FAQ

    Digital Operational Resilience Act ("DORA")

    • Definition: DORA defines an ICT Service as digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis (Art. 3(21) DORA).  
    • Requirements: ICT Services provided by ICT third-party service providers to Financial Entities must comply with Art. 30 DORA.  
    • Examples: Annex III of the Commission Implementing Technical Regulation 2024/2956 (the “ITS”) provides examples of ICT Services, focusing on the information needed for the register as per Art. 28(3) DORA.  
    • Clarification: FAQs from the European Supervisory Authorities (ESAs) clarified that a service shall not be considered as an ICT Service if a Financial Entity is authorized to deliver such service. Consequently, any activities which are directly resulting from these authorizations would not constitute ICT Services. However, these FAQs have been partially withdrawn and the European Commission plans to clarify this through a Q&A with the support of the ESAs.

    European Commodity Clearing AG (“ECC AG”) is authorized to operate as a central counterparty.  

    In accordance with the EU COM Guidance ECC AG do not consider the core services (such as clearing) to be ICT services within the meaning of DORA. Clearing is not provided as an IT platform or software solution service. The aforementioned clearing activities are subject to a regulatory authorization requirement, but ECC does not offer clearing as PaaS, SaaS, IaaS solutions. 

    Accordingly, we consider it not necessary to amend existing contractual arrangements in this respect.
    We are closely monitoring the further development of the DORA legislation and the associated administrative practice. 

    You can get in touch via dora-ecc@ecc.de. As reference, please mention your Member ID, and the service you are referring to.

    It is one of our main goals to apply the highest security standards to protect our systems and ensure stable market and clearing environments.