Recital 7 stipulates that when a financial entity outsources a function that makes use of a supportive ICT service that service provider should be considered a ICT third-party service provider. DORA Dry Run FAQ was published on 4th July which clarified that such regulated entities are not to be considered as ICT third-party service providers. This clarification was later withdrawn DORA Dry Run FAQ was published on 29th July.

This question has been rejected because the issue it deals with is already explained or addressed in Article 3 (Definitions) (19) of Regulation (EU) 2022/2554, ‘ICT third-party service provider’ means an undertaking providing ICT services. Therefore if a financial entity is providing ICT services, the FE is considered as an ‘ICT third-party service provider’ and needed to be included in the RoI. Please refer to Q&A DORA030 on the definition of ICT service.