European Supervisory Authorities Initiate Recruitment for Joint Oversight Team to Implement Digital Operational Resilience Act

The European Supervisory Authorities (ESAs), comprising the European Banking Authority (EBA), the European Insurance and Occupational Pension Authority (EIOPA), and the European Securities and Markets Authority (ESMA), have commenced recruitment processes for the establishment of a joint oversight team as mandated by the Digital Operational Resilience Act (DORA).

Today, the ESAs published three vacancy notices for key positions within the joint oversight team, marking the beginning of the recruitment drive for this critical initiative. The team, which will be fully integrated across the three ESAs, aims to oversee critical third-party providers (CTPPs) in accordance with the provisions set forth by DORA.

The vacancies announced include positions for a Director, Legal Expert specializing in Legal and Compliance matters, and an ICT Risk Expert with expertise in ICT audit, supervision, risk management, or information security. Interested candidates are encouraged to apply by May 13 to be considered for these pivotal roles within the joint oversight venture.

The joint oversight team, which will be led by 30 staff members across the ESAs, will work in tandem with experts from competent authorities to fulfill its mandate effectively. Under the DORA framework, the oversight team will play a crucial role in regulating and monitoring critical ICT third-party service providers, ensuring their compliance with EU standards for digital operational resilience.

DORA, which came into effect in January 2025, establishes a comprehensive regulatory framework aimed at enhancing the digital operational resilience of all EU financial entities. Specifically, it focuses on regulating ICT third-party service providers identified as critical (CTPPs), subjecting them to stringent oversight at the EU level.

As part of their oversight activities, the ESAs designated as Lead Overseers, including the EBA, will coordinate efforts to request information from CTPPs, conduct off-site investigations and onsite inspections, impose penalties, and issue recommendations as necessary. This collaborative approach is designed to mitigate risks posed by CTPPs to the EU financial sector and ensure compliance with DORA regulations.

Furthermore, the ESAs will collaborate closely with the European Network and Information Security Agency (ENISA) and other EU competent authorities to enhance the effectiveness of oversight activities and facilitate follow-up actions on recommendations issued to financial entities.

The recruitment drive for the joint oversight team marks a significant step forward in the implementation of DORA and underscores the commitment of the ESAs to safeguarding the digital operational resilience of the EU financial sector.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.