Digital Operational Resilience Act (DORA), Article 38, Oversight fees.
1. The ESAs shall charge critical ICT third-party service providers fees that fully cover ESAs’ necessary expenditure in relation to the conduct of Oversight tasks pursuant to this Regulation, including the reimbursement of any costs which may be incurred as a result of work carried out by competent authorities joining the Oversight activities in accordance with Article 35.
The amount of a fee charged to a critical ICT third-party service provider shall cover all administrative costs and shall be proportionate to their turnover.
2. The Commission is empowered to adopt a delegated act in accordance with Article 50 to supplement this Regulation by determining the amount of the fees and the way in which they are to be paid.