The European Supervisory Authorities (ESAs) have announced critical timelines for financial entities to submit their registers of information on contractual arrangements with ICT third-party service providers, as required under the Digital Operational Resilience Act (DORA).
Key Information
- Submission Deadline: Financial entities must ensure their registers of information are prepared and submitted to competent authorities ahead of the 30 April 2025 deadline.
- Purpose: These registers will help designate critical ICT third-party service providers (CTPPs), marking the first step in DORA’s oversight activities.
Although the Implementing Technical Standards (ITS) are still pending EU Commission approval, the essential requirements for these registers have been publicly available since January 2024. Financial entities are encouraged to begin preparing, especially for data that may not be readily accessible, such as identifiers of ICT providers.
Industry Support: Upcoming Workshop
To support financial entities in this process, the ESAs are hosting a virtual workshop on:
- Date: 18 December 2024
- Time: 10:00–13:00 CET
- Registration Deadline: 16 December 2024
During the workshop, participants will gain:
- Insights into preparing registers of information.
- Feedback from the 2024 Dry Run exercise, which involved 1,000 financial entities across the EU.
- Updates on validation rules and the reporting technical package, set for release in December 2024.
Stay Compliant
With the deadline fast approaching, this is a vital opportunity for financial entities to ensure compliance with DORA and avoid setbacks.
Register for the workshop here: ESAs Workshop Registration
Prepare early to align with the regulatory framework and maintain operational resilience in the digital age!
