In brief The European Supervisory Authorities (ESAs) are preparing to designate critical third-party service providers (CTPPs) under the Digital Operational Resilience Act (DORA). DORA, which came into force on 17 January 2025, enables the ESAs to designate key ICT providers to the EU financial services sector as critical, subjecting them to direct supervisory and oversight obligations. The ESAs have recently published a roadmap indicating their expected timeline for designations – with the final designations expected to be…