EU-DORA-31-09 Requirement 31 — Designation of critical ICT third-party service providers

Adopt delegated act specifying criteria by July 17, 2024

Description

The Commission must adopt a delegated act in accordance with Article 57 to supplement this Regulation by specifying further the criteria for designation by 17 July 2024.

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Related Obligations

EU-DORA-31-01 Registration

Designate critical ICT third-party service providers

EU-DORA-31-02 Registration

Appoint Lead Overseer for critical ICT third-party service providers

EU-DORA-31-03 Requirement

Designate coordination point for group critical ICT service providers

EU-DORA-31-04 Transparency

Notify ICT third-party service provider of assessment outcome

EU-DORA-31-05 Transparency

Submit reasoned statement within 6 weeks

EU-DORA-31-06 Requirement

Consider reasoned statement and may request additional information

EU-DORA-31-07 Transparency

Notify ICT third-party service provider of critical designation

EU-DORA-31-08 Transparency

Notify financial entities of critical designation

EU-DORA-31-10 Transparency

Establish, publish and update yearly list of critical ICT third-party service providers

EU-DORA-31-11 Reporting

Transmit reports to Oversight Forum yearly

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Adopt delegated act specifying criteria by July 17, 2024

Description

Full Analysis & Evidence Requirements

Related Obligations

Map this obligation to your AI systems

Start your compliance assessment