ESAs Publish First List of Critical ICT Third-Party Providers Under DORA
The European Supervisory Authorities (the ESAs) have published the first list of critical ICT third-party providers (CTPPs) designated under the Digital Operational Resilience Act (DORA). This marks a key step in rolling out the DORA oversight framework, following a multi-stage assessment based on financial-entity registers, cross-sector criticality analysis and providers’ right to be heard. The […]
Two Regulatory Technical Standards (RTS) for the DORA have been published
The Commission has recently adopted two additional Regulatory Technical Standards (RTS) in the form of Delegated Regulations, thus completing the process of adopting all eight RTS. Technical standards will supplement and specify the rules of DORA (Regulation (EU) 2022/2554). From a regulatory perspective, these technical standards are complementary, providing more detailed specifications of specific requirements […]
The Digital Operational Resilience Act (DORA)
On 16 January 2023, the Digital Operational Resilience Act (DORA) entered into force. The EU regulation will apply as of 17 January 2025, with the overall objective to strengthen IT security within the financial sector, including all traditionally regulated financial entities as well as third-party suppliers to such entities. DORA is a complex regulatory framework […]