Search a question

From

Question ID

Workflow status

Topic

Legislative Act

Keywords

View PDF

ESMA_QA_2675

Topic

ICT third-party risk management

28/10/2025

Subject Matter

Contractual agreement with ICT service providers

Question

Art. 30 (1) & (2) of DORA demand that financial institutions have signed contractual agreements with all their ICT service providers, in particular in Art. 30(2) &(3) the elements that shall be included in the contractual arrangements are listed.

Are ICT service providers permitted under DORA to charge the financial institutions "merely for signing" a DORA addendum or updated contractual arrangements in the framework of Art. 30, DORA?

Level 1 Regulation

Regulation (EU) 2022/2554 - The Digital Operational Resilience Act (DORA)

ESMA_QA_2646

Topic

ICT third-party risk management

18/09/2025

Subject Matter

Audit frequency limitations

Question

As DORA requires financial entities to pre-determine the frequency of audits and inspections on the basis of a risk-based approach, are financial entities not permitted to agree on a maximum audit frequency (e.g. once per year) with their ICT third-party service providers?

Level 1 Regulation

Regulation (EU) 2022/2554 - The Digital Operational Resilience Act (DORA)

ESMA_QA_2547

Topic

Other DORA topics

27/05/2025

Subject Matter

Does DORA also apply to non-EU AIFM?

Question

The regulation applies to managers of alternative investment funds according to Article 2, point (k) of DORA. According to Article 3, (point 44), of DORA a manager of alternative investment funds is defined as “a manager of alternative investment funds as defined in Article 4(1), point (b), of Directive 2011/61/EU”.
According to Article 4(1), point (b), of Directive 2011/61/EU (AIFM Directive) “AIFMs’ means legal persons whose regular business is managing one or more AIFs”. We are of the understanding that Article 4(1), point (b), does not exclude non-EU AIFM. EU AIFM and non-EU AIFM are defined in Article 4(1), point (L) and point (ab). Since DORA only refers to article 4(1), point (b), of the AIFM Directive and not to article 4(1), point (L), we are wondering if DORA applies to both EU and non-EU AIFM as the definition implies.

Level 1 Regulation

Regulation (EU) 2022/2554 - The Digital Operational Resilience Act (DORA)

ESMA_QA_2496

Topic

ICT-related incident

27/03/2025

Subject Matter

Incident report submission format

Question

What is the submission format for the incident reports (initial notification, intermediate and final) that CTPPs and Financial Entities need to submit to the CA?

Level 1 Regulation

Regulation (EU) 2022/2554 - The Digital Operational Resilience Act (DORA)

ESMA_QA_2459

Topic

11/03/2025

Subject Matter

Fintech company: DORA AND ROI

Question

Hi Team,

Hope you are well!

We are a Spanish Fintech company called Toqio, our company lets you create, customize, and scale unique financial products in our platform.Please find more information below:

https://toqio.co/platform

Could you please confirm that we have to comply with DORA and also we have to send the ROI to the authorities?

Thank you in advance,

Kindest regards,

Ester

Level 1 Regulation

Regulation (EU) 2022/2554 - The Digital Operational Resilience Act (DORA)

