The Ukraine National Commission on Securities and Stock Market has proposed a full rewrite of its rules for supervising the computer programs used by professional participants in the capital markets, aligning the framework with the European Union’s Digital Operational Resilience Act. The update would expand the commission’s visibility over firms’ software environments and incident management, with a stronger focus on operational resilience, cyber risk and sanctions compliance. Under the proposal, firms would have to provide detailed information not only on software they use, but also on the jurisdiction where it is registered, the cloud services they rely on, server locations, system protection measures and any use of automated bots. They would also have to notify the commission immediately about hacker attacks, software failures and any sanctioned software detected in their systems that is prohibited by the State Service of Special Communications. Initial reporting would be due within 90 days after the new rules take effect, followed by annual reporting by Feb. 1, while software changes or updates would have to be reported within one month. Comments are open until July 27, 2026. After the consultation and final approval, the decision will be sent to Ukraine’s Ministry of Justice for registration.