IBM has been named a critical third-party provider under the European Union’s Digital Operational Resilience Act (DORA), following a recent designation by the European Supervisory Authorities, which include the EBA, EIOPA, and ESMA. DORA aims to ensure that financial entities such as banks, insurance companies, and investment firms—as well as their essential information and communication technology providers—can withstand disruptions from cyber incidents or technical failures.
With this designation, IBM will now be subject to oversight by European Supervisory Authorities as a critical ICT provider. The company stated that it will collaborate closely with these authorities to maintain operational and technical resilience within Europe’s financial system.
“IBM has long been a trusted partner to the world’s financial services firms, with decades of experience supporting the financial sector and collaborating with financial regulators and oversight bodies worldwide,” according to an IBM statement. “This designation places IBM in-scope for supervision by European Supervisory Authorities as a critical third-party provider, and we will work closely with the ESAs to ensure operational and technical resilience that is critical to Europe’s financial system.”
The company emphasized its ongoing commitment to regulatory compliance: “For our clients, this designation reinforces IBM’s longstanding commitment to operational resilience and regulatory compliance. We will continue to provide guidance and resources to help financial institutions meet their own DORA obligations while maintaining innovation and competitiveness.”
In preparation for DORA’s implementation, IBM said it has coordinated efforts across its technology and services units both for its internal requirements and those of its clients. This work supports an EU-wide framework designed to protect the stability of Europe’s financial system. The company also noted continual enhancements in cybersecurity technologies, defenses, and governance worldwide.
“We look forward to constructive engagement with the European Supervisory Authorities and to drawing on our deep expertise in risk management, cybersecurity, and regulatory compliance to help clients navigate evolving requirements with confidence,” IBM added.
Among its stated priorities are collaboration with regulators for compliance and transparency; support for client institutions in meeting their DORA responsibilities; continued investment in digital service resilience; and safeguarding stability within Europe’s digital infrastructure.