48-hour rule
Application to operate in the Union
Complaints handling and reasoned concerns
Digital operational resilience testing
Disclosures to the public
Disclosures to users of ESG ratings, rated items and issuers of rated items
Environmentally sustainable and sustainability-linked bonds
External reviewers - Analysts and other persons involved in assessment activities
External reviewers - Assessment methodologies and errors
External reviewers - Compliance
External reviewers - Conflicts of interest and provision of other services
External reviewers - Outsourcing
External reviewers - Record-keeping
External reviewers - Registration and material changes
External reviewers - Senior management and board
External reviewers - Systems, resources and procedures
External reviewers - Third-country regimes
External reviewers – Accounting, internal control and control arrangements for information systems
Fair reasonable and non-discriminatory
Financial Instruments
Independence and avoidance of conflicts of interest
Issuer disclosures
Methodologies
Non-profit organisations
Outsourcing
Oversight function
Rating analysts, employees and other persons involved in the provision of ESG ratings
Record-keeping
Scope (including exemptions)
Separation of business and activities
Temporary regime for small providers
Third-country regimes
ICT risk management
ICT-related incident
ICT third-party risk management
Oversight framework of CTPPs
Other DORA topics
Asset-Referenced Token (ART)
Blockchain
Blockchain
Bonds marketed as environmentally sustainable or sustainability-linked bonds
CCP Recovery
CCP Resolution
Compensatory measures for DLT market infrastructures
Consensus mechanism
Crypto assets
Crypto-Asset Service Provider (CASP)
Cryptocurrency
Decentralised Finance (DeFi)
Decentralized autonomous organization (DAO)
Distributed Ledger Technology (DLT)
DLT financial instruments
DLT market infrastructure
DLT multilateral trading facility (DLT MTF)
DLT Pilot Regime
DLT settlement system (DLT SS)
DLT trading and settlement system (DLT TSS)
Electronic money token (EMT)
EU-CCPs
Exemptions for DLT market infrastructures
External reviewers
Funds’ names
Issuer of crypto assets
Market abuse in crypto-asset market
MiFID services under Article 6(4) of the AIFMD
Mining
Node
Non-Fungible Tokens (NFT)
Other issues (CCP)
Prospectus
Register of information
Requirements for DLT market infrastructures
Sandbox
Securitisation
Smart contract
Stablecoin
Third country CCPs
Third-country external reviewers
Token
Tokenisation
Use of proceeds
Wallet
White paper
* EMIR Reporting
Benchmark
Best Execution
Credit rating agencies
Equity transparency
General questions - Book-entry form
General questions - Counterparty
Public offer
Scope
Scope
Securitisation
UCITS eligible assets and investment restrictions
* EMIR Art.9 reporting
Benchmarks
CRA Regulation
Definitions
Definitions
General questions - Other topics
General questions - Settlement periods
Initial Public Offer/IPO
Non-equity transparency
Securitisation Regulation
Suitability
UCITS global exposure
AIFMD scope
Appropriateness
Benchmarks Regulation
Credit rating disclosures
Determination of net short position
Equity
Exemption for monetary and public debt management activities
General questions - Other topics
OTC derivatives
OTC Derivatives questions - Definition of OTC derivatives
Pre-trade transparency waivers
Securitisation Repositories
AIFMD reporting
BMR
Credit rating press release
CSD questions - Authorisation of CSDs
Double volume cap
ESMA70-1861941480-52 Questions and Answers Implementation of the Regulation (EU) No 648/2012 on OTC derivatives, central counterparties and trade repositories (EMIR)
Financial reporting
Inside information, public disclosure and delayed disclosure of inside information
OTC Derivatives questions - Clearing thresholds
Recording of telephone conversations and electronic communications
STS Securitisations
Transparency of net short positions
Climate Benchmarks
CSD questions - Supervision of CSDs
EMIR Intragroup exemption
Insider dealing and legitimate behaviour, including market soundings
MMF
Non-Equity
OTC Derivatives questions - Clearing obligation
Preliminary ratings
Record keeping
STS Notifications
Systematic internaliser regime
Uncovered short sales
Contribution
CSD questions - CSD core and ancillary services (other than banking-type ancillary services)
Data reporting services providers
ESG ratings
EuVECA
Exemptions: third-country shares
Investment advice on an independent basis
Market manipulation, including buy-back programmes and stabilisations
OTC Derivatives questions - Bilateral margining
Passporting
reporting of exposures
Securitisation Disclosure Templates
Accepted market practices and liquidity contracts for SMEs
Critical Benchmarks
CSD questions - Provision of banking-type ancillary services, including cash settlement
EuSEF
Exemptions: market makers and primary operations
