Preparation for DORA application
The Digital Operational Resilience Act (DORA) will become applicable on 17 January 2025. From that date all financial entities in its scope will need to have a comprehensive register of their contractual arrangements with ICT third-party service providers available at entity, sub-consolidated and consolidated levels.
The registers will serve for:
- financial entities to monitor their ICT third-party risk,
- the EU competent authorities to supervise ICT and third-party risk management at the financial entities and
- the ESAs to designate the critical ICT third-party service provides (CTPP) which will be subject to an EU-level oversight.