(19 November 2025 – Europe) The European Banking Authority (EBA) has authorised detailed inspections of thirteen major technology firms deemed critical to the financial system under the EU’s Digital Operational Resilience Act (DORA).
Designated as Critical ICT Third-Party Providers (CTPPs), these companies deliver essential infrastructure, data services, and cloud capabilities to financial institutions across the bloc. Regulators say the move is designed to ensure these high-impact vendors maintain robust governance and ICT risk management frameworks.
According to the EBA, the oversight regime aims to “mitigate risks that could impact the operational resilience of the financial sector of the EU”.
The list includes:
– Accenture plc
− Amazon web Services EMEA Sarl
− Bloomberg L.P.
− Capgemini SE
− Colt Technology Services
− Deutsche Telekom AG
− Equinix (EMEA) B.V.
− Fidelity National Information Services, Inc.
− Google Cloud EMEA Limited
− International Business Machine Corporation
− InterXion HeadQuarters B.V.
− Kyndryl Inc.
− LSEG Data and Risk Limited
− Microsoft Ireland Operations Limited
− NTT DATA Inc.
− Oracle Nederland B.V.
− Orange SA
− SAP SE
− Tata Consultancy Services Limited