EU-DORA-31-14 Requirement 31 — Designation of critical ICT third-party service providers

Decide on voluntary critical designation application within 6 months

Description

EBA, ESMA or EIOPA, through the Joint Committee, must decide whether to designate an ICT third-party service provider as critical and notify the decision within 6 months of receipt of the application.

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Related Obligations

EU-DORA-31-01 Registration

Designate critical ICT third-party service providers

EU-DORA-31-02 Registration

Appoint Lead Overseer for critical ICT third-party service providers

EU-DORA-31-03 Requirement

Designate coordination point for group critical ICT service providers

EU-DORA-31-04 Transparency

Notify ICT third-party service provider of assessment outcome

EU-DORA-31-05 Transparency

Submit reasoned statement within 6 weeks

EU-DORA-31-06 Requirement

Consider reasoned statement and may request additional information

EU-DORA-31-07 Transparency

Notify ICT third-party service provider of critical designation

EU-DORA-31-08 Transparency

Notify financial entities of critical designation

EU-DORA-31-09 Requirement

Adopt delegated act specifying criteria by July 17, 2024

EU-DORA-31-10 Transparency

Establish, publish and update yearly list of critical ICT third-party service providers

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Decide on voluntary critical designation application within 6 months

Description

Full Analysis & Evidence Requirements

Related Obligations

Map this obligation to your AI systems

Start your compliance assessment