# Art. 37 — Request for information

1. The [Lead Overseer](https://www.mica.wtf/definitions/definitions/dora/lead-overseer) may, by simple request or by decision, require [critical ICT third-party service providers](https://www.mica.wtf/definitions/definitions/dora/critical-ict-third-party-service-provider) to provide all information that is necessary for the [Lead Overseer](https://www.mica.wtf/definitions/definitions/dora/lead-overseer) to carry out its duties under this Regulation, including all relevant business or operational documents, contracts, policies, documentation, ICT security audit reports, [ICT-related incident](https://www.mica.wtf/definitions/definitions/dora/ict-related-incident) reports, as well as any information relating to parties to whom the [critical ICT third-party service provider](https://www.mica.wtf/definitions/definitions/dora/critical-ict-third-party-service-provider) has outsourced operational functions or activities.
2. When sending a simple request for information under paragraph 1, the [Lead Overseer](https://www.mica.wtf/definitions/definitions/dora/lead-overseer) shall:
   1. refer to this Article as the legal basis of the request;
   2. state the purpose of the request;
   3. specify what information is required;
   4. set a time limit within which the information is to be provided;
   5. inform the representative of the [critical ICT third-party service provider](https://www.mica.wtf/definitions/definitions/dora/critical-ict-third-party-service-provider) from whom the information is requested that he or she is not obliged to provide the information, but in the event of a voluntary reply to the request the information provided must not be incorrect or misleading.
3. When requiring by decision to supply information under paragraph 1, the [Lead Overseer](https://www.mica.wtf/definitions/definitions/dora/lead-overseer) shall:
   1. refer to this Article as the legal basis of the request;
   2. state the purpose of the request;
   3. specify what information is required;
   4. set a time limit within which the information is to be provided;
   5. indicate the periodic penalty payments provided for in [Article 35(6)](/dora/digital-operational-resilience-act/chapter-v-managing-ict-third-party-risk/article-35-powers-of-the-lead-overseer.md) where the production of the required information is incomplete or when such information is not provided within the time limit referred to in point (d) of this paragraph;
   6. indicate the right to appeal the decision to ESA's Board of Appeal and to have the decision reviewed by the Court of Justice of the European Union (Court of Justice) in accordance with Articles 60 and 61 of Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010.
4. The representatives of the [critical ICT third-party service providers](https://www.mica.wtf/definitions/definitions/dora/critical-ict-third-party-service-provider) shall supply the information requested. Lawyers duly authorised to act may supply the information on behalf of their clients. The [critical ICT third-party service provider](https://www.mica.wtf/definitions/definitions/dora/critical-ict-third-party-service-provider) shall remain fully responsible if the information supplied is incomplete, incorrect or misleading.
5. The [Lead Overseer](https://www.mica.wtf/definitions/definitions/dora/lead-overseer) shall, without delay, transmit a copy of the decision to supply information to the competent authorities of the financial entities using the services of the relevant [critical ICT third-party service providers](https://www.mica.wtf/definitions/definitions/dora/critical-ict-third-party-service-provider) and to the JON.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.mica.wtf/dora/digital-operational-resilience-act/chapter-v-managing-ict-third-party-risk/article-37-request-for-information.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.