ESAs and UK regulators sign MoU on oversight of critical ICT third-party service providers under DORA

The European Supervisory Authorities (comprising the European Securities and Markets Authority, the European Insurance and Occupational Pensions Authority and the European Banking Authority) have entered into a Memorandum of Understanding with the Bank of England (BoE), the UK Prudential Regulatory Authority and the UK Financial Conduct Authority (FCA). The MoU seeks to strengthen cross-border oversight of critical third parties (CTPs) and critical ICT third-party service providers (CTPPs) under the Digital Operational Resilience Act (DORA), including during incidents such as power outages or cyber-attacks. It sets out cooperation principles and procedures, information‑sharing arrangements and coordination of oversight activities between EU and UK regulators. To enable information sharing with a third country authority, the ESAs must first verify that the third country's confidentiality and professional secrecy regime is equivalent to that under EU law. Accordingly, prior to signing the MoU, the ESAs carried out an assessment confirming that the UK's regime meets the standards set out in DORA. Separate statements from the FCA and BoE announcing the signed MoU were published on the same day.

Return to main website.