Under the EU's Digital Operational Resilience Act (DORA), which started being applied in January 2025, three EU-level financial regulators can together name certain technology providers as critical and supervise them directly.