry operating in the EU. In order to prevent compliance and risk management inefficiencies, policymakers should further clarify how the CRA applies to services and how this legislation overlaps with the Digital Operational Resilience Act (DORA) to avoid unnecessary duplication.

Read our letter below.

Related items

News

13 Mar 2026

Discussing digital policy priorities with MEPs in Strasbourg

From Monday, 9 to Wednesday, 11 March 2026, AmCham EU travelled to the European Parliament in Strasbourg for a series of meetings with policymakers to discuss ongoing EU digital policy initiatives. The delegation met with members of the European Parliament, accredited parliamentary assistants and group policy advisers , to discuss priorities for the EU’s digital agenda. This includes exchanges on AI Omnibus, Digital Omnibus, Cybersecurity Act review, the Digital Networks Act and the upcoming Cloud and AI Development Act. Throughout the meetings, members emphasised the importance of urgent action to support the simplification of overlapping digital rules, strengthening cybersecurity while avoiding fragmentation in the Single Market and supporting innovation through proportionate, risk-based regulation.