Article 38 Digital Operational Resilience Act (DORA), Oversight Fees

Jul 25, 2024by Sneha Naskar

The Digital Operational Resilience Act (DORA) establishes a robust framework for overseeing and regulating the ICT systems that critical third-party service providers offer to the financial sector. Article 38 specifically addresses the financial aspects of this oversight, focusing on the fees that the European Supervisory Authorities (ESAs) will charge to these service providers. This article ensures that the costs associated with conducting oversight tasks are adequately covered and that the fees are structured in a fair and proportional manner.

Article 38 Digital Operational Resilience Act (DORA), Oversight Fees

Fee Structure For Oversight Activities

  1. Charging Fees to Critical ICT Third-Party Service Providers

Under Article 38, the ESAs are authorized to levy fees on critical ICT third-party service providers. These fees are intended to cover the necessary expenditures related to the oversight tasks as stipulated in DORA. This includes:

  • Administrative Costs: Fees must cover all administrative expenses incurred by the ESAs while performing oversight functions. This ensures that the operational costs associated with regulatory activities are fully met.
  • Reimbursement of Costs: The fees also cover any costs that may be incurred by competent authorities that participate in the oversight activities. This provision acknowledges the collaborative nature of the oversight process, where different authorities work together to ensure comprehensive supervision.

The fees charged must be proportional to the turnover of the critical ICT third-party service provider. This proportionality ensures that the financial burden of the fees is aligned with the scale of the provider's operations, thereby maintaining fairness and equity. 

Regulation Of Fee Amounts and Payment

  1. Delegated Act for Fee Determination

The European Commission holds the authority to adopt a delegated act to further specify the details related to oversight fees. This delegated act will be governed by Article 50 and will cover:

  • Amount of Fees: The delegated act will determine the precise amount of fees that critical ICT third-party service providers must pay. This ensures clarity and uniformity in the fee structure, preventing potential disputes or inconsistencies.
DORA Compliance Framework
  • Payment Procedures: It will also outline the procedures for fee payment, including deadlines and methods of payment. This helps in streamlining the administrative process and ensuring timely collection of fees.

By delegating the task of specifying fee amounts and payment methods to the Commission, the regulation provides a flexible approach that can adapt to changing circumstances and ensure that the fees remain appropriate and fair.

Purpose And Implications

  • Ensuring Adequate Funding for Oversight Activities: The primary purpose of Article 38 is to ensure that the ESAs and the competent authorities involved in oversight activities are adequately funded. By charging fees that cover all necessary expenditures, including administrative and collaborative costs, the regulation ensures that oversight functions can be carried out effectively without financial constraints.
  • Proportionality and Fairness: The requirement for fees to be proportional to the turnover of the critical ICT third-party service providers is crucial for maintaining fairness. This proportionality ensures that smaller providers are not disproportionately burdened by oversight costs, while larger providers contribute in accordance with their capacity. This balanced approach supports a fair regulatory environment and promotes equitable treatment across the sector.
  • Flexibility and Adaptability: The ability of the European Commission to determine the amount of fees and payment methods through a delegated act introduces flexibility into the regulatory framework. This provision allows for adjustments in response to changes in the financial landscape or operational requirements, ensuring that the fee structure remains relevant and effective over time.

Article 38 of the Digital Operational Resilience Act (DORA) provides a comprehensive framework for managing the financial aspects of oversight activities related to critical ICT third-party service providers. By establishing a clear fee structure, ensuring proportionality, and allowing for flexible regulation through a delegated act, the article aims to support effective and equitable oversight. This approach not only facilitates the financial sustainability of oversight activities but also promotes fairness and transparency in the regulatory process, ultimately contributing to the overall resilience and stability of the financial sector.

DORA Compliance Framework