The European Supervisory Authorities (the ESAs) have published the first list of critical ICT third-party providers (CTPPs) designated under the Digital Operational Resilience Act (DORA).
This marks a key step in rolling out the DORA oversight framework, following a multi-stage assessment based on financial-entity registers, cross-sector criticality analysis and providers’ right to be heard. The designation covers major ICT providers delivering core infrastructure, cloud, data and business services across the EU financial sector.
Designated CTPPs include Google Cloud, Microsoft, Amazon Web Services and other.
The full list of designated CTPPs is available on the ESAs’ website.