Article 38 Digital Operational Resilience Act (DORA), Oversight Fees
Article 38 of the Digital Operational Resilience Act (DORA) details the provisions for charging oversight fees to critical ICT third-party service providers. These fees are designed to cover the expenses incurred by the European Supervisory Authorities (ESAs) in carrying out their oversight responsibilities under the Regulation. This article establishes the framework for determining and managing these fees to ensure that they adequately reflect the costs associated with overseeing compliance and maintaining digital operational resilience.
Fee Structure and Coverage
- Purpose and Scope of Fees: The ESAs are authorized to charge fees to critical ICT third-party service providers to fully cover the costs associated with their oversight tasks. These tasks include monitoring compliance with DORA and other related regulatory activities. The fees also encompass the reimbursement of any expenses incurred by competent authorities that participate in oversight activities as outlined in Article 35. This provision ensures that the financial burden of oversight activities is borne by the service providers being regulated, rather than being subsidized by public funds.
- Fee Calculation and Proportionality: The fees charged must cover all administrative costs related to the oversight functions performed by the ESAs. These costs include both direct and indirect expenses that arise from the supervision of critical ICT third-party service providers. To ensure fairness, the amount of the fee must be proportional to the turnover of the service provider. This proportionality principle means that larger providers, with higher turnovers, will pay higher fees compared to smaller providers, reflecting their greater impact and the corresponding level of oversight required.
- Delegated Authority: The European Commission holds the authority to adopt a delegated act in accordance with Article 50. This act will detail the specific amount of fees to be charged and establish the methods for fee payment. By delegating this authority, the Commission ensures that the fee structure can be adjusted as necessary to align with the evolving needs of oversight activities and the financial landscape of the ICT sector. The delegated act will provide clarity on the exact fee amounts and the procedures for payment, ensuring transparency and consistency in how fees are applied.
Implementation and Impact
- Administrative Efficiency: The implementation of oversight fees is intended to enhance administrative efficiency by ensuring that the costs of regulatory oversight are directly funded by the entities subject to supervision. This approach not only aligns the interests of the service providers with regulatory objectives but also helps to maintain the financial sustainability of the ESAs’ oversight functions.
- Equitable Burden: By basing the fees on turnover, the Regulation ensures that the financial burden of oversight is distributed equitably among service providers. Larger providers, which may have more complex and resource-intensive oversight needs, will contribute more towards the costs of supervision. This proportionality principle helps to prevent disproportionately high fees for smaller providers while ensuring that the regulatory framework remains robust and effective.
- Transparency and Adjustability: The delegated act mechanism allows for ongoing adjustments to the fee structure as needed. This flexibility is crucial for adapting to changes in the financial sector and ensuring that the fees remain appropriate and effective. The clear definition of fee amounts and payment methods provided in the delegated act will enhance transparency and ensure that all stakeholders understand their financial obligations related to oversight.
Conclusion
Article 38 of DORA establishes a structured and equitable approach to charging oversight fees for critical ICT third-party service providers. By mandating that the fees cover all related administrative costs and be proportionate to turnover, the Regulation ensures that oversight activities are funded by those subject to regulation. The delegation of authority to the European Commission to determine specific fee amounts and payment methods adds flexibility and transparency to the process. This framework is essential for maintaining effective oversight of digital operational resilience, ensuring that the costs of regulatory activities are managed efficiently, and that the financial sector remains secure and resilient.