**Digital Operational Resilience Act: The New Guidelines for Monitoring Critical ICT Service Providers**

European supervisory authorities have recently made public a fundamental document that marks a significant advancement in the field of digital operational resilience. The published guidelines, which focus on the implementation of the Digital Operational Resilience Act (DORA), address one of the most innovative aspects of this regulation: direct oversight of service providers classified as critical ICT providers.

DORA introduces, for the first time, a regulatory framework that empowers European financial authorities to directly monitor large technology service providers that play an essential role in the stability of the financial system. These companies, which deal with services such as cloud computing, are now subject to unprecedented supervisory rules, with the aim of ensuring that the growing reliance of the financial sector on such services does not create new vulnerabilities.

In the published guidelines, the authorities clarify the criteria by which an ICT service provider can be designated as “critical.” This selection is not made arbitrarily but is based on specific parameters, such as the volume of services provided, the impact on the operational continuity of financial institutions, and the level of integration with market infrastructures. These criteria will facilitate the identification of companies that could compromise the integrity of the European financial system in the event of an incident or service disruption.

The guidelines not only establish the designation criteria but also outline how investigations and inspections by supervisory authorities will be conducted. These activities may include on-site checks, allowing for an in-depth analysis of the practices and processes adopted by critical providers. This approach is not only aimed at ensuring compliance with regulations but is also fundamentally important for accurately assessing the risks associated with the operations of these companies.

A key element of the oversight is the “Lead Overseer,” a figure responsible for coordinating all activities related to the supervision of designated providers. This cooperation structure among different authorities aims to optimize resources and ensure uniform application of regulations across all jurisdictions in the European Union. This not only promotes operational efficiency but also fosters greater transparency and accountability, increasingly demanded in the current context.

For financial institutions, this new guidance represents a source of greater certainty regarding how strategic technology partners will be monitored. The risk associated with third parties thus becomes a fundamental aspect to manage, and the new provisions offer tools that will enable more accurate assessments of the reliability and robustness of the technological infrastructures they collaborate with. This implies not only more rigorous oversight but also the necessity for institutions themselves to strengthen their risk management practices.

On the other hand, ICT service providers will find in the new guidelines a clear exposition of the expectations and obligations they will be subjected to. The guidelines emphasize the importance of raising standards of resilience and transparency, encouraging these operators to go beyond minimum contractual requirements and develop practices that ensure continuous and secure service, benefiting financial institutions and, consequently, their clients.

Thus, DORA and the guidance from European supervisory authorities herald a historic shift. The financial sector is entering a new era where technology and its management represent a fundamental pillar for the security and integrity of operations. Implementing a system of monitoring and cooperation among authorities has never been more crucial, especially in a context where cyber threats and incidents are increasingly prevalent.

In conclusion, the publication of this guidance is not only a necessary step to make DORA operational but also represents an opportunity to establish a constant and constructive dialogue among institutions and providers.