European Union: European Supervisory Authorities designated critical information and communications technology third-party providers under Digital Operational Resilience Act

On 18 November 2025, the European Supervisory Authorities, comprising the European Banking Authority, the European Insurance and Occupational Pensions Authority, and the European Securities and Markets Authority, designated nineteen critical Information and Communications Technology third-party providers under the Digital Operational Resilience Act. The designated providers include ICT firms that supply infrastructure, data, and business services to financial entities across the European Union. The providers include Accenture, Amazon Web Services, Bloomberg, Capgemini, Colt, Deutsche Telekom, Equinix, Google Cloud, International Business Machines, InterXion, Kyndryl, Microsoft, NTT Data, Oracle, Orange, SAP, and Tata Consultancy Services. The designated providers are subject to direct oversight by the Supervisory Authorities, with obligations relating to risk management, governance, and operational resilience.