.svg)
The European supervisory authorities (ESAs), consisting of regulators such as the European Banking Authority (EBA), have outlined their timeline for designating critical ICT third-party service providers (CTPPs) under the Digital Operational Resilience Act (DORA).
A newly published decision from the regulators requires competent authorities to submit registers of financial entities' ICT contractual arrangements by April 30, 2025.
Following DORA’s enforcement on January 17, 2025, oversight of CTPPs will begin, marking a key milestone in accountability for firms that are heavily relied on for outsourcing.
The ESAs have shared draft templates and conducted preparatory activities, including a 2024 dry run involving 1,000 financial entities, to aid compliance efforts.
An industry workshop planned for December 18, 2024 is being organised by the ESAs to provide further guidance and insights from the dry run, and financial entities are urged to start compiling relevant information now to meet the reporting deadline effectively.
