ARTICLE
26 November 2025

European Supervisory Authorities Reveal First CTPPs Under DORA

KL
Herbert Smith Freehills Kramer LLP

Contributor

Herbert Smith Freehills Kramer LLP logo
Herbert Smith Freehills Kramer is a world-leading global law firm, where our ambition is to help you achieve your goals. Exceptional client service and the pursuit of excellence are at our core. We invest in and care about our client relationships, which is why so many are longstanding. We enjoy breaking new ground, as we have for over 170 years. As a fully integrated transatlantic and transpacific firm, we are where you need us to be. Our footprint is extensive and committed across the world’s largest markets, key financial centres and major growth hubs. At our best tackling complexity and navigating change, we work alongside you on demanding litigation, exacting regulatory work and complex public and private market transactions. We are recognised as leading in these areas. We are immersed in the sectors and challenges that impact you. We are recognised as standing apart in energy, infrastructure and resources. And we’re focused on areas of growth that affect every business across the world.
Explore Firm Details
The European Supervisory Authorities (EBA, EIOPA, and ESMA – collectively, the ESAs) have published the list of designated critical ICT third-party providers...
United Kingdom Finance and Banking
Clive Cunningham,Marina Reason, and Kelesi Blundell
Your Author LinkedIn Connections
Herbert Smith Freehills Kramer LLP are most popular:
  • within Finance and Banking, Environment and Law Department Performance topic(s)
  • in United States

The European Supervisory Authorities (EBA, EIOPA, and ESMA – collectively, the ESAs) have published the list of designated critical ICT third-party providers (CTPPs) under the EU Digital Operational Resilience Act (DORA).

Designated CTPPs

The list comprises 19 companies that deliver a wide range of ICT services - from core infrastructure to business and data services - to financial entities of all types and sizes across the EU. The ESAs describe these providers as playing a "pivotal role within the financial ecosystem."

Designation process

The designation process followed the methodology set out in Article 31 of DORA:

  1. Data collection: the ESAs gathered information from the Registers of Information maintained by financial entities, detailing their contractual arrangements for ICT services.
  2. Criticality assessment: in cooperation with EU competent authorities across banking, insurance and pensions, and securities and markets, the ESAs conducted a detailed assessment of each provider's systemic importance, its role in supporting critical or important functions for financial entities and the substitutability of its services.

Next steps

The designation will not come as a surprise to the CTPPs, as they were informed in advance and had a right to be heard during the process. The ESAs will continue to engage with these providers as part of upcoming examination activities.

UK developments

This development offers insight into the types of providers that could be designated by HM Treasury (under s312L of the Financial Services and Markets Act 2000) as a "critical third party" (CTP) under the similar new UK CTP regime. No CTPs have been designated yet.

Last week, the House of Commons Treasury Select Committee published a letter from HM Treasury responding to questions about the regime that were raised by the committee during a recent evidence session.

HM Treasury confirmed that:

  • no designation decisions have been taken yet;
  • initial designations are expected within the next 12 months; and
  • once designations are made, the associated regulations will be published and the names of designated CTPs will appear on the government's website.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Clive Cunningham
Clive Cunningham
Photo of Marina Reason
Marina Reason
Photo of Kelesi Blundell
Kelesi Blundell
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More