Financial Services Regulation

EU DORA: Regulators announce Critical ICT Third-Party Providers

December 14, 2025 Comments Off on EU DORA: Regulators announce Critical ICT Third-Party Providers
EU DORA

On 18.11.2025 the European Supervisory Authorities (ESAs) announced 19 information and communications companies as Critical Third-Party Providers (CTPPs) under EU DORA.

Who are Critical Third-Party Providers under EU DORA?

The designated companies are large-scale providers of technology infrastructure, software, and data to EU financial services. They are considered critical because:

  1. The potential systemic impact if the provider were to suffer a large-scale operational failure.
  2. The systemic importance of financial entities that are reliant on the provider.
  3. The concentration of reliance on the provider within the financial sector.
  4. the (low) substitutability of the provider’s services.

The 19 are Accenture plc, Amazon Web Services EMEA Sarl, Bloomberg L.P., Capgemini SE, Colt Technology Services, Deutsche Telekom AG, Equinix (EMEA) B.V, Fidelity National Information Services Inc, Google Cloud EMEA Limited, International Business Machine Corporation, InterXion HeadQuarters B.V, Kyndryl Inc, LSEG Data and Risk Limited, Microsoft Ireland Operations Limited, NTT DATA Inc, Oracle Nederland B.V, Orange SA, SAP SE, Tata Consultancy Services Limited.

The list of CTPPs for EU DORA will be updated annually. Given recent major outages in global ICT it is possible that the outsourced providers of the CTPPs may be subject to greater oversight in the future.

How are Critical Third-Party Providers regulated?

CTPPs are subject to direct oversight by ESAs to ensure they have appropriate risk management and governance structures to protect the financial sector from cyber threats and ensure resilience.

CTPPs now have several compliance obligations under the five pillars of DORA, including security, incident management, data sharing, and reporting.

As such, responsibility for IT is no longer just the customer’s problem; there are legal and commercial consequences for the CTPPs.

Who are the European Supervisory Authorities?

The joint committee of the European supervisory authorities includes the European Banking Authority (EBA), European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA).

Why does DORA matter?

As financial services become digitalised and cyber attacks increase, the need for enhanced security and business continuity of information and communication technologies (ICT) has increased.

EU DORA seeks to improve resilience by creating new and higher standards for EU-regulated financial services firms and their 3rd-party ICT providers.

Continue reading

Open banking while shopping online
Financial Technology

Open Banking in Europe

March 18, 2026 Comments Off on Open Banking in Europe

Open Banking emerged as a concept in 2010s, as regulators sought to stimulate competition and innovation in financial services. On launch in 2018, adoption was slow as fragmented technology, concerns about data sharing, and limited use cases created headwinds. Over time, the popularity of digital business models such as fintech and ecommerce grew among consumers […]

Banking as a service for ecommerce
Financial Services, Financial Technology

What is Banking as a Service?

March 16, 2026 Comments Off on What is Banking as a Service?

Banking as a Service (BaaS) occurs when an authorised financial institution allows a non-bank business to offer financial services on a white-label basis. This allows the non-bank to creatie new revenue streams, better customer experiences and deeper relationships. BaaS lowers the barrier to entry to financial services and is profitable at scale. However, it remains […]

Open banking while shopping online
Financial Technology

What is Open Banking? Beyond Payments

March 12, 2026 Comments Off on What is Open Banking? Beyond Payments

Open Banking allows third-party providers (TPPs) to source account data and initiate payments from a customer’s account at another financial institution. Open Banking is used by financial and non-financial businesses to innovate new services, automate processes, and make decisions that were previously excluded, giving customers better choices and experiences. Consumers and businesses must consent to […]