EU Financial Regulations & Guidelines

EU Financial Regulations & Guidelines

Financial Regulatory Requirements

Financial Regulatory Requirements

FAQs About the European Financial Industry

FAQs About the European Financial Industry

Can European financial institutions use Huawei Cloud?

Huawei Cloud has been launched in Europe. Financial institutions can purchase and use Huawei Cloud products and services after registering on the Huawei Cloud website. However, when using Huawei Cloud services, financial institutions must comply with all applicable laws and regulatory requirements.

Do EU financial institutions need to comply with DORA when using Huawei Cloud?

Since January 17, 2025, EU financial institutions and their critical information and communications technology (ICT) providers must be prepared to comply with The Digital Operational Resilience Act (DORA) - Regulation (EU) 2022/2554. Huawei Cloud, as a cloud service provider for EU financial institutions, provides comprehensive capabilities and services to help EU financial institutions create cloud environments that meet DORA requirements. We help financial institutions in the EU fully leverage cloud computing while also ensuring compliance with regulatory requirements, enhancing their digital operations and competitiveness.

What are the responsibilities of EU financial institutions and Huawei Cloud in terms of compliance with DORA?

Although DORA does not directly apply to Huawei Cloud (unless formally designated as a critical ICT provider by EU regulators), Huawei Cloud is committed to providing resources and services to our customers to help them meet applicable DORA requirements.


Huawei Cloud is committed to providing EU financial institutions with secure and compliant infrastructure and services. Each service has built-in security features and is guaranteed to run securely through continuous O&M. Huawei Cloud ensures that the infrastructure and services it provides have been assessed by authoritative, independent, third-party agencies and reviewed by relevant certifying bodies.


EU financial institutions are responsible for their compliance with applicable DORA requirements. When using Huawei Cloud services, you are responsible for security and compliance of internal applications, custom deployment, and cloud service settings, including data security settings, based on their cloud service features to effectively ensure confidentiality, integrity, availability, and data access authentication and authorization. You are also responsible for compliance with the relevant regulatory requirements for your workloads on the cloud.


You can download Huawei Cloud Security White Paper and HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines (EU, Ireland, Spain, Hungary, Romania and Germany) to learn more details about Huawei Cloud and customer security responsibilities. For any other security and compliance questions, contact your account manager or Huawei Cloud.

What industry regulatory requirements should EU financial institutions comply with when using Huawei Cloud?

The Digital Operational Resilience Act (DORA), issued by the European Parliament and the Council of the European Union, is a unified regulatory framework that requires EU financial institutions and ICT suppliers to strengthen their digital operational resilience and comprehensively control ICT risks, including third-party risks. This act is intended to promote information sharing and ensure financial service continuity and market stability. The related regulatory requirements and guidelines include:


•REGULATION (EU) 2022/2554 Digital Operational Resilience Act: This act creates a regulatory ICT risk management framework and provides consistent regulations to help regulated financial institutions comply with technical standards for digital operational resilience with the aim of enhancing the digital resilience of the EU financial system.


•REGULATION (EU) 2024/1772 Regulatory Technical Standards on criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents: These standards specify the criteria for the classification criteria of major ICT-related incidents, the criteria and materiality thresholds for determining significant cyber threats, and the details of reports of major incidents.


•REGULATION (EU) 2024/1773 Regulatory Technical Standards on the detailed content of the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers: These standards specify detailed regulatory technical standards for contractual arrangements on the use of ICT services supporting critical or important functions provided by third-party ICT service providers.


•REGULATION (EU) 2024/1774 Regulatory Technical Standards on ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework: These standards specify the technical standards for the regulation of ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework.

HUAWEI CLOUD User Guide to Digital Operational Resilience Act (DORA) Regulations & Guidelines (EU) elaborates how Huawei Cloud will help financial institutions meet DORA requirements.

How does Huawei Cloud comply and help me comply with EBA's Guidelines on ICT and security risk management?

On November 29, 2019, the European Banking Authority (EBA) published the Final report on the guidelines on ICT and security risk management to establish requirements for credit institutions, investment firms, and payment service providers (PSPs) on the mitigation and management of ICT and security risks. These guidelines cover information security, ICT operations, ICT project change and management, and business continuity.


