The Netherlands - Regulatory
DORA ITS and RTSs adopted
To further clarify the contents and obligations under the EU Digital Operational Resilience Act (DORA), the European Commission has adopted delegated acts. On 23 and 24 October 2024, the European Commission adopted the following RTS and ITS through Delegated Regulations supplementing DORA:
- RTS specifying the content and time limits for the initial notification of, and intermediate and final report on, major ICT-related incidents, and the content of the voluntary notification for significant cyber threats; and
- accompanying ITS with regard to the standard forms, templates and procedures for financial entities to report a major ICT-related incident and to notify a significant cyber threat; and
- RTS on harmonisation of conditions, enabling the conduct of the oversight activities.
ESMA Guidelines on funds’ names
The ESMA Guidelines apply from 21 November 2024, ensuring that investors are protected, or better protected, against exaggerated claims related to environmental social and/or governmental (ESG) objectives. A fund including in its name words related to ESG objectives must meet a threshold of investments contributing to the ESG objective its name relates to. The Dutch Authority on Financial Markets (Autoriteit Financiele Markten) has published a statement that it expects Dutch AIFs and AIFMs to align with the ESMA Guidelines. Funds established before 21 November 2024 get a transitional period, meaning that they will have to comply with the Guidelines from 21 May 2025. Funds established after 21 November 2024 will have to comply with the Guidelines from the date of establishment.
DNB integrates DORA in its fitness and propriety assessment
Day-to-day and secondary policymakers of AIFs, and other financial entities, are subject to a fitness and propriety assessment when they start their function. As DORA expects financial entities to have digital operational resilience, their policy makers should be so as well. Therefore, the Dutch National Bank (De Nederlandsche Bank) will assess the knowledge and experience on ICT risk management as well as the contents of DORA in general.
DORA ITS on the register of information adopted
The European Commission has adopted the ITS regarding the standard templates for the register of information. DORA requires financial entities to maintain a register of information in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers. The ITS provides a standardised template for financial entities to use when establishing the register of information.
In February 2025, AFM starts requesting the DORA register of information
One of the DORA requirements is that financial entities, such as AIFs, maintain a register of information on their ICT third-party service providers. The AFM has published a statement regarding the timeline for sending the register. A request for information will be sent in February 2025 to all organisations that have an AFM licence and are subject to DORA. Before the information request is sent, entities will receive a message about the way in which AFM requests them to provide the information and the response period. Entities are expected to send their entire registers to AFM.
European Green Bond Standard is applicable
From 21 December 2024, the issuance of and investment in European Green Bonds is possible. The European Green Bond Standard Regulation sets a uniform standard with which bonds issuers can voluntarily comply for their bonds to be labelled as EU Green Bond in their prospectuses. This way, investors in EU Green Bonds are ensured that their investment complies with the EU Taxonomy and is ecologically sustainable.