---

Telecoms and cloud giants on DORA list

The EU has published a list of critical providers of technology who will be regulated under rules designed to increase the resilience of the European financial market and reduce the risk of cyber-attacks. 

The Digital Operational Resilience Act (DORA) came into force on 17 January and applies to financial firms as well as providers. 

It covers issues such as the reporting of IT-related incidents, information-sharing on cyber-threats, and contracts between financial firms and third-party ICT providers.

A list of critical ICT third-party providers (CTPPs) under the act was published last week by the European Banking Authority, insurance watchdog EIOPA, and the European Securities and Markets Authority. 

'Pivotal role'

Lawyers at Pinsent Masons note that the list includes telecommunication providers such as Orange and Deutsche Telekom, data-service providers such as Bloomberg and NTT, and cloud providers Amazon, Google, Microsoft, Oracle, and SAP. 

A statement from the EU regulators said that the designated firms provided a range of services – from core infrastructure to business and data services – to financial entities of all types and sizes across the EU, reflecting what the watchdogs described as “their pivotal role” within the financial ecosystem. 

“Through direct oversight engagement, the ESAs will assess whether CTPPs have appropriate risk management and governance frameworks in place to ensure the resilience of the services they deliver to financial entities,” the supervisory authorities said.