Harmonisation of conditions enabling the conduct of the oversight activities


TL;DR The Digital Operations Resilience Act from EU establishes the framework to provide a voluntary request to be designated as a critical ICT third-party service provider in order to ensure the access, use, handling and sharing of critical ICT services. The ESAs, through the Joint Committee, are responsible for developing draft regulatory technical standards to specify the information to be provided, the content and structure of the information to be submitted, the criteria for the composition of the joint examination teams and the details of the competent authority's assessment of measures taken by the critical ICT third-party service providers. The ESAs are to submit those draft regulatory technical standards to the Commission by 17 July 2024 with the power delegated to the Commission to supplement this Regulation by adopting the regulatory technical standards with the procedure laid down in the relevant regulations.
  1. The ESAsEuropean Supervisory Authority shall, through the Joint Committeemeans the committee referred to in Article 54 of Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010;, develop draft regulatory technical standards to specify:

    1. the information to be provided by an ICT third-party service providermeans an undertaking providing ICT services; in the application for a voluntary request to be designated as critical under Article 31(11);

    2. the content, structure and format of the information to be submitted, disclosed or reported by the ICT third-party service providersmeans an undertaking providing ICT services; pursuant to Article 35(1), including the template for providing information on subcontracting arrangements;

    3. the criteria for determining the composition of the joint examination team ensuring a balanced participation of staff members from the ESAsEuropean Supervisory Authority and from the relevant competent authoritiesas defined in Article 46, their designation, tasks, and working arrangements.

    4. the details of the competent authorities’ assessment of the measures taken by critical ICT third-party service providersmeans an ICT third-party service provider designated as critical in accordance with Article 31; based on the recommendations of the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; pursuant to Article 42(3).

  2. The ESAsEuropean Supervisory Authority shall submit those draft regulatory technical standards to the Commission by 17 July 2024.

    Power is delegated to the Commission to supplement this Regulation by adopting the regulatory technical standards referred to in paragraph 1 in accordance with the procedure laid down in Articles 10 to 14 of Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010.