Capgemini Invent
M2 — Map · EU-DORA-3P-REGISTER

DORA — ICT Third-Party Register

Register of ICT third-party service providers, including sub-outsourcers.

At risk
EUESMA·TECHNICAL_STANDARD·Deadline 15 Nov 2026
Requirements extracted
  • EU-DORA-3P-REGISTER-REQ-01DORA — ICT Third-Party Register — requirement 1
  • EU-DORA-3P-REGISTER-REQ-03DORA — ICT Third-Party Register — requirement 3
  • EU-DORA-3P-REGISTER-REQ-02DORA — ICT Third-Party Register — requirement 2
Assessment status
Approved and live
Proposed by AI · 11 assets mapped
Reviewed by Ines Silva · 14 Jul 2026
Business unit

1 impacted business unit

  • HIGH
    Operations & Tech
    Unit · OPS
    Operating model impact identified — mapped to a business unit accountable for delivery.
Policy

3 impacted policys

  • HIGH
    Third-Party Risk Policy
    Reference · POL-TP-01 · owner COO
    Policy language requires refresh to align with the new requirement.
  • HIGH
    Cyber and Information Security Policy
    Reference · POL-CYB-01 · owner CISO
    Policy language requires refresh to align with the new requirement.
  • HIGH
    Operational Resilience Policy
    Reference · POL-OP-01 · owner COO
    Policy language requires refresh to align with the new requirement.
Contract

3 impacted contracts

  • MEDIUM
    Hyperscale Cloud Services
    Contract · CTR-VEN-CLD-01 · vendor
    Contractual terms need amendment; addendum or replacement required.
  • MEDIUM
    Market Data Provider — Tier 1
    Contract · CTR-VEN-DATA-01 · vendor
    Contractual terms need amendment; addendum or replacement required.
  • MEDIUM
    Colocation and Networking
    Contract · CTR-VEN-COL-01 · vendor
    Contractual terms need amendment; addendum or replacement required.
Third party

4 impacted third partys

  • HIGH
    Hyperscale Cloud Provider (Primary)
    outsource · criticality critical
    Third-party arrangement is in scope; risk assessment and register update required.
  • HIGH
    Hyperscale Cloud Provider (Secondary)
    outsource · criticality important
    Third-party arrangement is in scope; risk assessment and register update required.
  • HIGH
    Market Data Vendor
    outsource · criticality important
    Third-party arrangement is in scope; risk assessment and register update required.
  • HIGH
    Cloud Analytics Platform
    outsource · criticality standard
    Third-party arrangement is in scope; risk assessment and register update required.
Grounded advisory notes here will only activate once this assessment is approved.