Source: OJ L 333, 27.12.2022, p. 1–79
EN
- Digital operational resilience act
Basic legislative acts
- DORA regulation
Article 39 Inspections
In order to carry out its duties under this Regulation, the Lead Overseer means the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation;, assisted by the joint examination teams referred to in Article 40(1), may enter in, and conduct all necessary onsite inspections on, any business premises, land or property of the ICT third-party service providers means an undertaking providing ICT services;, such as head offices, operation centres, secondary premises, as well as to conduct off-site inspections.
For the purposes of exercising the powers referred to in the first subparagraph, the Lead Overseer means the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; shall consult the JONJoint Oversight Network .
The officials and other persons authorised by the Lead Overseer means the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; to conduct an on-site inspection shall have the power to:
enter any such business premises, land or property; and
seal any such business premises, books or records, for the period of, and to the extent necessary for, the inspection.
The officials and other persons authorised by the Lead Overseer means the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; shall exercise their powers upon production of a written authorisation specifying the subject matter and the purpose of the inspection, and the periodic penalty payments provided for in Article 35(6) where the representatives means a natural or legal person established in the Union explicitly designated to act on behalf of a DNS service provider, a TLD name registry, an entity providing domain name registration services, a cloud computing service provider, a data centre service provider, a content delivery network provider, a managed service provider, a managed security service provider, or a provider of an online marketplace, of an online search engine or of a social networking services platform that is not established in the Union, which may be addressed by a competent authority or a CSIRT in the place of the entity itself with regard to the obligations of that entity under this Directive; it has legal personality or is entitled by law to act on behalf of another entity with legal personality; it has the power to address to natural or legal persons administrative or regulatory decisions affecting their rights in the cross-border movement of persons, goods, services or capital; it is financed, for the most part, by the State, regional authorities or by other bodies governed by public law, is subject to management supervision by those authorities or bodies, or has an administrative, managerial or supervisory board, more than half of whose members are appointed by the State, regional authorities or by other bodies governed by public law; it is established for the purpose of meeting needs in the general interest and does not have an industrial or commercial character; of the critical ICT third-party service providers means an ICT third-party service provider designated as critical in accordance with Article 31; concerned do not submit to the inspection.
In good time before the start of the inspection, the Lead Overseer means the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; shall inform the competent authoritiesas defined in Article 46 of the financial entitiesas defined in Article 2, points (a) to (t) using that ICT third-party service provider means an undertaking providing ICT services;.
Inspections shall cover the full range of relevant ICT systems, networks, devices, information and data either used for, or contributing to, the provision of ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; to financial entitiesas defined in Article 2, points (a) to (t).
Before any planned on-site inspection, the Lead Overseer means the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; shall give reasonable notice to the critical ICT third-party service providers means an ICT third-party service provider designated as critical in accordance with Article 31;, unless such notice is not possible due to an emergency or crisis situation, or if it would lead to a situation where the inspection or audit would no longer be effective.
The critical ICT third-party service provider means an ICT third-party service provider designated as critical in accordance with Article 31; shall submit to on-site inspections ordered by decision of the Lead Overseer means the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation;. The decision shall specify the subject matter and purpose of the inspection, fix the date on which the inspection shall begin and shall indicate the periodic penalty payments provided for in Article 35(6), the legal remedies available under Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010, as well as the right to have the decision reviewed by the Court of Justice.
Where the officials and other persons authorised by the Lead Overseer means the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; find that a critical ICT third-party service provider means an ICT third-party service provider designated as critical in accordance with Article 31; opposes an inspection ordered pursuant to this Article, the Lead Overseer means the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; shall inform the critical ICT third-party service provider means an ICT third-party service provider designated as critical in accordance with Article 31; of the consequences of such opposition, including the possibility for competent authoritiesas defined in Article 46 of the relevant financial entitiesas defined in Article 2, points (a) to (t) to require financial entitiesas defined in Article 2, points (a) to (t) to terminate the contractual arrangements concluded with that critical ICT third-party service provider means an ICT third-party service provider designated as critical in accordance with Article 31;.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.