ESMA_QA_2456

Status: ✅ Answer Published

Link to ESMA Q&A tool: https://www.esma.europa.eu/publications-data/questions-answers/2456

Regulatory Context

Regulation : DORA

Level 1 Regulation: Regulation (EU) 2022/2554 - The Digital Operational Resilience Act (DORA)

Level 2 Regulation: No information available

Level 3 Regulation: No information available

Topic: ICT third-party risk management

Subject Matter: Clarification on DORA Compliance for Intra-Group providers

Question

Submission Date: 07 March 2025

Can you confirm our understanding of the DORA law: an intra-group entity providing services to a financial entity is subject to the same obligations as a non-critical third-party provider. This includes requirements related to contractual arrangements, provisions for critical functions, exit strategies and termination conditions, information registry, reporting to competent authorities, and pre-contractual assessments. Additionally, if the services involve critical or important functions, further requirements apply, such as TLPT tests and audits by competent authorities.

ESMA Answer

Answer Date: 07-03-2025

This question has been rejected because it is unclear and seeks bespoke advice

This document was automatically extracted from the ESMA EMIR Q&A database.

NOMOX

Explorer

ESMA_QA_2456

ESMA_QA_2456

Regulatory Context

Question

ESMA Answer

Table of Contents