Banking Regulation 2025

IRELAND Law and Practice Contributed by: Keith Robinson, Barry Tyrrell and Julia Mullin, Dillon Eustace LLP

Member states must also establish penalties and remedial measures for breaches of DORA, to include at least the following. • Orders requiring the banks to cease any con - duct or activity which contravenes DORA and to prevent any repetition of that conduct. • Introducing measures, including fines, to ensure that firms comply with DORA. • Requiring, subject to national law, data traffic records held by a telecommunications opera - tor where there is a reasonable suspicion of a breach of DORA. • Issuing public notices, including public state - ments indicating the identity of the institution and the nature of the breach. • The ability to impose the relevant sanctions on senior management or any other individual who is responsible for the breach of DORA by a firm. These enforcement powers are in addition to any action the CBI may take against senior members of a regulated entity under any other rules or legislation that may apply to the relevant entity.

• transpose the Network and Information Security Directive EU 2022/2555 (the “NIS2 Directive”) into Irish law; • establish the general framework for Ireland’s national cybersecurity strategy; and • establish Ireland’s National Cyber Security Centre on a statutory basis and set out its mandate and role. The NIS2 Directive is the EU-wide legislation on cybersecurity. It promotes and harmonises measures to boost the overall level of cyber - security in the EU. The deadline for EU mem - ber states to transpose the NIS2 Directive into national law was 17 October 2024. The NIS2 Directive forms part of a package of measures to improve the resilience and inci - dent response capabilities of public and private entities, competent authorities and the EU as a whole in the field of cybersecurity and critical infrastructure protection. These entities include banks. Entities regulated under the NIS2 Direc - tive are categorised as “Essential” or “Impor - tant” depending on factors such as size, industry sector and criticality. Capital Requirements Regulation – National Discretions On 20 August 2024, the Minister for Finance announced the publication of a consultation on two national discretions under the Capital Requirements Regulation III (“CRR III”). The con - sultation closed on 17 September 2024. Most of CRR III will be directly effective from 1 January 2025 (other than the provisions which amend the calculation of own funds requirements for the market risk regime which are due to have direct effect from January 2026). The two national discretions which are the sub - ject of the consultation are Article 92(3) (which

11. Horizon Scanning 11.1 Regulatory Developments

There are multiple impending developments that will affect Irish banks. The following are a handful of some of the more significant regulatory devel -

opments that will impact Irish banks. National Cyber Security Bill 2024

The Irish government published the General Scheme for the National Cyber Security Bill on 30 August 2024. Once finalised and enacted, the Bill will:

261 CHAMBERS.COM

Powered by