Art 31 - Designation of critical ICT third-party service providers

Article 31 of the EU Digital Operational Resilience Act requires financial entities to identify and formally designate ICT third-party service providers whose services are deemed critical for the continuity of their operations, ensuring that these providers are subject to enhanced oversight, risk assessments and contractual safeguards to mitigate systemic ICT risks.