The designation of critical ICT third-party service providers in the delegated regulation follows the two step approach outlined in the Discussion Paper published in May 2023.
The intended effect of the minimum thresholds applied in Step 1 is to produce a sub-set of third party providers, whose services support critical or important functions, to be further assessed by each supervisory authority in Step 2.
The assessment approach implemented has been summarized below in a series of tables with all language simplified for an easier high-level comprehension.
The regulation was published on 30 May and will therefore enter into force on 19 June.
Systemic impact on stability, continuity, or quality of services
DORA Article 31(2)(a)
Step 1
| Article | Sub-criterion | Sub-criterion calculation | Sub-criterion threshold fulfilled if |
|---|---|---|---|
| 2(1) | 1.1 | Financial entities of a specified category using the third party / total number of financial entities of that category | Both calculations result in: – At least 10% of the total number – For at least one category of financial entities |
| 1.2 | Value of assets of a specified category of financial entities using the third party / total value of assets of all financial entities of that category |
Step 2
| Article | Sub-criterion | Sub-criterion description |
|---|---|---|
| 2(5) | 1.3 | An assessment of the intensity of impact of discontinuing the services provided by the third party on activities and operations of financial entities as well as the number of financial entities affected |
| 1.4 | An assessment of the dependence of the third party on the same subcontractors providing services supporting critical / important functions of financial entities |
Systemic character and importance of services
DORA Article 31(2)(b)
Step 1
| Article | Sub-criterion | Sub-criterion calculation | Sub-criterion threshold fulfilled if |
|---|---|---|---|
| 3(1) | 2.1 | Number of global systemically important institutions (G-SII) and other systemically important credit institutions (O-SII) using the third party | The services are used at least by either: – One G-SII – Three O-SII – One O-SII with a score above 3,000 |
| 2.2 | Number of financial entities identified as systemic by a competent authority using the third party | The services are used at least by either: – One financial entity identified as systemic that is also a: * Central securities depository * Central counterparty * Trading venue * Trade repository – Three financial entities identified as systemic |
Step 2
| Article | Sub-criterion | Sub-criterion description |
|---|---|---|
| 3(4) | 2.3 | An assessment of the interdependence between financial entities relying on services from the same third party |
Criticality or importance of the function
DORA Article 31(2)(c)
Step 1 – no sub-criterion itemised in delegated regulation
The DORA criterion is the reliance by a financial institution on the same third party in relation to critical or important functions.
Step 2
| Article | Sub-criterion | Sub-criterion description |
|---|---|---|
| 4(1) | 3.1 | An assessment of the critical nature of the service provided by the third party for activities carried out by the financial institution |
Degree of substitutability
DORA Article 31(2)(d)
Step 1
| Article | Sub-criterion | Sub-criterion calculation | Sub-criterion threshold fulfilled |
|---|---|---|---|
| 5(1) | 4.1 | Number of financial entities of a specified category for which no alternative third party is available / total number of financial entities in that category | Both sub-criteria deemed fulfilled where either calculation results in at least 10% of the total number of entities |
| 4.2 | Number of financial entities of a specified category for which it is highly difficult to migrate or reintegrate a service being provided by a third party / total number of financial entities of that category |
Step 2
| Article | Sub-criterion | Sub-criterion description |
|---|---|---|
| 5(5) | Points to sub-criterion two in DORA Article 31(2)(d)(i) | Assessment of the market share of third party |
