This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Skip to main content
Linklaters
All Posts
| 1 minute read
Reposted from Linklaters - Financial Regulation Insights

EU shares key guidance on DORA

Get in touch

Avatar
Raza Naeem
Partner
Avatar
James Morris
Counsel
Avatar
Simon Treacy
Financial Regulation Senior Associate, London

Get in touch

Avatar
Raza Naeem
Partner
Avatar
James Morris
Counsel
Avatar
Simon Treacy
Financial Regulation Senior Associate, London

Can a financial service be an ICT service? This question often came up in the course of implementing the EU’s Digital Operational Resilience Act. Now the European Commission has shared its views.

Interpreting ICT services

The scope of ICT services under DORA is important for EU financial entities because it impacts the scale of their implementation. EU firms must update their contracts with ICT service providers and record information about these arrangements on a DORA register. A broader interpretation of ICT services means more contract talks and a longer register to maintain.

The question is also important for firms and market infrastructure based both in the EU and elsewhere. This is because an expansive interpretation raised the prospect of their financial services to EU firms being treated as ICT services. This would have an extensive impact on contractual arrangements and could lead to other parts of the DORA regime applying to them.

Commission's view

Guidance from the European Commission now aims to settle the question. According to the Commission in a Q&A released via one of the European Supervisory Authorities, where “the providing financial entities and the financial services they provide are regulated under [EU] law or any national legislation of a Member State or of a third country […] the related ICT service should be considered to predominantly be a financial service and should not be treated as an ICT service within the meaning of DORA”. In other words, the rule of thumb is that financial services do not need to be treated as “ICT services” under DORA.

There is still room for more debate. For example, the same guidance reiterates that the definition of ICT services should be understood in a broad manner and that financial entities may provide ICT services to other financial entities. This may be relevant where financial firms provide ICT services that are standalone or independent from their regulated activities.

Even so, the latest clarification is a welcome move from the Commission. Now that DORA applies, EU financial entities can refocus their compliance efforts on indisputable ICT services.

DORA - digital operational resilience act. EU flag. Vector illustration

Subscribe to our Tech Insights blog for insights, updates and news from our experts - subscribe now!

Tags

dora, commission, eu, uk, global, banking, fintech, operational resilience, payments, insurance, funds

Get in touch

Avatar
Raza Naeem
Partner
Avatar
James Morris
Counsel
Avatar
Simon Treacy
Financial Regulation Senior Associate, London

Get in touch

Avatar
Raza Naeem
Partner
Avatar
James Morris
Counsel
Avatar
Simon Treacy
Financial Regulation Senior Associate, London

Latest Insights