This statement highlights the need for clear distinctions between ICT services and regulated financial services under DORA. EPIF shares the concern that financial services provided by entities regulated by EU legislation should not be misclassified as ICT services. This approach aligns with the principles of proportionality and risk-based oversight.

With the implementation of DORA, we now see the same confusion creep into the application and interpretation of DORA by some Member States when it comes to modern payment chains.

EPIF would therefore very much welcome legal certainty as regards the definition of ICT Services under DORA.