European Union: Designation of critical information and communications technology third-party providers under Digital Operational Resilience Act

Progress

Current status

in force

18 Nov 2025 in force

Scope

Implementers

Austria

Belgium

Bulgaria

Croatia

Cyprus

Czechia

Denmark

Estonia

Finland

France

Germany

Greece

Hungary

Ireland

Italy

Latvia

Lithuania

Luxembourg

Malta

Netherlands

Poland

Portugal

Romania

Slovakia

Slovenia

Spain

Sweden

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

digital payment provider (incl. cryptocurrencies)

infrastructure provider: cloud computing, storage and databases

Government Branch

executive

Government Body

other regulatory body

Implementation Level

supranational

Timeline of events

18 Nov 2025

in force

European Supervisory Authorities designated critical information and communications technology third-party providers under Digital Operational Resilience Act

On 18 November 2025, the European Supervisory Authorities, comprising the European Banking Authority, the European Insurance and Occupational Pensions Authority, and the European Securities and Markets Authority, designated nineteen critical Informa…

Source

Event type order

Action type implementation

Government branch executive

Government body other regulatory body

Progress

Scope

Timeline of events

European Supervisory Authorities designated critical information and communications technology third-party providers under Digital Operational Resilience Act

Related changes

enforces related intervention

European Union: Cybersecurity measures in Regulation on digital operational resilience for the financial sector (DORA)