Article 4 Criticality or importance of the functions

Summary What does Article 4 of the Criteria for designating critical service providers say?

This brief article addresses one specific criterion from the broader two-step designation framework established across this regulation.

Notably, as explained in Article 1, criterion (c) of Article 31(2) of DORA has no standalone "step 1" assessment — instead, it relies on the step 1 findings from the other criteria.

Article 4 therefore deals exclusively with the "step 2" assessment for that criterion, focusing on whether the ICT services provided by the third-party provider are of a critical nature to the activities of the financial entities they serve.

Important points:

The ESAs are required to assess whether the ICT services supporting critical or important functions of financial entities are themselves of a critical nature to those financial entities' activities.
This article applies only at step 2, with no independent step 1 threshold to meet — making it unique within this regulation's assessment framework.
The ESAs carry the obligation here, not the financial entities themselves.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

When considering the criterion set out in Article 31(2), point (c), of Regulation (EU) 2022/2554, the ESAs shall carry out their assessment in the light of the following ‘step 2’ sub-criterion:

sub-criterion 3.1: the ICT service provided ultimately by the same ICT third-party service provider supporting critical or important functions of financial entities is of a critical nature for the activities of the financial entities.

Table of contents

Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.