When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


Chapter 5 of the HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines Industry summarizes the CSP-related requirements in the EBA's guidelines and describes how Huawei Cloud helps customers meet these requirements.

How does Huawei Cloud comply and help me comply with EBA's Guidelines on outsourcing arrangements?

On February 25, 2019, EBA released Guidelines on outsourcing arrangements. These guidelines provide a clear definition of outsourcing and specify due diligence, contract phases, data and system security, access, information, and audit rights, requirements for termination rights and supervision of outsourced functions.


When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


Chapter 6 of the HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines summarizes the CSP-related requirements in the EBA's guidelines and describes how Huawei Cloud helps customers meet these requirements.

How does Huawei Cloud comply and help me comply with ESMA's Guidelines on outsourcing to cloud service providers?

On May 10, 2021, the European Securities and Market Authority (ESMA) launched Guidelines on outsourcing to cloud service providers. These guidelines specify requirements on pre-outsourcing analysis and due diligence, key contract elements, information security, exit policies, access and audit permissions, and secondary outsourcing.


When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


Chapter 7 of the HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines summarizes the CSP-related requirements and describes how Huawei Cloud helps customers meet these requirements.

How does Huawei Cloud comply and help me comply with EIOPA's Guidelines on outsourcing to cloud service providers?

On January 31, 2020, the European Insurance and Occupational Pensions Authority (EIOPA) released the Guidelines on outsourcing to cloud service providers. These guidelines specify the requirements on due diligence, contracts, access and audit rights, and data and system security, sub-outsourcing of critical or important operational functions or activities, monitoring and supervision of cloud outsourcing arrangements, termination rights, and exit strategies.


When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


Chapter 8 of the HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines summarizes the CSP-related requirements and describes how Huawei Cloud helps customers meet these requirements.

How does Huawei Cloud comply and help me comply with EIOPA's Guidelines on information and communication technology security and governance?

On October 8, 2020, the European Insurance and Occupational Pension Administration (EIOPA) released Guidelines on information and communication technology security and governance. These guidelines cover logical security, personal safety, ICT operation security, security monitoring, information security review, evaluation, and testing, and ICT operation management, ICT incident and problem management, ICT system acquisition and development, business impact analysis, business continuity planning, response and recovery planning, plan testing, and crisis communication.


When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


Chapter 9 of the HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines summarizes the CSP-related requirements and describes how Huawei Cloud helps customers meet these requirements.

How does Huawei Cloud comply and help me comply with Ireland's Cross Industry Guidance in Respect of Information Technology and Cybersecurity Risks?

In September 2016, the Central Bank of Ireland published Cross Industry Guidance in respect of Information Technology and Cybersecurity Risks, which sets out the requirements on risk management, cyber security, and IT system and service outsourcing.


When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


Chapter 10 of the HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines summarizes the CSP-related requirements in this guidance and describes how Huawei Cloud helps customers meet these requirements.

How does Huawei Cloud comply and help me comply with Ireland's Cross-Industry Guidance on Outsourcing?

The Cross-Industry Guide - Outsourcing released by the Central Bank of Ireland in December 2021 specifies the management requirements on sub-outsourcing risks, sensitive data risks, data security, availability, and integrity, due diligence, outsourcing arrangements and service level agreements (SLAs), and continuous monitoring and challenges, disaster recovery, and business continuity.


When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


Chapter 11 of the HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines summarizes the CSP-related requirements in this guidance and describes how Huawei Cloud helps customers meet these requirements.

How does Huawei Cloud comply and help me comply with Hungary's Government Decree No. 42/2015 (III.12.) on Protecting the Information System of Financial Institutions, Insurance Undertakings, Reinsurance Undertakings, Investment Firms and Commodity Dealers?

Government Decree No. 42/2015 (III.12.) on Protecting the Information System of Financial Institutions, Insurance Undertakings, Reinsurance Undertakings, Investment Firms and Commodity Dealers issued by the Hungarian National Bank (MNB) on January 1, 2016 specifies requirements on information technology monitoring, regulations on data security protection, and information technology system integrity control.


When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


Chapter 12 of the HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines summarizes the CSP-related requirements in this decree and describes how Huawei Cloud helps customers meet these requirements.

