FIA, AFME, EACH, ECSDA and FESE have issued a joint statement urging the European Commission and the European Supervisory Authorities to reinstate guidance confirming that regulated financial services should not be treated as Information and Communication Technology (ICT) services under the Digital Operational Resilience Act (DORA).
With the 17 January 2025 DORA application deadline approaching, the associations welcome the intention of the Commission and the ESAs to provide Q&A clarifications on the definition of ICT services. These should reinforce the widely held understanding that regulated financial services, such as those provided by financial market infrastructures, credit institutions and investment firms in their capacity as such, should not be deemed ICT services in the scope of DORA.
“Financial entities are already under significant pressure to ensure that broader third-party arrangements, which are of a material number and typically bundled within global framework agreements, are remediated in time, inserted in the Register of Information and subjected to due diligence,” the associations say.
“To capture regulated financial activities as ICT services and subject them to further regulatory uplift could have a detrimental impact on the smooth provision of financial services in the EU and would impose a significant operational challenge on industry with no value-add in terms of risk management.”
The associations call on the Commission and the ESAs to issue the clarification within the Q&A portal for DORA as soon as possible.
Read the statement in full.
