The European Supervisory Authorities (EBA, EIOPA and ESMA) published a Discussion Paper on their joint advice to the European Commission on its request for technical advice on two delegated acts specifying further criteria for critical ICT third-party service providers (CTPPs) and determining oversight fees levied on such providers, under Articles 31 and 43 of the Regulation on Digital Operational Resilience (“DORA”).
Discussion paper on the joint ESAs advice to the European Commission on two delegated acts specifying further criteria for critical ICT third-party service providers (CTPPs) and determining oversight fees levied on such providers, under Articles 31 and 43 of Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operation resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011.
The European Commission sent its request to the European Supervisory Authorities (ESAs) on 21 December 2022 and the ESAs are expected to deliver their technical advice by 30 September 2023. The purpose of the Discussion Paper is to consult market participants on the ESAs’ proposals towards the specific issues listed in the Call for Advice. The resulting input of this consultation will inform the ESAs’ advice.
In light of the two delegated acts envisaged in the Regulation on Digital Operational Resilience for the Financial Sector (“DORA”), the European Commission has requested (‘CfA’) the ESAs’ technical advice to further specify the criteria for critical ICT third-party service providers (CTPPs) and determine the fees levied on such providers1. The ESAs shall deliver their technical advice by 30 September 2023.
The purpose of this discussion paper is to consult market participants, in an open and transparent manner, on the ESAs’ proposals towards the specific issues listed in the CfA. The provided answers during this consultation will be taken into account in the ESAs’ advice.
The ESAs invite comments on all proposals put forward in the Discussion Paper and in particular to the questions presented throughout the paper and as presented in this survey.
Comments are most helpful if they:
- respond to the question stated;
- indicate the specific point to which a comment relates;
- contain a clear rationale;
- provide evidence (including relevant data where applicable) to support the views expressed;
- reflect a cross-sectoral (banking, insurance, markets)
Any decision we make not to disclose the response is reviewable by the ESAs’ Boards of Appeal and the European Ombudsman.
The protection of individuals with regard to the processing of personal data by the ESAs is based on
Regulation (EU) 1725/2018 of the European Parliament and of the Council of 23 October 2018. Further information on data protection can be found under the Legal notice section of the ESA websites.
The views expressed in this Discussion Paper are preliminary and will not bind in any way the ESAs in the future development of the draft final response to the European Commission (Commission). They are aimed at eliciting discussion and gathering the stakeholders’ opinion at an early stage of the process.