This Implementing Regulation establishes standard templates and formats for maintaining registers of information about ICT third-party service providers by financial entities in the EU.The regulation implements technical standards for documenting contractual arrangements between financial entities and their ICT service providers, as required by the Digital Operational Resilience Act (DORA). It establishes detailed requirements for recording information about service providers, contracts, services provided, and risk assessments.The key structural elements include:
- Standard templates for recording information about financial entities, service providers, contractual arrangements, and ICT services
- Requirements for unique identifiers and consistent data formats across templates
- Detailed instructions for completing each template field
- Classifications of ICT services and activities by type of financial entity
The main provisions require financial entities to:
- Maintain detailed records of all ICT service providers and contractual arrangements
- Use standardized formats and identifiers for consistency
- Record information about service criticality, risks, and contingency plans
- Document the full ICT service supply chain including subcontractors
- Regularly review and update the register information
- Ensure data quality principles like accuracy and completeness
The regulation is highly relevant for Ukrainian financial institutions operating in or planning to operate in the EU market, as they will need to comply with these detailed technical requirements for documenting their ICT service arrangements.
