The European Supervisory Authorities (the European Banking Authority, the European Insurance and Occupational Pensions Authority and the European Securities and Markets Authority) published a guide explaining how they will oversee critical Information and communication technology (ICT) third party service providers (CTPPs) under the Digital Operational Resilience Act (DORA). The document is intended to give external stakeholders a practical overview of the CTPP Oversight framework and support preparation for its implementation. The guide outlines the governance structure, founding principles, and oversight processes, including how Joint Examination Teams (JET) will be used, and describes the tools available to overseers. It is explicitly non-binding and does not replace legal requirements in applicable European Union law. The ESAs invite the public, financial entities and third-party providers to use the guide to prepare for oversight implementation and refer to a separate presentation for further information on implementing the DORA Oversight framework.
European Securities and Markets Authority 2025-07-15
European Supervisory Authorities publish DORA oversight guide detailing Joint Examination Team processes for critical ICT third-party providers
The European Supervisory Authorities published a guide detailing oversight of critical ICT third-party service providers under the Digital Operational Resilience Act. The guide outlines governance, principles, and processes, including the use of Joint Examination Teams, and is non-binding. Stakeholders are encouraged to use the guide for preparation and refer to additional resources for implementing the DORA Oversight framework.