Search QAs

What are the standards Article 28(5) is referring to?

- Is the list of the type of ICT services in Annex III of the draft Implementing Technical Standards on the standard templates for the purposes of the register of information in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers an exhaustive list?

In the Excel file “List of possible values for all data fields with drop downs (updated 17 February 2025)” published on the European Banking Authority’s website on preparations for reporting of DORA registers of information the list of drop-down values concerning B_01.02.0040 (LIST0102040) is missing two values that have been included in the fill-in instruction for B_01.02.0040 in the implementing technical standards.

What is the expected submission format for incident reports (initial notification, intermediate and final report) to the CAs? Will there be a data-point model provided by the ESAs?

Can you please confirm that Articles 28-30 DORA will only apply to those contractual arrangements for "ICT Services" that are provided on continuous basis as a digital and data service, i.e. not to contractual arrangements for one-off provision of licenses or products?

We read about European Commission's rejection of the RTS (2554) on Subcontracting stating that the draft RTS on Subcontracting exceeds the mandate given in Article 30(5) DORA https://finance.ec.europa.eu/document/download/9a7139d5-1cbf-4dca-a5cf-…

Please advise when the 30(5)-related RTS is planned to be published.

Can the usage of code-sharing platforms (e.g. Bitbucket, Github) be considered an ICT-service under DORA?

Do mobile apps fall under the scope of the DORA regulation as ICT services used by financial sector companies to provide digital products and services to their customers? For example, would mobile banking apps, mobile payment apps, crypto digital wallets, and trading apps be covered under DORA?

Given the definition provided under Article 3 No. 21 of the DORA Regulation, we ask if the provisions of a service which is not in itself a “digital and data service” (such as for example the provision of corporate welfare, recruiting activities, advertising activities), but provided through an IT tools (e.g. SaaS), is included in the DORA scope and, in particular, in ROI.