Question ID: 2998 - DORA031
Regulation Reference: (EU) 2022/2554 - Digital Operational Resilience Act (DORA)
Article: N/A
Status: Rejected
Date of submission: 14 Feb 2024
Question
Does the reference in Art. 30 para. 3 (c) DORA on “the provision of services by the financial entity in line with its regulatory framework” relate to the services the financial entity provides to its customers (e.g. the policy holders in case of an insurance undertaking)?
Background of the question
Explanation: It is unclear if the requirement to implement and test business contingency plans and to have in place ICT security measures, tools and policies relates to the services the ICT Third Party Service Provider provides, as the clause refers to services the financial entity provides, without specifying what services are meant. A specification would be helpful.
EIOPA answer
This question has been rejected because it seeks confirmation of a requirement already clearly set out in the regulation.