ESAs publish joint guide on oversight of critical third-party providers under DORA

The European Supervisory Authorities (European Banking Authority, European Insurance Occupational Pensions Authority, and European Securities and Markets Authority) have published a joint guide detailing their oversight activities under the Digital Operational Resilience Act (DORA). The guide outlines the processes employed by the Joint Examination Teams to supervise critical ICT third-party service providers (CTPPs). Offering a high-level overview of the CTPP Oversight framework, the guide covers (i) governance structures; (ii) oversight processes; (iii) the founding principles; (iv) available supervisory tools; and (iv) the adoption process. While the guide is not legally binding and does not supersede existing EU legal requirements, the ESAs encourage financial entities and third-party providers to use it in preparation for DORA′ oversight implementation. The guide may be subject to future revisions, when necessary.

Return to main website.