CHAPTER V – Managing of ICT third-party risk Section I – Key principles for a sound management of ICT third-party risk Article 28 DORA – General principles Article 29 DORA – Preliminary assessment of ICT concentration risk at entity level Article 30 DORA – Key contractual provisions Section II – Oversight Framework of critical ICT third-party service providers Article 31 DORA – Designation of critical ICT third-party service providers Article 32 DORA – Structure of the Oversight Framework Article 33 DORA – Tasks of the Lead Overseer Article 34 DORA – Operational coordination between Lead Overseers Article 35 DORA Article 36 DORA – Exercise of the powers of the Lead Overseer outside the Union Article 37 DORA – Request for information Article 38 DORA – General investigations Article 39 DORA – Inspections Article 40 DORA – Ongoing oversight Article 41 DORA – Harmonisation of conditions enabling the conduct of the oversight activities Article 42 DORA – Follow-up by competent authorities Article 43 DORA – Oversight fees Article 44 DORA – International cooperation 2025-12-03