How does Huawei Cloud comply and help me comply with Romania's NBR Regulation No. 3/2018 on Financial Market Infrastructures and Payment Instruments Oversight?

NBR Regulation No. 3/2018 on Financial Market Infrastructures and Payment Instruments Oversight issued on August 1, 2018 sets out the requirements on operational risk management, efficiency and effectiveness, IPF managers ensuring cyber resilience, and financial market infrastructure participants.


When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


Chapter 13 of the HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines summarizes the CSP-related requirements in this regulation and describes how Huawei Cloud helps customers meet these requirements.

Federal Financial Supervisory Authority

Federal Financial Supervisory Authority is the German financial industry regulator that centrally regulates banks and financial service providers, insurance companies and securities transactions. Its main objective is to ensure the proper functioning, stability and integrity of the German financial system.


BaFin Guidance on Outsourcing to Cloud Service Providers: Officially released in November 2018. It provides guidance for BaFin and Deutsche Bundesbank to financial institutions on the risk control assessment process and key contract elements for cloud service providers when adopting cloud services.


Circular 10/2017 on The Banking Supervisory Requirements for IT: First released on November 6, 2017 and revised in August 2021, it provides a flexible and practical framework for institutions' technical and organizational resources, especially in IT resource management, information risk management, and information security management.


Circular 11/2019 on Supervisory Requirements for IT in Capital Management Companies: This circular was officially released in October 2019. The circular covers the technical and organizational resources of German capital managers, in particular IT resource management and IT risk management. In addition, it specifies requirements related to organizational requirements, risk management and outsourcing to determine minimum regulatory requirements for information technology for German capital managers.


Circular 10/2018 on Supervisory Requirements for IT in Insurance Undertakings: Officially released in November 2018. Based on the German Insurance Supervision Law, this circular describes the technical and organizational resources that BaFin considers appropriate as IT systems, especially the requirements on information security and information risk management.

How does Huawei Cloud comply and help me comply with BaFin's Guidance on Outsourcing to Cloud Service Providers?

In November 2018, BaFin's Guidance on Outsourcing to Cloud Service Providers was officially released, which provides guidance for BaFin and Deutsche Bundesbank to financial institutions in terms of analysis and materiality assessment, audit rights, data security, and termination rights when adopting cloud services.

When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


Chapter 14 of the HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines summarizes the CSP-related requirements and describes how Huawei Cloud helps customers meet these requirements.

How does Huawei Cloud comply and help me comply with BaFin's Circular 10/2017 on The Banking Supervisory Requirements for IT?

On November 6, 2017, the Federal Financial Supervisory Authority released the Circular 10/2017 on The Banking Supervisory Requirements for IT. The regulatory requirements specify security requirements such as information security, operational security, identity and access management, IT project and application development, outsourcing IT services, and IT business continuity.


When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


Chapter 15 of the HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines summarizes the CSP-related requirements and describes how Huawei Cloud helps customers meet these requirements.

How does Huawei Cloud comply and help me comply with BaFin's Circular 11/2019 on Supervisory Requirements for IT in Capital Management Companies?

In October 2019, the Circular 11/2019 on Supervisory Requirements for IT in Capital Management Companies was officially released, which stipulates security requirements such as information risk management, information security, identity and access management, IT project and application development, and outsourcing IT services.


When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


Chapter 16 of the HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines summarizes the CSP-related requirements and describes how Huawei Cloud helps customers meet these requirements.

How does Huawei Cloud comply and help me comply with BaFin's Circular 10/2018 on Supervisory Requirements for IT in Insurance Undertakings?

In November 2018, the Federal Financial Supervisory Authority released the Circular 10/2018 on Supervisory Requirements for IT in Insurance Undertakings, which specifies security requirements for information risk management, information security, identity and access management, IT project and application development, and outsourcing IT services.


When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


Chapter 17 of the HUAWEI CLOUD User Guide to Financial Services Regulations & Guidelines summarizes the CSP-related requirements and describes how Huawei Cloud helps customers meet these requirements.

Compliance Resources

Compliance Resources

These are compliance documents applicable to financial institutions in European. For more documents, visit the Resource Center.

These are compliance documents applicable to financial institutions in European. For more documents, visit the Resource Center.