Question ID: DORA211 - 3290
Regulation Reference: (EU) 2022/2554 - Digital Operational Resilience Act (DORA)
Topic: Other DORA topics
Article: 28(1)
Status: Rejected
Date of submission: 13 Mar 2025
Question
The DORA refers in various places to the necessity of ICT services for the conduct of business operations (e.g., Article 28, Paragraph 1). From the DORA's perspective, are services that are not related to the financial institution's business operations not to be classified as ICT services because they are not related to the financial institution's resilience? For example, the provision of software for office furniture management or canteen management?
Background of the question
One of DORAs main purpose is to improve the IT resilience of a financial instituition. So, any IKT services that do not affect or are not related to any of the core tasks or business goals of a financial institute should not be in scope of DORA.
EIOPA answer
This question has been rejected because it is seeking confirmation of a requirement already clearly set out in the regulation.