1. European
  2. Legislation (EU)
  3. EU Regulations
  4. 2022
Date-stamp loading
  1. Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance) (Digital Operational Resilience Act (DORA) / Regulation on digital operational resilience for the financial sector)
  2. Chapter V Managing of ICT third-party risk (arts. 28-44)
  3. Section II Oversight Framework of critical ICT third-party service providers (arts. 31-44)
  4. Article 33 Tasks of the Lead Overseer
Previous Next
Version status: Entered into force | Document consolidation status: No known changes
Version date: 16 January 2023 - 16 January 2025
  Version 2 of 3  

Article 33 Tasks of the Lead Overseer

1. The Lead Overseer, appointed in accordance with Article 31(1), point (b), shall conduct the oversight of the assigned critical ICT third-party service providers and shall be, for the purposes of all matters related to the oversight, the primary point of contact for those critical ICT third-party service providers.

2. For the purposes of paragraph 1, the Lead Overseer shall assess whether each critical ICT third-party service provider has in place comprehensive, sound and effective rules, procedures, mechanisms and arrangements to manage the ICT risk which it may pose to financial entities.

The assessment referred to in the first subparagraph shall focus mainly on ICT services provided by the critical ICT third-party service provider supporting the critical or important functions of financial entities. Where necessary to address all relevant risks, that assessment shall extend to ICT services supporting functions other than those that are critical or important.

3. The assessment refe

Comparing proposed amendment...
Previous Next