Skip to main content
European Banking Authority logo
  • Extranet
  • Log in
  • About us
    Back

    About us

    The EBA is an independent EU Authority.  We play a key role in safeguarding the integrity and robustness of the EU banking sector to support financial stability in the EU.

    Learn more
      • Mission, values and tasks
      • Organisation and governance
        • Governance structure and decision making
        • EBA within the EU institutional framework
        • Internal organisation
        • Accountability
      • Legal and policy framework
        • EBA regulation and institutional framework
        • Compliance with EBA regulatory products
      • Sustainable EBA
      • Diversity and inclusion
      • Careers
        • Vacancies
        • Meet our team
      • Budget
      • Procurement
    Close menu panel
  • Activities
    Back

    Activities

    To contribute to the stability and effectiveness of the European financial system, the EBA develops harmonised rules for financial institutions, promotes convergence of supervisory practices, monitors, and advises on the impact of financial innovation and the transition to sustainable finance.

    Start here
      • Single Rulebook
      • Implementing Basel III in Europe
      • Supervisory convergence
        • Supervisory convergence
        • Supervisory disclosure
        • Peer Reviews
        • Mediation
        • Breach of Union Law
        • Colleges
        • Training
      • Direct supervision and oversight
        • Markets in Crypto-assets
        • Digital operational resilience Act
      • Information for consumers
        • National competent authorities for consumer protection
        • How to complain
        • Personal finance at the EU level
        • Warnings
        • Financial education
        • National registers and national authorities responsible for handling complaints related to credit servicers
        • Frauds and scams
      • Research Workshops
      • Ad hoc activities
        • Our response to Covid-19
        • Brexit
    Close menu panel
  • Risk and data analysis
    Back

    Risk and data analysis

    To ensure the orderly functioning and stability of the financial system in the European Union, we monitor and analyse risks and vulnerabilities relevant for the regulation of banks and investment firms. We also facilitate information sharing among authorities and institutions through supervisory reporting and data disclosure.

    Learn more
      • Risk analysis
        • 2024 EU wide transparency exercise
        • EU-wide stress testing
        • Risk monitoring
        • Thematic analysis
      • Remuneration and diversity analysis
      • Pillar 3 data hub
      • Reporting frameworks
        • Reporting Time Traveller
        • DPM data dictionary
      • Data
        • Registers and other list of institutions
        • Guides on data
        • Aggregate statistical data
        • Secondary reporting: data from Competent Authorities to the EBA
        • Data analytics tools
    Close menu panel
  • Publications and media
    Back

    Publications and media

    Communicating to all our audiences in the most effective way and using the most appropriate channels is crucial for us. Through our publications, announcements, and participation in external events, we are committed to reaching out to all our stakeholders to report about our policies, activities, and initiatives.

    Learn more
      • Publications
        • Guidelines
        • Regulatory Technical Standards
        • Implementing Technical Standards
        • Reports
        • Consultation papers
        • Opinions
        • Decisions
        • Staff papers
        • Annual reports
      • Press releases
      • Speeches
      • Interviews
      • Events
      • Media centre
        • Media gallery
        • Media resources
    Close menu panel

Breadcrumb

  1. Home
  2. Single Rulebook Q&A
  3. 2024_7098 Scope of Register of Information for Contractual Arrangements on the use of ICT Services Provided by ICT Third-party Service Providers
Question ID
2024_7098
Legal act
Regulation (EU) No 2022/2554 (DORA Reg)
Topic
ICT third-party risk management
Article
28
Paragraph
3
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations
Not applicable
Article/Paragraph
/
Type of submitter
Credit institution
Subject matter
Scope of Register of Information for Contractual Arrangements on the use of ICT Services Provided by ICT Third-party Service Providers
Question

According to Article 28(3) of DORA, must an EU parent bank, which has subsidiaries both within and outside the EU, maintain the register of information regarding all contractual arrangements for the use of ICT services only for subsidiaries that are subject to DORA (financial entities established in the EU), or does this requirement extend to subsidiaries established outside the EU for which DORA does not apply?

Background on the question

Article 28(3) of DORA requires financial entities, as part of their ICT risk management framework, to maintain and update a register of information regarding all contractual arrangements for the use of ICT services provided by ICT third-party service providers at the entity level, and at sub-consolidated and consolidated levels. The bank seeks clarification on whether the EU parent bank must maintain this register only for subsidiaries based in the EU that are subject to DORA, or also for subsidiaries based outside the EU for which DORA does not apply. 

If the parent bank were required to maintain the register for subsidiaries based outside the EU, it would face several challenges. These include increased administrative burden and complexity in managing compliance across different regulatory regimes. In these non-EU countries, ICT service providers are not bound by DORA, which adds another layer of complexity. 

Submission date
29/05/2024
Status
Question under review
Answer prepared by
Answer prepared by the Joint ESAs Q&A

Footer

EUROPEAN BANKING AUTHORITY

Our mission is to contribute to the stability and effectiveness of the European financial system through simple, consistent, transparent, fair regulation and supervision that benefits all EU citizens.


UE logoAn agency of the EU

EU Agencies Network logoEU Agencies Network

EMAS logoSustainable EBA

Contact us

  • Contacts
  • Ask a general question
  • Send a press query
  • Ask a regulatory question
  • File a complaint
  • Whistleblower reports

Stay up to date with our work

  • Subscribe to our email alerts
  • News & press RSS feed

Follow us on Social media

  • Bluesky
  • LinkedIn
  • X
  • YouTube

Find out about us

  • The EBA at a glance
  • Vacancies
  • Privacy policy
  • Legal notice
  • Cookies policy
  • Frauds and scams

Explore related sites

  • EIOPA
  • ESMA
  • ESRB
  • CEBS archive