The Bank of Italy held a workshop in Rome with leading financial sector associations on digital operational resilience, focusing on ICT third party risk and the Registers of Information required under EU Regulation 2022/2554 on Digital Operational Resilience (DORA). The session shared initial evidence from a 2025 horizontal analysis and aimed to improve awareness of the quality and completeness of register data ahead of the next reporting cycle. The discussion highlighted prudential risk factors linked to the scale of reliance on ICT providers and interconnections, concentration in ICT vendor markets with limited substitutability, and complex supply chains for certain services. The Bank of Italy also stressed that managing ICT third party risk requires strong governance, including management body understanding of these risks, defined strategies, policies and control arrangements, and periodic assessment of suppliers providing critical or important functions. The workshop forms part of a broader programme to strengthen dialogue between the Bank of Italy and industry and follows a June 2025 event on implementation of DORA requirements.
Bank of Italy 2026-02-09
Bank of Italy presents 2025 findings and operational guidance on DORA Registers of Information for ICT third party risk
The Bank of Italy hosted a workshop in Rome with financial sector associations on digital operational resilience, focusing on ICT third party risk and the Registers of Information under EU Regulation 2022/2554 on Digital Operational Resilience (DORA). The event aimed to enhance awareness of register data quality and completeness, emphasizing the need for strong governance and periodic supplier assessments.