IBM designated critical ICT third-party provider under DORA

European supervisory authorities designated IBM as a critical Information and Communication Technology (ICT) third-party provider under the European Union’s Digital Operational Resilience Act (DORA), a regulation designed to ensure that financial entities and their ICT providers can withstand and recover from technology disruptions.

The designation placed IBM in-scope for supervision by the European Supervisory Authorities—EBA, EIOPA and ESMA—and reflected the role technology providers play in supporting the resilience of Europe’s financial sector, with DORA naming banks, insurance companies and investment firms as examples of covered financial entities.

DORA sets requirements for operational resilience covering events such as cyber incidents and technical failures and applies to both financial entities and critical ICT providers to support recovery and continuity. Ahead of DORA’s implementation, IBM worked across its technology and services units to address those requirements and strengthened cybersecurity technologies, defenses and governance worldwide.

IBM contributed to an EU-wide framework described in the release and undertook actions to assist financial institutions in meeting DORA obligations, including providing guidance and resources and collaborating with oversight bodies on compliance matters.

IBM said it would coordinate with the European Supervisory Authorities, continue to provide guidance to financial institutions on DORA obligations, collaborate with regulators to promote transparency, and invest in resilience measures.