Lead Overseer (DORA)

Also: DORA Art. 32, ESA Lead Overseer

One of the three European Supervisory Authorities (EBA, EIOPA, ESMA) responsible under DORA Art. 32 for direct supervision of an ICT third-party provider designated as critical. Assigned by the ESAs' Joint Committee.

The Lead Overseer takes over the continuous supervision of a CTPP: annual oversight plan, requests for information, on-site inspections, access to technical documents, staff interviews, recommendations for risk mitigation. Recommendations are not directly binding but are enforced by national supervisors towards financial entities.

Joint Examination Teams (JET) execute the operational reviews: staff from several national supervisors, coordinated by the Lead Overseer. Working language: English at ESA level, national languages for on-site audits.

Practical relevance: financial entities must expect Lead Overseer recommendations to be passed down indirectly via BaFin, BaFin equivalents or the ECB SSM. A critical provider without a cooperative Lead Overseer relationship becomes effectively unusable for regulated customers.

Lead Overseer (DORA)

Related terms