IBM Designated as a Critical Third-Party Provider Under DORA

IBM was designated by the European Supervisory Authorities (EBA, EIOPA, ESMA) as a critical ICT third-party provider under DORA. The Digital Operational Resilience Act (DORA) is a European Union regulation designed to ensure that financial entities and their critical ICT providers can withstand and recover from technology disruptions, including cyber incidents and technical failures.

This designation reflects the essential role that technology providers like IBM play in supporting the resilience of the European financial sector. The objective is clear: strengthen operational resilience across the European financial ecosystem, mitigate systemic risk, and ensure trust in the stability and security of digital services. This designation places IBM in scope for supervision by European Supervisory Authorities as a critical third-party provider, and the company will work closely with the ESAs to ensure operational and technical resilience critical to the European financial system.

Ahead of DORA's implementation, IBM has worked across its technology and services units to address requirements for both IBM and its clients, contributing to an EU-wide framework that protects the stability of Europe's financial system. The company added that it continually strengthens its cybersecurity technologies, defenses, and governance worldwide to meet the highest standards of security and operational resilience.