EPIF in coordination with the EACB and the ESBG has shared with EBA a Joint Letter on DORA (the Digital Operational Resilience Act). DORA entered into force in January this year.

 

This letter highlights industry’s concerns on what information ICT should or should not include in the national registers of ICT providers for the financial services industry. These registers have become mandatory under DORA.

 

We are noticing that national competent authorities are adopting different approaches and supervisory expectations as to what ICT services should or should not be included in the registers.

 

The industry would welcome if the European Supervisory Authorities (ESAs), as part of their mandate to promote supervisory convergence across the EU, could work towards a common approach and understanding on what regulated entities should or should not include in the registers.