The European Commission has taken a significant step in fortifying the regulatory landscape for the financial sector by adopting two Delegated Regulations complementing the Regulation on digital operational resilience for the financial sector (DORA).
Commission Delegated Regulation (22 February 2024)
This regulation supplements DORA by delineating the oversight fees to be levied by the Lead Overseer on critical ICT third-party service providers (CTPPs). DORA introduces an EU oversight framework for CTPPs, allowing the charging of fees to cover the expenses incurred by Lead Overseers during oversight tasks. Article 43 empowers the Commission to adopt a delegated act, specifying the amount of fees and the payment procedures.
Commission Delegated Regulation (EU) (22 February 2024)
This regulation supplements DORA by outlining the criteria for designating ICT third-party service providers as critical for financial entities. Article 31(6) of DORA grants the Commission authority to adopt a delegated act for further specifying the criteria.
Both Delegated Regulations enter into force on the twentieth day following their publication in the Official Journal of the EU. They shall be directly applicable in all Member States.