- Question ID
-
2024_7089
- Legal act
- Regulation (EU) No 2022/2554 (DORA Reg)
- Topic
- ICT third-party risk management
- Article
-
28
- Paragraph
-
3
- COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations
- Not applicable
- Article/Paragraph
-
ITS Recital 7
- Name of institution / submitter
-
AFME
- Country of incorporation / residence
-
Belgium
- Type of submitter
-
Industry association
- Subject matter
-
Identification of ICT Service Providers
- Question
-
Can the ESAs confirm there is no expectation to capture within the Register of Information the ICT subcontractors of non-ICT service providers?
- Background on the question
-
Recital 7 of the ITS suggests financial entities should consider whether non-ICT service providers are relying on ICT services. If so, it is understood that for the purposes of the Register of Information such providers may be treated as an ICT provider. This would see their ICT subcontractors listed in the Register, provided they effectively underpinned services supporting critical or important functions.
- Submission date
- Status
-
Question under review
- Answer prepared by
-
Answer prepared by the Joint ESAs Q&A