03 / DORA — ICT REGISTER03
ICT REGISTER
Regulation
DORA — Regulation (EU) 2022/2554 · Article 28(3)
ICT Third-party providers — Q1 2026
1 review overdue1 exit plan missing| Provider | Function provided | Criticality | Concentration risk | Exit plan | Last review | Next review due |
|---|---|---|---|---|---|---|
Fireblocks | Digital asset custody | CRITICAL | HIGH | Draft | 15 Nov 2025 | 15 May 2026 |
BitGo | Digital asset custody | CRITICAL | MEDIUM | Complete | 10 Jan 2026 | 10 Jan 2027 |
Anchorage Digital | Digital asset custody | IMPORTANT | LOW | Complete | 20 Feb 2026 | 20 Feb 2027 |
Sumsub | KYC / identity verification | IMPORTANT | MEDIUM | Draft | 01 Dec 2025 | 01 Jun 2026 |
Notabene | Travel Rule compliance | IMPORTANT | LOW | Missing | 05 Oct 2025 | 05 Apr 2026 Overdue |
Chainalysis | Know-your-transaction (KYT) | IMPORTANT | MEDIUM | Complete | 22 Jan 2026 | 22 Jan 2027 |
Google Cloud | Cloud hosting (Frankfurt region) | CRITICAL | HIGH | Draft | 01 Mar 2026 | 01 Sept 2026 |
Criticality
CRITICAL
IMPORTANT
STANDARD
Next review
Overdue
Due within 30 days
Demo CASP · Lithuania · Q1 2026
Confidential