Question ID: DORA 249 - 3377
Regulation Reference: (EU) 2022/2554 - Digital Operational Resilience Act (DORA)
Topic: ICT third-party risk management (DORA)
Article: N/A
Status: Rejected
Date of submission: 04 Jul 2025
Question
The company has several business lines. Only one is subject to DORA. If the external supplier provides services for only one business line not subject to DORA, should they be treated as ICT suppliers?
EIOPA answer
This question has been rejected because the matter falls within the scope of Q&A 136.