Changeflow GovPing Government ESMA, UK Regulators Sign MoU on DORA ICT Oversight
Priority review Guidance Added Final

ESMA, UK Regulators Sign MoU on DORA ICT Oversight

Favicon for www.esma.europa.eu ESMA News
Published January 14th, 2026
Detected February 7th, 2026
Email

Summary

The European Supervisory Authorities (ESAs) and UK financial regulators (BoE, PRA, FCA) have signed a Memorandum of Understanding (MoU) to enhance cooperation on overseeing critical ICT third-party service providers under DORA. This agreement facilitates information sharing and coordinated oversight activities.

View original document View source feed page

What changed

The European Supervisory Authorities (EBA, EIOPA, and ESMA) have entered into a Memorandum of Understanding (MoU) with the Bank of England, the Prudential Regulation Authority, and the Financial Conduct Authority. This agreement, effective January 14, 2026, establishes principles for cooperation and information sharing regarding the oversight of critical ICT third-party service providers (CTPPs) under the Digital Operational Resilience Act (DORA). The MoU follows an assessment confirming the equivalence of the UK's confidentiality and professional secrecy regime with DORA requirements.

This MoU is crucial for financial entities operating in both the EU and UK that rely on critical ICT third-party providers. It aims to strengthen third-party risk management and enhance the overall operational resilience of the financial sector through cross-border collaboration. Regulated entities should be aware that oversight activities for CTPPs will now involve coordinated efforts between EU and UK authorities, potentially leading to more harmonized supervisory expectations and information requests related to ICT risk management and operational resilience.

Source document (simplified)

The European Supervisory Authorities and UK financial regulators sign Memorandum of Understanding on oversight of critical ICT third-party service providers under DORA

Digital Finance and Innovation International cooperation 14/01/2026 The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) have today signed a Memorandum of Understanding (MoU) with the Bank of England (BoE), the Prudential Regulation Authority (PRA), and the Financial Conduct Authority (FCA). This agreement enhances the cooperation between the authorities to oversee critical ICT third-party service providers (CTPPs) as required by the Digital Operational Resilience Act (DORA).

The MoU establishes clear principles and procedures for cooperation, information sharing and coordination of oversight activities between the relevant authorities responsible for EU CTPPs/UK CTPs oversight. The MoU aims at enhancing third-party risk management and contributing to the overall operational resilience of the financial sector in the EU and UK through strong cross-border cooperation.

Legal basis and background

The MoU has been prepared in accordance with DORA Articles 36, 44, and 49, which cover the ESAs’ oversight powers, international cooperation, and financial cross-sector exercises, communication and cooperation.

​To exchange information with a third-country authority, the ESAs must ensure that the confidentiality and professional secrecy regime in the third country is equivalent to that in the EU. Therefore, before signing this MoU, the ESAs conducted an assessment that confirmed the UK confidentiality and professional secrecy regime’s equivalence with that in DORA.

Related Documents

Download All Files Download Selected Files
| Date | Reference | Title | Download | Select |
| --- | --- | --- | --- | --- |
| 14/01/2026 | MoU DORA oversight ICT CTPPs | Memorandum of Understanding between the ESAs and the UK Financial Authorities on the oversight activities of critical ICT third-party service providers | | |
| 14/01/2026 | DORA Art.55 | ESAs targeted equivalence assessment of DORA confidentiality and professional secrecy regimes | | |
More on the same topic
ESMA signs Memorandum of Understanding with the Reserve Bank of India 27/01/2026 The European Securities and Markets Authority (ESMA), the EU’s financial markets regulator and supervisor, has signed a

New Q&As available 19 Dec 2025 The European Securities and Markets Authority (ESMA), the EU's securities markets regulator, has published or updated the following Questions and Answers:

The European Supervisory Authorities designate critical ICT third-party providers under the Digital Operational Resilience Act 18/11/2025 The European Supervisory Authorities (EBA, EIOPA, and ESMA – the ESAs) publish today the list of designated critical ICT third-party providers (CTPPs) under the Digital O

New Q&As available 17/10/2025 The European Securities and Markets Authority (ESMA), the EU's securities markets regulator, has published or updated the following Questions and Answers:

More

Related changes

Favicon for www.esma.europa.eu ESMA Guidelines on UCITS and AIFs Liquidity Management Tools
Priority review Mar 13, 2026 ESMA Document Library Financial Regulation
Favicon for www.esma.europa.eu ESMA Actions to Simplify Retail Investor Journey
Priority review Mar 13, 2026 ESMA News Government
Favicon for www.esma.europa.eu ESMA Compliance Table: Crypto-Assets as Financial Instruments
Routine Mar 05, 2026 ESMA Document Library Financial Regulation
Favicon for www.find-tender.service.gov.uk VAT Advisory Services Tender Award Notice
Routine Mar 14, 2026 Find a Tender - Latest Notices Trade Procurement
Favicon for www.apra.gov.au APRA Statement on Gender Pay Gap
Routine Mar 13, 2026 news-and-publications Government
Favicon for ww3.ca2.uscourts.gov Bugliotti v. Argentina - Sovereign Bond Default Litigation
Priority review Mar 13, 2026 2nd Circuit Court of Appeals Federal Courts

Source

Favicon for www.esma.europa.eu
ESMA News esma.europa.eu/press-news/esma-news
Government
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
European Securities and Markets Authority
Published
January 14th, 2026
Instrument
Guidance
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Financial advisers Fund managers Insurers
Geographic scope
EU-UK

Taxonomy

Primary area
Financial Services
Operational domain
Compliance
Topics
Digital Operational Resilience Third-Party Risk Management International Cooperation

Browse Categories

Federal Courts 26 State Courts 91 Securities Regulation 6 Financial Regulation 43 Consumer Protection 5 Drug Safety 45 Data Protection 21 Competition 2 Attorneys General 3 Insurance Regulation 5 Trade & Export 36 Legislation 42 Energy Regulation 13 Environment 3 Labor & Employment 2 Tax 1

Get Government alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when ESMA News publishes new changes.

Free. Unsubscribe anytime.