Article 41, Harmonisation Of Conditions Enabling The Conduct Of The Oversight Activities, Digital Operational Resilience Act (DORA)

Overview

1. The ESAs shall, through the Joint Committee, develop draft regulatory technical standards to specify:

(a) the information to be provided by an ICT third-party service provider in the application for a voluntary request to be designated as critical under Article 31(11);

(b) the content, structure and format of the information to be submitted, disclosed or reported by the ICT third-party service providers pursuant to Article 35(1), including the template for providing information on subcontracting arrangements;

(c) the criteria for determining the composition of the joint examination team ensuring a balanced participation of staff members from the ESAs and from the relevant competent authorities, their designation, tasks, and working arrangements.

(d) the details of the competent authorities’ assessment of the measures taken by critical ICT third-party service providers based on the recommendations of the Lead Overseer pursuant to Article 42(3).

2. The ESAs shall submit those draft regulatory technical standards to the Commission by 17 July 2024.

Power is delegated to the Commission to supplement this Regulation by adopting the regulatory technical standards referred to in paragraph 1 in accordance with the procedure laid down in Articles 10 to 14 of Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010.

Summary Of Article 41

Article 41 of the Digital Operational Resilience Act (DORA) mandates that the European Supervisory Authorities (ESAs), through the Joint Committee, develop draft regulatory technical standards. These standards must define the specific information ICT third-party service providers must submit to request critical status, and outline the format for reporting and disclosing relevant data, including subcontracting arrangements. Additionally, the standards will establish criteria for forming balanced joint examination teams and ensure a thorough assessment process by competent authorities based on recommendations from the Lead Overseer. These standards must be submitted to the European Commission by July, 2024.