1. European
  2. Legislation (EU)
  3. EU Regulations
  4. 2022
Date-stamp loading
  1. Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance) (Digital Operational Resilience Act (DORA) / Regulation on digital operational resilience for the financial sector)
  2. Chapter V Managing of ICT third-party risk (arts. 28-44)
  3. Section II Oversight Framework of critical ICT third-party service providers (arts. 31-44)
  4. Article 31 Designation of critical ICT third-party service providers
Previous Next
Version status: Entered into force | Document consolidation status: No known changes
Version date: 16 January 2023 - 16 January 2025
  Version 2 of 3  

Article 31 Designation of critical ICT third-party service providers

1. The ESAs, through the Joint Committee and upon recommendation from the Oversight Forum established pursuant to Article 32(1), shall:

(a) designate the ICT third-party service providers that are critical for financial entities, following an assessment that takes into account the criteria specified in paragraph 2;

(b) appoint as Lead Overseer for each critical ICT third-party service provider the ESA that is responsible, in accordance with Regulations (EU) No 1093/2010, (EU) No 1094/2010 or (EU) No 1095/2010, for the financial entities having together the largest share of total assets out of the value of total assets of all financial entities using the services of the relevant critical ICT third-party service provider, as evidenced by the sum of the individual balance sheets of those financial entities.

2. The designation referred to in paragraph 1, point (a), shall be based on all of the following criteria in relation to ICT services provided by theICT third-party service provider:

(

Comparing proposed amendment...
Previous Next