The European Supervisory Authorities, comprising the European Banking Authority, the European Insurance and Occupational Pensions Authority and the European Securities and Markets Authority, published a guide on oversight activities under the Digital Operational Resilience Act, explaining how they will oversee critical information and communication technology third-party service providers through Joint Examination Teams. The guide provides a high-level overview of the critical ICT third-party service provider oversight framework, including governance, oversight processes, founding principles and the tools available to overseers. It is not legally binding and does not replace requirements in applicable EU law, and is intended to help financial entities and third-party providers prepare for oversight implementation; the ESAs also reference an accompanying presentation with additional information on implementation.
European Insurance and Occupational Pensions Authority 2025-07-15
European Insurance and Occupational Pensions Authority, European Banking Authority and European Securities and Markets Authority publish DORA oversight guide for critical ICT third-party providers
The European Supervisory Authorities, including the European Banking Authority, the European Insurance and Occupational Pensions Authority, and the European Securities and Markets Authority, released a guide on oversight under the Digital Operational Resilience Act. It outlines the framework for overseeing critical ICT third-party service providers, detailing governance, oversight processes, and tools for Joint Examination Teams. It is advisory and does not replace EU legal requirements, aiming to assist financial entities and providers in preparing for oversight implementation.