Competent authorities


TL;DR The Digital Operations Resilience Act of the EU states that competence authorities responsible for compliance shall be designated by the European Parliament and Council in accordance with the powers listed in the regulation. These include credit institutions, payment institutions, investment firms, crypto-asset service providers, central securities depositories, central counterparts, trading venues, data reporting service providers, trade repositories, alternative investment funds, management companies, insurance and reinsurance undertakings, insurance intermediaries, institutions for occupational retirement provision, credit rating agencies, administrators of critical benchmarks, crowdfunding service providers, and securitisation repositories.

Without prejudice to the provisions on the Oversight Framework for critical ICT third-party service providersan ICT third-party service provider designated as critical in accordance with Article 31 referred to in Chapter V, Section II, of this Regulation, compliance with this Regulation shall be ensured by the following competent authoritiesas defined in Article 46 in accordance with the powers granted by the respective legal acts:

  1. for credit institutionsa credit institution as defined in Article 4(1), point (1), of Regulation (EU) No 575/2013 of the European Parliament and of the Council and for institutions exempted pursuant to Directive 2013/36/EUan entity as referred to in Article 2(5), points (4) to (23), of Directive 2013/36/EU, the competent authorityas defined in Article 46 designated in accordance with Article 4 of that Directive, and for credit institutionsa credit institution as defined in Article 4(1), point (1), of Regulation (EU) No 575/2013 of the European Parliament and of the Council classified as significant in accordance with Article 6(4) of Regulation (EU) No 1024/2013, the ECB in accordance with the powers and tasks conferred by that Regulation;

  2. for payment institutionsa payment institution as defined in Article 4, point (4), of Directive (EU) 2015/2366, including payment institutionsa payment institution as defined in Article 4, point (4), of Directive (EU) 2015/2366 exempted pursuant to Directive (EU) 2015/2366, electronic money institutionsan electronic money institution as defined in Article 2, point (1), of Directive 2009/110/EC of the European Parliament and of the Council, including those exempted pursuant to Directive 2009/110/EC, and account information service providersan account information service provider as referred to in Article 33(1) of Directive (EU) 2015/2366 as referred to in Article 33(1) of Directive (EU) 2015/2366, the competent authorityas defined in Article 46 designated in accordance with Article 22 of Directive (EU) 2015/2366;

  3. for investment firmsan investment firm as defined in Article 4(1), point (1), of Directive 2014/65/EU, the competent authorityas defined in Article 46 designated in accordance with Article 4 of Directive (EU) 2019/2034 of the European Parliament and of the Council (38)Directive (EU) 2019/2034 of the European Parliament and of the Council of 27 November 2019 on the prudential supervision of investment firms and amending Directives 2002/87/EC, 2009/65/EC, 2011/61/EU, 2013/36/EU, 2014/59/EU and 2014/65/EU (OJ L 314, 5.12.2019, p. 64).;

  4. for crypto-asset service providersa crypto-asset service provider as defined in the relevant provision of the Regulation on markets in crypto-assets as authorised under the Regulation on markets in crypto-assets and issuers of asset-referenced tokensan issuer of asset-referenced tokens as defined in the relevant provision of the Regulation on markets in crypto-assets, the competent authorityas defined in Article 46 designated in accordance with the relevant provision of that Regulation;

  5. for central securities depositoriesa central securities depository as defined in Article 2(1), point (1), of Regulation (EU) No 909/2014, the competent authorityas defined in Article 46 designated in accordance with Article 11 of Regulation (EU) No 909/2014;

  6. for central counterpartiesa central counterparty as defined in Article 2, point (1), of Regulation (EU) No 648/2012, the competent authorityas defined in Article 46 designated in accordance with Article 22 of Regulation (EU) No 648/2012;

  7. for trading venuesa trading venue as defined in Article 4(1), point (24), of Directive 2014/65/EU and data reporting service providersa data reporting service provider within the meaning of Regulation (EU) No 600/2014, as referred to in Article 2(1), points (34) to (36) thereof, the competent authorityas defined in Article 46 designated in accordance with Article 67 of Directive 2014/65/EU, and the competent authorityas defined in Article 46 as defined in Article 2(1), point (18), of Regulation (EU) No 600/2014;

  8. for trade repositoriesa trade repository as defined in Article 2, point (2), of Regulation (EU) No 648/2012, the competent authorityas defined in Article 46 designated in accordance with Article 22 of Regulation (EU) No 648/2012;

  9. for managers of alternative investment fundsa manager of alternative investment funds as defined in Article 4(1), point (b), of Directive 2011/61/EU, the competent authorityas defined in Article 46 designated in accordance with Article 44 of Directive 2011/61/EU;

  10. for management companiesa management company as defined in Article 2(1), point (b), of Directive 2009/65/EC, the competent authorityas defined in Article 46 designated in accordance with Article 97 of Directive 2009/65/EC;

  11. for insurance and reinsurance undertakingsa reinsurance undertaking as defined in Article 13, point (4), of Directive 2009/138/EC, the competent authorityas defined in Article 46 designated in accordance with Article 30 of Directive 2009/138/EC;

  12. for insurance intermediariesan insurance intermediary as defined in Article 2(1), point (3), of Directive (EU) 2016/97 of the European Parliament and of the Council;, reinsurance intermediariesa reinsurance intermediary as defined in Article 2(1), point (5), of Directive (EU) 2016/97 and ancillary insurance intermediariesan ancillary insurance intermediary as defined in Article 2(1), point (4), of Directive (EU) 2016/97, the competent authorityas defined in Article 46 designated in accordance with Article 12 of Directive (EU) 2016/97;

  13. for institutions for occupational retirement provisionan institution for occupational retirement provision as defined in Article 6, point (1), of Directive (EU) 2016/2341, the competent authorityas defined in Article 46 designated in accordance with Article 47 of Directive (EU) 2016/2341;

  14. for credit rating agenciesa credit rating agency as defined in Article 3(1), point (b), of Regulation (EC) No 1060/2009, the competent authorityas defined in Article 46 designated in accordance with Article 21 of Regulation (EC) No 1060/2009;

  15. for administrators of critical benchmarksan administrator of ‘critical benchmarks’ as defined in Article 3(1), point (25), of Regulation (EU) 2016/1011, the competent authorityas defined in Article 46 designated in accordance with Articles 40 and 41 of Regulation (EU) 2016/1011;

  16. for crowdfunding service providersa crowdfunding service provider as defined in Article 2(1), point (e), of Regulation (EU) 2020/1503 of the European Parliament and of the Council, the competent authorityas defined in Article 46 designated in accordance with Article 29 of Regulation (EU) 2020/1503;

  17. for securitisation repositoriesa securitisation repository as defined in Article 2, point (23), of Regulation (EU) 2017/2402 of the European Parliament and of the Council, the competent authorityas defined in Article 46 designated in accordance with Articles 10 and 14(1) of Regulation (EU) 2017/2402.