The European Supervisory Authorities and UK financial regulators have agreed on how they will work together to oversee the technology firms that underpin large parts of the financial system.
In a Memorandum of Understanding signed on 14 January 2026, the European Banking Authority, the European Insurance and Occupational Pensions Authority and the European Securities and Markets Authority joined with the Bank of England, the Prudential Regulation Authority and the Financial Conduct Authority. The agreement focuses on “critical ICT third-party service providers”, large cloud, data and technology firms that financial institutions rely on for core operations.
The arrangement is required under the EU’s Digital Operational Resilience Act (DORA), which gives supervisors direct oversight powers over key technology providers and stresses the need for cross-border coordination.
Cooperation
According to the original announcement from the European Supervisory Authorities, the MoU sets out principles and procedures for information sharing, coordination and practical cooperation between EU and UK authorities when overseeing these providers. The aim is to make sure risks linked to third-party ICT services are identified and managed consistently on both sides of the Channel.
For post-trade firms, which depend heavily on outsourced technology for clearing, settlement and data processing, this is a sign that supervisory scrutiny of vendors will become more structured and internationally aligned.
Legal basis under DORA
The MoU is based on Articles 36, 44 and 49 of DORA, which deal with oversight powers, international cooperation and cross-sector exercises. Before signing, the European authorities assessed whether the UK’s confidentiality and professional secrecy rules are equivalent to those in the EU. They concluded that the UK regime meets the standards required under DORA.
