ESAs publishes guidance on DORA oversight of critical ICT providers
The three European Supervisory Authorities (the European Banking Authority, the European Insurance and Occupational Pensions Authority and the European Securities and Markets Authority (ESAs) have published guidance detailing how they will oversee critical Information and Communications Technology (ICT) third-party providers under the Digital Operational Resilience Act (DORA). The guidance outlines the framework for designating critical providers, conducting examinations through investigations and inspections, issuing recommendations and following up on implementation. It establishes a new joint oversight structure including the Joint Oversight Network and Oversight Forum to coordinate activities across the ESAs. The guidance aims to provide clarity to both supervisors and regulated entities on how DORA oversight will operate in practice.