ESMA_QA_2456
07/03/2025
Subject Matter
Clarification on DORA Compliance for Intra-Group providers
Original question
Can you confirm our understanding of the DORA law: an intra-group entity providing services to a financial entity is subject to the same obligations as a non-critical third-party provider. This includes requirements related to contractual arrangements, provisions for critical functions, exit strategies and termination conditions, information registry, reporting to competent authorities, and pre-contractual assessments. Additionally, if the services involve critical or important functions, further requirements apply, such as TLPT tests and audits by competent authorities.
Status: Question Rejected
Additional Information
Level 1 Regulation
Regulation (EU) 2022/2554 - The Digital Operational Resilience Act (DORA)
Topic
ICT third-party risk management