The European Supervisory Authorities (EBA, EIOPA, ESMA – the ESAs) today published a guide on oversight activities under the Digital Operational Resilience Act (DORA). The aim of this guide is to provide an overview of the processes used by the ESAs through the Joint Examination Teams (JET) to oversee critical Information and communication technology (ICT) third party service providers (CTPPs).
This guide provides high-level explanations to external stakeholders regarding the CTPP Oversight framework. Furthermore, it provides an overview of the governance structure, the oversight processes, the founding principles and the tools available to the overseers.
However, the guide is not a legally binding document and does not replace the legal requirements laid down in the relevant applicable EU law.
The ESAs invite the public, financial entities and, crucially, third-party providers to use this document to prepare for the oversight implementation.
Additional information on the oversight implementation:
For more information on the implementation of the DORA Oversight framework, please refer to this presentation.