The European Supervisory Authorities have published the list of critical ICT third-party providers under the Digital Operational Resilience Act (DORA), marking a key step in oversight implementation.
The European Supervisory Authorities (EBA, EIOPA, and ESMA) have published the list of designated critical ICT third-party providers (CTPPs) under the Digital Operational Resilience Act (DORA). This marks an important step in implementing the DORA oversight framework.
The list of CTPPs is accessible through the provided link.
The designation process followed the methodology mandated by DORA, including data collection from financial entity registers, criticality assessments with national authorities across the EU, and formal notifications to providers. Providers had the opportunity to respond before final designation decisions were made.
The designated CTPPs offer various ICT services, from infrastructure to data and business services, supporting financial entities of all sizes across the EU.
The DORA Oversight Framework aims to promote sound ICT risk management among critical providers. The ESAs will assess whether CTPPs have adequate risk management and governance frameworks to ensure service resilience, thereby reducing operational risks in the EU financial sector.
The ESAs will continue engagement with CTPPs during upcoming examination activities.
