Question ID: DORA187 - 3199
Regulation Reference: (EU) 2022/2554 - Digital Operational Resilience Act (DORA)
Topic: Register of Information (DORA)
Article: 28(3)
Status: Final
Date of submission: 06 Dec 2024
Question
- Is the list of the type of ICT services in Annex III of the draft Implementing Technical Standards on the standard templates for the purposes of the register of information in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers an exhaustive list?
- Can an out-of-scope financial entity – such as a micro or SME insurance intermediary - be considered as an ICT third party provider if they provide ICT services that are described in the Annex III of the ESA ITS on information register, to an in scope financial entity - such as an insurer?
- Can an out-of-scope financial entity – such as a micro or SME insurance intermediary - be considered as an ICT third party provider if they provide ICT services that are NOT described in the Annex III of the ESA ITS on information register, to an in scope financial entity - such as an insurer?
EIOPA answer
There is no possibility to enter other values than the ones defined in Annex III for the reporting of the register of information. Only types of ICT service listed in Annex III are accepted for the reporting of the Register of Information. The description of the types of ICT services listed in Annex III is sufficiently high-level to allow the registration of all types of ICT services.
The submitter can also refer to Q&A DORA030 for further guidance regarding the difference between ICT service and financial service.