Search QAs

Can you explain and develop the legal meaning of "evidenced weaknesses" ?

When adding an additional row in order to comply with Article 4(2) of the Commission Implementing Regulation (EU) 2024/2956 on standard templates for the register of information, should financial entities repeat key values from the original row or leave these columns empty?

Are Managed Service Providers required to be examined by regulatory authorities?

I read your RTS and refer to your Final Report, Draft regulatory technical standard on the harmonisation of conditions enabling the conduct of the oversight activities under Article 41(1)(c) of Regulation (EU) 2022/2554 dated from 17th July 24

The DORA refers in various places to the necessity of ICT services for the conduct of business operations (e.g., Article 28, Paragraph 1). From the DORA's perspective, are services that are not related to the financial institution's business operations not to be classified as ICT services because they are not related to the financial institution's resilience? For example, the provision of software for office furniture management or canteen management?

For the purpose of preparing the Register of ICT Supplier Information (RoI) on a sub-consolidated basis, is it necessary to include within the different templates (ref. “B_XX.XX.XXX”) the information pertaining to both the Contractual Agreements that the Entity signs and those that it uses?

What are the standards Article 28(5) is referring to?

- Is the list of the type of ICT services in Annex III of the draft Implementing Technical Standards on the standard templates for the purposes of the register of information in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers an exhaustive list?

In the Excel file “List of possible values for all data fields with drop downs (updated 17 February 2025)” published on the European Banking Authority’s website on preparations for reporting of DORA registers of information the list of drop-down values concerning B_01.02.0040 (LIST0102040) is missing two values that have been included in the fill-in instruction for B_01.02.0040 in the implementing technical standards.