The European Supervisory Authorities have designated critical ICT third-party providers under the Digital Operational Resilience Act, marking a significant step in the implementation of the DORA oversight framework. This designation process, conducted by the European Banking Authority (EBA), European Insurance and Occupational Pensions Authority (EIOPA), and European Securities and Markets Authority (ESMA), involved a meticulous evaluation of these providers' roles and impact on the financial ecosystem.
The designated providers, accessible via the link https://www.esma.europa.eu/sites/default/files/2025-11/Listofdesignated_CTPPs.pdf, offer a wide range of ICT services, from core infrastructure to business and data services, to financial entities of all sizes across the European Union. This comprehensive list was compiled through a rigorous methodology mandated by DORA, which included data collection from financial entities' registers and a criticality assessment in collaboration with EU authorities from the banking, insurance, and pensions sectors.
The critical assessment focused on evaluating the providers' systemic importance, their role in supporting critical or important functions for financial entities, and the level of substitutability of their services. Providers deemed critical were formally notified and given the right to present a reasoned statement. The final designation decisions were made after a thorough review, ensuring the integrity of the process.
The primary objective of the DORA Oversight Framework is to promote sound ICT risk management by these critical providers. Through direct oversight, the ESAs will assess the providers' risk management and governance frameworks to ensure the resilience of the services they offer to financial entities. This proactive approach aims to mitigate risks that could potentially impact the operational resilience of the EU's financial sector.
As the ESAs continue their engagement with these designated providers, they will conduct further examinations to ensure compliance and maintain the integrity of the financial ecosystem. For more information, contact Cristina Bonillo, Senior Communications Officer, at press@esma.europa.eu.
