M2 — Map · EU-DORA-3P-REGISTER
DORA — ICT Third-Party Register
Register of ICT third-party service providers, including sub-outsourcers.
At risk
EUESMA·TECHNICAL_STANDARD·Deadline 15 Nov 2026
Requirements extracted
- EU-DORA-3P-REGISTER-REQ-01DORA — ICT Third-Party Register — requirement 1
- EU-DORA-3P-REGISTER-REQ-03DORA — ICT Third-Party Register — requirement 3
- EU-DORA-3P-REGISTER-REQ-02DORA — ICT Third-Party Register — requirement 2
Assessment status
Approved and live
Proposed by AI · 11 assets mapped
Reviewed by Ines Silva · 14 Jul 2026
Business unit
1 impacted business unit
- HIGHOperations & TechUnit · OPSOperating model impact identified — mapped to a business unit accountable for delivery.
Policy
3 impacted policys
- HIGHThird-Party Risk PolicyReference · POL-TP-01 · owner COOPolicy language requires refresh to align with the new requirement.
- HIGHCyber and Information Security PolicyReference · POL-CYB-01 · owner CISOPolicy language requires refresh to align with the new requirement.
- HIGHOperational Resilience PolicyReference · POL-OP-01 · owner COOPolicy language requires refresh to align with the new requirement.
Contract
3 impacted contracts
- MEDIUMHyperscale Cloud ServicesContract · CTR-VEN-CLD-01 · vendorContractual terms need amendment; addendum or replacement required.
- MEDIUMMarket Data Provider — Tier 1Contract · CTR-VEN-DATA-01 · vendorContractual terms need amendment; addendum or replacement required.
- MEDIUMColocation and NetworkingContract · CTR-VEN-COL-01 · vendorContractual terms need amendment; addendum or replacement required.
Third party
4 impacted third partys
- HIGHHyperscale Cloud Provider (Primary)outsource · criticality criticalThird-party arrangement is in scope; risk assessment and register update required.
- HIGHHyperscale Cloud Provider (Secondary)outsource · criticality importantThird-party arrangement is in scope; risk assessment and register update required.
- HIGHMarket Data Vendoroutsource · criticality importantThird-party arrangement is in scope; risk assessment and register update required.
- HIGHCloud Analytics Platformoutsource · criticality standardThird-party arrangement is in scope; risk assessment and register update required.
Grounded advisory notes here will only activate once this assessment is approved.