Skip to main content
DORA Auditor

Article 35: Powers of the Lead Overseer

Last updated: 1 authoritative sourceDORA Auditor Editorial Team

Article 35 grants the Lead Overseer powers over critical ICT third-party providers, including requesting information, conducting investigations and inspections, issuing recommendations, and imposing periodic penalty payments of up to 1% of average daily worldwide turnover.

Chapter V, Managing of ICT third-party risk · Pillar: ICT Third-Party Risk

Key points

  • Grants information, investigation, and inspection powers
  • Allows recommendations to critical providers
  • Periodic penalties up to 1% of average daily worldwide turnover

How this fits DORA

Article 35 sits within the ICT Third-Party Risk pillar. For the full set of obligations and how they interlock, see the DORA requirements overview.

Read the official text

This is an editorial summary. Read the binding text of Article 35 in the consolidated regulation on EUR-Lex.

Sources

  1. Regulation (EU) 2022/2554 (DORA), EUR-Lex