- Question ID
-
2025_7414
- Legal act
- Regulation (EU) No 2022/2554 (DORA Reg)
- Topic
- ICT-related incidents (management / classification / reporting)
- Article
-
3
- Paragraph
-
21
- COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations
- Regulation (EU) 2024/2956 - ITS on the register of information
- Article/Paragraph
-
3(2)b)
- Type of submitter
-
Law firm
- Subject matter
-
Dora agreements - ICT service supports a CIF
- Question
-
When an ICT Service supports a Critical and Important Function (CIF) within a financial entity, providers must sign DORA agreements with their suppliers if the supplier:
a) Provides an ICT Service (as per the DORA definition).
b) Critically underpins the ICT Service, meaning its disruption could affect security or continuity (based on ITS on Register of Information, Article 3(2)(b)).
Is this interpretation correct? Or must DORA agreements be signed with all critical suppliers, even those that do not provide ICT Services?
- Background on the question
-
N/A
- Submission date
- Rejected publishing date
-
- Rationale for rejection
-
This question has been rejected because it has not sufficiently identified a provision of a legal framework covered by this tool that creates uncertainty and for which an explanation is merited in terms or practical implementation or application.
The Single Rule Book Q&A tool has been established to provide explanations and non-binding interpretations on questions relating to the practical application or implementation of the provisions of legislative acts referred to in Article 1(2) of the EBA’s founding Regulation, as well as associated delegated and implementing acts, and guidelines and recommendations, adopted under these legislative acts.
For further information on the purpose of this tool and on how to submit questions, please see 'Additional background and guidance for asking questions'.
- Status
-
Rejected question
