When it comes to specific requirements concerning the ICT-Third-Party Riskmanagement under DORA, reference is regularly made to (core) business activities, e.g. Art. 28 I lit. a. The definition of ICT Services (Art. 3 No. 21) however, is broad, as emphasized in recitals 35 and 63. In the light of DORA objectives, is DORA to be interpreted to the effect that only those ICT Services are included that are related to the core business activities of the financial undertaking and can therefore have a significant impact on the operational business in the event of a failure?