IBM Designated as a Critical Third-Party Provider Under EU DORA

ARMONK, N.Y., Dec. 5, 2025 /PRNewswire/ -- The Digital Operational Resilience Act (DORA) is a European Union regulation designed to ensure that financial entities—such as banks, insurance companies, and investment firms—and their critical Information and Communication Technology (ICT) providers can withstand and recover from technology disruptions, including cyber incidents and technical failures.

IBM (NYSE: IBM) was recently designated by the European Supervisory Authorities (EBA, EIOPA, ESMA) as a critical ICT third-party provider under DORA. This designation reflects the essential role that technology providers like IBM play in supporting the resilience of Europe's financial sector.

The objective is clear: strengthen operational resilience across Europe's financial ecosystem, mitigate systemic risk, and ensure trust in the stability and security of digital services.

What This Means for IBM and our Clients

IBM has long been a trusted partner to the world's financial services firms, with decades of experience supporting the financial sector and collaborating with financial regulators and oversight bodies worldwide.

This designation places IBM in-scope for supervision by European Supervisory Authorities as a critical third-party provider, and we will work closely with the ESAs to ensure operational and technical resilience that is critical to Europe's financial system.

For our clients, this designation reinforces IBM's longstanding commitment to operational resilience and regulatory compliance. We will continue to provide guidance and resources to help financial institutions meet their own DORA obligations while maintaining innovation and competitiveness.

Ahead of DORA's implementation, we have worked across our technology and services units to address requirements for both IBM and our clients, contributing to an EU-wide framework that protects the stability of Europe's financial system. We continually strengthen our cybersecurity technologies, defenses, and governance worldwide to meet the highest standards of security and operational resilience.

We look forward to constructive engagement with the European Supervisory Authorities and to drawing on our deep expertise in risk management, cybersecurity, and regulatory compliance to help clients navigate evolving requirements with confidence.

Our priorities include:

• Collaborating with regulators to ensure compliance and transparency
• Supporting financial institutions in meeting their own DORA obligations
• Investing in resilience to safeguard stability and trust in digital services

Together, we can help Europe's financial ecosystem remain secure, resilient, and ready for the future. 

Learn more:

• Trust at IBM
• What is DORA
• DORA Action Guide

About IBM 

IBM is a leading global hybrid cloud and AI, and business services provider, helping clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Thousands of governments and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM's hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM's breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM's legendary commitment to trust, transparency, responsibility, inclusivity and service.

For more information, visit https://research.ibm.com.

Media contact:

Lobna Hassan
IBM
lobna.hassan@ibm.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/ibm-designated-as-a-critical-third-party-provider-under-eu-dora-302633575.html

SOURCE IBM