On 14 October 2024, PensionsEurope sent a letter to the EC asking for legal clarity on DORA’s definition of ICT services.
We requested the EC to provide legal certainty around the definition of “ICT services,” as we understand that the EC is working on a FAQ. We appealed for clarification that ‘regulated financial services’ do not fall within this definition.
Indeed, the risks associated with ICT systems and assets embedded in regulated financial services are already managed, as the service provider is a financial institution subject to DORA compliance and financial supervision.
As background information, while ESAs delivered their final reports to the EC as regards levels 2 and 3 texts, the Commission still has to adopt the ITS on the register of information as well as RTS and ITS arising from the second batch of policy products.
