Regulating critical third parties - the impact on ICT providers

Regulating critical third parties - the impact on ICT providers

In addition to setting stricter resilience obligations on EU financial services firms, the Digital Operational Resilience Act (DORA) - which is expected to become EU law imminently - sets out a new regulatory regime for direct supervision of designated 'critical' ICT service providers, and stricter contracting requirements when regulated entities engage with any ICT provider. A similar regime is being consulted on under the UK's Financial Services and Markets Bill (see our previous insight).

In this insight, Simon Bollans, partner in Stephenson Harwood's commercial, outsourcing and technology team, provides a useful overview of the two proposed regimes, with a focus on the impact on ICT providers.  

Download PDF for more information