First list of critical third-party ICT service providers under DORA published

The list includes large global companies that provide cloud and IT services to the financial industry, and its publication will contribute to increased monitoring and coordination among national supervisory authorities. Companies on the list will now be subject to enhanced supervision by European authorities, with a particular focus on risk management, business continuity, and security. For example, supervisory authorities will be able to carry out inspections and, based on these, issue recommendations to service providers. These recommendations will be forwarded to, and followed up by, companies that use the critical ICT service provider.

Several of the service providers on the list are used by Norwegian financial enterprises, such as Accenture, Capgemini, IBM, SAP, and Microsoft. The Financial Supervisory Authority of Norway emphasizes that the identification of critical third-party providers will strengthen preparedness and contribute to financial stability in Europe. At the same time, the classification as a critical third-party supplier will provide customers with greater assurance that critical services will not be disrupted by serious ICT incidents.

This list of critical third-party providers will be updated and published annually by the supervisory authorities.

The list is accessible here.