European DataWarehouse’s ICT governance and risk management framework meets the DORA requirements through:

1. An appropriate governance structure, policies, procedures, and IT processes in line with DORA requirements;
2. An adequate ICT risk management framework;
3. Proper contractual arrangements in place with ICT third-party service providers and a suitable ICT third-party risk management framework;
4. Internal ICT resilience and security awareness-raising programmes.

The steps to be taken depends on the type of services that you have engaged with European DataWarehouse. 

If you are a data owner or a data provider reporting securitisation transactions, as well as a data user accessing securitisation information, you do not need to take any action. European DataWarehouse, as a securitisation repository, will comply with the DORA requirements and will be directly supervised by ESMA in this matter. Please see question 2999 – DORA030:

“[…] In the case that financial entities provide ICT services to other financial entities in connection to their financial services, the receiving financial entities should assess whether i) the services constitute an ICT service under DORA, and ii) whether the providing financial entities and the financial services they provide are regulated under Union law or any national legislation of a Member State or of a third country. In case both tests are positive, then the related ICT service should be considered to predominantly be a financial service and should not be treated as an ICT service within the meaning of DORA Article 3(21). […]”

If you are a data owner or data provider reporting other types of deals (e.g., covered bonds, pools of additional credit claims, portfolios of non-performing loans, etc.) the contract with European DataWarehouse will be affected. Please contact us at DORAcompliance@eurodw.eu

If you have agreed with European DataWarehouse any customised services, please contact us at  DORAcompliance@eurodw.eu for further guidance.