Skip to main content
DORA Auditor

Article 33: Tasks of the Lead Overseer

Last updated: 1 authoritative sourceDORA Auditor Editorial Team

Article 33 sets out the tasks of the Lead Overseer, including assessing whether each critical provider has comprehensive, sound, and effective rules and controls to manage the ICT risk it may pose to financial entities.

Chapter V, Managing of ICT third-party risk · Pillar: ICT Third-Party Risk

Key points

  • Defines the Lead Overseer's assessment tasks
  • Evaluates critical providers' risk controls
  • Underpins recommendations to providers

How this fits DORA

Article 33 sits within the ICT Third-Party Risk pillar. For the full set of obligations and how they interlock, see the DORA requirements overview.

Read the official text

This is an editorial summary. Read the binding text of Article 33 in the consolidated regulation on EUR-Lex.

Sources

  1. Regulation (EU) 2022/2554 (DORA), EUR-Lex