The European Banking Authority (EBA) has taken a fresh step to fortify financial sector resilience by teaming up with UK financial watchdogs. On 14 January 2026, they inked a Memorandum of Understanding (MoU) to jointly oversee critical ICT third-party service providers, a move guaranteed to spark reactions among EU and UK financial institutions, ICT sectors, and regulatory authorities eager to see their grip on digital operational risks tightened.
This development stems from a press release published by the European Banking Authority (EBA) on 14 January 2026. The MoU was signed by the European Supervisory Authorities—EBA, EIOPA, and ESMA—and UK regulators including the Bank of England, Prudential Regulation Authority, and Financial Conduct Authority.
The document is a formal MoU that stipulates cooperation procedures, information sharing, and coordinated oversight of critical ICT third-party providers across EU and UK jurisdictions. It is grounded in the Digital Operational Resilience Act (DORA) articles 36, 44, and 49, which lay down the ESAs’ powers, cross-border cooperation, and communication mechanisms. The MoU includes a specific equivalence assessment confirming that the UK confidentiality and professional secrecy regime aligns with EU standards.
Policy directions signal a strengthening of cross-border regulatory cooperation with a clear focus on managing third-party ICT risks in financial services. This collaboration enhances supranational supervisory powers through joint oversight mechanisms while respecting national competencies in a post-Brexit context. It balances regulatory rigor and coherence against operational resilience, prioritizing transparency and coordination over fragmented national approaches.
EU and UK regulatory authorities gain enhanced tools and channels to manage ICT risks and coordinate cross-border actions, arguably leading to improved systemic stability. Financial institutions and ICT service providers, meanwhile, may encounter increased regulatory scrutiny and compliance burdens, affecting operational planning and costs. Consumers could benefit from indirect protection through strengthened resilience of their financial service providers. However, administrative complexities and possible duplication might arise during initial implementation.
This MoU marks the beginning of an ongoing cooperation process under DORA, reinforcing the EU’s and UK’s commitment to digital operational resilience post-Brexit. The next institutional moves likely involve continued dialogue and possible further agreements between the European Supervisory Authorities and other third-country regulators to extend oversight frameworks and harmonize supervisory practices worldwide.
← Atlas › News › Digital & Communication