Various articles of DORA refer a qualified type of ICT services: ICT services supporting critical or important functions. Supporting is an unspecific term that could be understood to commence with any active use of an ICT system by a critical or important function without a requirement of a certain intensity threshold being exceeded. Presumably, the qualification and additional requirements are only justified if a certain level of dependency of critical or important functions on the ICT service exists.

The answer to this question is provided by the European Commission.

DORA does not provide thresholds on the level or intensity of the use of an ICT service in delivering a critical or important function of a financial entity. However, the level of engagement required for an ICT service should be considered in the light of the notion of ‘critical or important functions’, which is defined under Article 3(22) DORA as ‘a function, the disruption of which would materially impair the financial performance of a financial entity, or the soundness or continuity of its services and activities, or the discontinued, defective or failed performance of that function would materially impair the continuing compliance of a financial entity with the conditions and obligations of its authorisation, or with its other obligations under applicable financial services law’. The word “supporting” is referring to the fact that an ICT service is necessary for the delivery of critical or important functions. The ICT services should also be considered in the light of DORA’s objective to achieve a high level of digital operational resilience of financial entities.

Disclaimer provided by the European Commission:

The answers clarify provisions already contained in the applicable legislation. They do not extend in any way the rights and obligations deriving from such legislation nor do they introduce any additional requirements for the concerned operators and competent authorities. The answers are merely intended to assist natural or legal persons, including competent authorities and Union institutions and bodies in clarifying the application or implementation of the relevant legal provisions. Only the Court of Justice of the European Union is competent to authoritatively interpret Union law. The views expressed in the internal Commission Decision cannot prejudge the position that the European Commission might take before the Union and national courts.