We have a supplier who handles a critical process for us. Although the service itself is not directly ICT-related, the supplier uses ICT systems to deliver these services to us. The supplier believes that they should not be classified as a third party under DORA and therefore do not need an additional agreement. When I make an overall assessment of this, I believe they fall within the scope of DORA, as we should consider their systems as our own due to it being an outsourcing function. I am having difficulty finding the exact wording in DORA to support our assessment. Could you clarify which specific articles and regulations within DORA apply to the classification of third parties handling critical or important functions, even if the service is not directly ICT-related? Is it correct that our supplier, who uses ICT systems to deliver critical services, should be subject to DORA's requirements for third parties?