OTC Derivatives questions - Intragroup exemption
Reducing Reliance on Ratings
Registration Document
reporting of notional amounts
Third country issues
Third-Party Verifiers
Underwriting and placing
CSD questions - Provision of services in another Member State
ECAI Mapping
ELTIF
EURIBOR
frequency of derivatives reports
Inducements (research)
OTC Derivatives questions - Risk mitigation techniques (other than bilateral margining)
Position limits
Powers of NCAs and ESMA: short-selling bans and other emergency measures
Prevention and detection of market abuse, including STORs
Securities Note
Structured Finance Instruments
Ancillary activity
Cleared derivatives
CSD questions - Third-country CSDs
IBORs
Information to clients on costs and charges
Insider lists
Leverage
OTC Derivatives questions - Indirect clearing
Other SSR-related topics
Prospectus Register
Sovereign Bond Backed Securities (SBBS)
Sovereign Ratings
Capital requirements
CSD questions - Organisational requirements (governance arrangements, record keeping, outsourcing, user committee)
EU Growth Prospectus
Information to clients on topics other than costs and charges
IOSCO C6
LIBOR
Managers' transactions
OTC Derivatives questions - Other
Position reporting
REFIT
Client categorisation
CSD questions - Conduct of business rules (participation criteria, transparency, communication procedures)
Delegation
Investment recommendations and statistics and disclosure of information on the media
Mandatory Contribution / Administration
Mandatory delegation of reporting
MiFIR questions - Indirect clearing
Position management controls
Risk factors
Third country CRA
Allocation of responsibility
CSD questions - Requirements for CSD services (reconciliation measures, asset segregation, settlement finality, participant default rules and procedures)
Direct Electronic Access and algorithmic trading
Endorsement and equivalence
Inducements
Methodology
MiFIR questions - Straight through processing (timing of acceptance for clearing)
NCAs powers under MAR and cooperation with ESMA and other authorities, including annual report on MAR sanctions
Remuneration
Universal Registration Document/URD
Base Prospectus/Final terms
CSD questions - Prudential requirements (risk-management framework)
Inducements
Mechanistic reliance
MiFIR Questions - Other
Other MAR-related topics
Provision of investment services and activities by third country firms
Registration/Authorisation
Tick size regime
Validation rules
Costs and fees
CSD questions - Requirements for CSD links
Multilateral and bilateral systems
Product governance
Secondary issuance prospectus
Significant Benchmarks
TRACE
* Trade Repositories
Access to CCPs and trading venues
Content of prospectus
CSD questions - Access to CSDs
Disclosures
Product intervention
Third-Country Regimes
CSDR questions - Other topics
Fall Back Provisions
inter TR Reconciliation process
Publication of prospectus
Remuneration
Risk management
Liquidity stress testing
Prospectus Summary
reporting of counterparty side
Reporting to clients
Settlement discipline - Measures to prevent settlement fails
Efficient portfolio management (EPM) techniques
NCAs' onboarding
Notifications of major shareholdings
Safeguarding of client assets
Settlement discipline - Monitoring settlement fails
Outsourcing
Reporting at position level
Settlement discipline - Cash penalties: scope
Share classes
Transparency
Alternative Performance Measures (APM)
Control functions (Compliance, Risk and Audit)
Depositaries
Settlement discipline - Cash penalties: process
Variation margin
Conflicts of interests
Entity Responsible for Reporting
ETFs
Settlement discipline - Buy-in: scope
* SFTR (Securities Financing Transactions)
Cross-border distribution of funds
Settlement discipline - Buy-in: process
* SFTR Art. 4
Settlement discipline - Buy-in: cash compensation, buy-in costs and price difference
Settlement discipline - Other topics
SFTR LEI statement
Internalised settlement - Scope
SFTR Covid-19 statement
Internalised settlement - Reporting parameters
Securities lending and borrowing (SLB)
Internalised settlement - Other topics
Sell buy back/ buy sell back (SBB/BSB)
reuse of collateral
Repo
Margin lending
frequency of SFT reporting
Settlement fails
Net exposure collateral
Lombard loans
* Market Data Reporting
ISO20022/XML schemas
* UTI (Unique Trade Identifier)
* ETD (Exchange Traded Derivative)
* UPI (Unique product Identifier)
* LEI (Legal Entity Identifier)
ANNA
DSB
GLEIF
ISIN
Underlying instrument
Record keeping
CLC
Back-reporting
MAR Article 4
CONCAT
ESMA70-1861941480-56 Questions and Answers on MiFIR reporting
* ARM (approved Reporting Mechanism)
APA
CTP
DRSP
* Transaction reporting
Admission to trade
RCA determination
ToTV
TVTIC
MIC
Instrument Reference data
FIRDS
National client identifier
* Reference data
* Market Monitoring
Decision maker
Buyer/Seller
Portfolio management
Corporate actions
CFI validations
Clock syncronisation

