/ 1 min read

DORA: Clarification on ICT services

Authors

Howard Womersley Smith, Asélle Ibraimova

The European Commission clarified whether EU financial entities can descope from DORA services received from financial entities, which include an ICT component.

Interpretation of the European Commission's response

If the services of a financial entity that would normally be considered an ICT service under DORA are a regulated financial service under the US, UK or EU laws (for example), such services should not be considered an ICT service under DORA. 

The logic to this clarification is based on the fact that such a service is already controlled by regulation elsewhere.

Having said that, the power of the determination is in the hands of the receiving financial entity.

Financial services may entail an ICT component. In the case that financial entities provide ICT services to other financial entities in connection to their financial services, the receiving financial entities should assess whether i) the services constitute an ICT service under DORA, and ii) whether the providing financial entities and the financial services they provide are regulated under Union law or any national legislation of a Member State or of a third country. In case both tests are positive, then the related ICT service should be considered to predominantly be a financial service and should not be treated as an ICT service within the meaning of DORA Article 3(21).

Read more

Subscribe

Related insights

Our insights