DORA defines an ICT Service as any “digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis […]”, Art. 3(21) DORA. Consequently, an ICT Service provided by an ICT Third Party Service Provider on an ongoing basis towards a Financial Entity is subject to the requirements outlined in Art. 30 DORA.

An indication what could constitute an ICT Service could be drawn from Annex 3 to the Draft Implementing Technical Standards on the standard templates for the purposes of the register of information in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers under Article 28(9) of Regulation (EU) 2022/2554. Please note that this list might not be exhaustive as it primarily refers to the question which information needs to be put in the register pursuant to Art. 28(3) DORA.

Deutsche Börse AG (“DBAG”) is authorized to operate the exchange Frankfurter Wertpapierbörse (FWB) under its exchange license. However, trading is not provided as an IT platform or software solution service. Trading is subject to a regulatory authorization requirement and such activity is conducted by DBAG, but they DBAG does not offer trading PaaS, Saas, IaaS solutions enabling third-parties to conduct a market on their own.

As DBAG in it´s capacity as operator of the FWB doesn’t offer services conformant to the ICT services mentioned in Annex III of the Draft ITS with respect to the operation of a trading system, these core functions are not to be considered as ICT Services. Furthermore and in the context of the DORA Dry Run, the European Supervisory Authorities (“ESAs") published FAQs which also address the term ICT Services. These FAQs are currently under review and will be replaced in the near future. In these FAQs it was clarified that a service shall not be considered as an ICT Service if a Financial Entity has obtained a license to deliver it. Consequently, any activities which are directly resulting from these authorizations would not constitute ICT Services. However, other services which are not subject to an authorization requirement might conform to the definition of ICT Services (such as certain connectivity services might be considered as ICT Services).

Connectivity services are laid down in Deutsche Börse AG Agreements or Provider Connection Agreements. Deutsche Börse AG is currently assessing whether and which connectivity services might be subject to DORA. In the event such services are affected, the DORA-specific adjustments will be implemented through an additional addendum to the existing contracts. Affected customers will be proactively approached and will receive a DORA-compliant addendum.

Yes, an impact assessment for Deutsche Börse AG in its role as ICT Third-Party Service Provider has been completed. Additional information will be available here on this Initiative page in the coming weeks.

Deutsche Börse AG is obliged by law to treat all their Trading Participants equally. For this reason, it is intended to provide a standard contract as a DORA-compliant solution.