ESGR - Regulation (EU) 2024/3005 (6)
EU Green Bond Regulation (EU) 2023/2361 (0)
MiCA (43)
Regulation (EU) 2019/2088 - Sustainable Finance Disclosure Regulation (SFDR) (8)
Regulation (EU) 2022/2554 - The Digital Operational Resilience Act (DORA) (41)
Regulation (EU) 2022/858 - DLT Pilot Regime Regulation (DLTR) (35)
Alternative Investment Fund Managers Directive (AIFMD) Directive 2011/61/EU (41)
Benchmarks Regulation (BMR) - Regulation 2016/1011 (55)
Central Securities Depositories Regulation (CSDR) Regulation (EU) No 909/2014- PTR- CSDR (31)
Consolidated Admissions and Reporting Directive (CARD) Directive 2001/34/EC (0)
Credit Rating Agencies Regulation (CRAR) Regulation (EC) No 1060/2009 (17)
Cross-border distribution of funds - Regulation (EU) 2019/1156 (0)
Directive 2014/65/EU - Markets in Financial Instruments Directive (MiFID II) (15)
ESG Disclosures - Regulation (EU) 2019/2088 (0)
European Long-Term Investment Funds Regulation (ELTIF) Regulation (EU) 2015/760 (19)
European Market Infrastructure Regulation (EMIR) Regulation (EU) No 648/2012- MDP (13)
European Market Infrastructure Regulation (EMIR) Regulation (EU) No 648/2012- PTR- Derivatives (1)
European Market Infrastructure Regulation EMIR (Refit) - Regulation (EU) 2019/834- PTR- Derivatives (0)
European Social Entrepreneurship Funds Regulation (EuSEF) Regulation (EU) No 346/2013 (6)
European Venture Capital Regulation (EuVECA) Regulation (EU) No 345/2013 (1)
Investor Compensation Scheme Directive (ICSD) Directive 97/9/EC (0)
Market Abuse Directive II (MAD II) Directive 2014/57/EU - Market Intergrity (0)
Market Abuse Regulation (MAR) Regulation (EU) No 596/2014 - MDP (0)
Market Abuse Regulation (MAR) Regulation (EU) No 596/2014 - Market Intergrity (47)
Markets in Financial Instruments Directive II (MiFID II) Directive 2014/65/EU- Investor Protection and Intermediaries (136)
Markets in Financial Instruments Directive II (MiFID II) Directive 2014/65/EU- MDP (3)
Markets in Financial Instruments Directive II (MiFID II) Directive 2014/65/EU- Secondary Markets (141)
Markets in Financial Instruments Regulation (MiFIR) Regulation (EU) No 600/2014 - Investor Protection and Intermediaries (41)
Markets in Financial Instruments Regulation (MiFIR) Regulation (EU) No 600/2014- MDP (59)
Markets in Financial Instruments Regulation (MiFIR) Regulation (EU) No 600/2014- PTR- Derivatives (0)
Markets in Financial Instruments Regulation (MiFIR) Regulation (EU) No 600/2014- Secondary Markets (64)
Money Market Fund (MMF) Regulation (EU) 2017/1131 (0)
Packaged Retail and Insurance-based Investment Products Regulation (PRIIPS) Regulation (EU) No 1286/2014 (1)
Prospectus Regulation 2017/1129 (93)
Regulation 2020/1503 - European crowdfunding service providers for business (63)
Regulation 2021/23 - recovery and resolution of central counterparties (CCPRRR) (5)
Regulation 600/2014 - Markets in Financial Instruments Regulation (MiFIR) (0)
Regulation 648/2012 - OTC derivatives, central counterparties and trade repositories (EMIR) - CCPs (51)
Securities Financing Transactions Regulation (SFTR) Regulation (EU) 2015/2365- MDP (19)
Securitisation Regulation (EU) 2017/2402 (221)
Settlement Finality Directive (SFD) Directive 98/26/EC - PTR- CSDR (0)
Short Selling Regulation (SSR) Regulation (EU) No 236/2012 (72)
Transparency Directive (TD) Directive 2004/109/EC (43)
Undertakings for Collective Investment in Transferable Securities Directive (UCITS) Directive 2009/65/EC (140)