Compliance
DORA Concentration Risk: ESAs' Designation of Critical ICT Third-Party Providers
DORA Article 31 lets the ESAs designate critical ICT third-party providers (CTPPs) for direct EU-level oversight. First designations land in 2025-2026 from the Register of Information.
Nov 26, 20258 min read