These Critical ICT Third Party Providers fall under direct supervision

The European supervisory authorities have published the list of Critical Third Party ICT Providers (CTPP). These 19 suppliers are considered critical to the European financial sector.

The list is based on the information registers that each financial institution was required to submit. Based on the suppliers' importance to the sector, the extent to which they support critical functions, and their substitutability, it was then determined which suppliers would fall under the direct supervision of the European supervisory authorities EBA, EIOPA, and ESMA.

Oversight focuses on managing ICT risks at these suppliers, including the scalability and quality of ICT services, physical security, governance and organizational structure, cyberattack detection and response, and data and application portability. Supervisors can make recommendations and impose fines (up to 1% of global turnover).

The list includes infrastructure providers, cloud, telecom, SAAS, data suppliers, and consultants. It will be updated annually (based on the financial entities' information registers).

‍

• Accenture plc  
• Amazon web Services EMEA Sarl
• Bloomberg L.P.
• Capgemini SE
• Colt Technology Services
• Deutsche Telekom AG  
• Equinix (EMEA) B.V.
• Fidelity National Information Services, Inc.
• Google Cloud EMEA Limited
• International Business Machine Corporation
• InterXion HeadQuarters B.V.
• Kyndryl Inc.
• LSEG Data and Risk Limited
• Microsoft Ireland Operations Limited
• NTT DATA Inc.
• Oracle Nederland B.V.  
• Orange SA
• SAP SE
• Tata Consultancy Services Limited