EU DORA RTS – Third party contractual arrangements – Global Relay Intelligence & Practice

EU DORA RTS - Third party contractual arrangements

Rule Collection

Sets out the detailed requirements for the policy that financial entities will need to have in place in connection with their use of ICT third-party service providers supporting critical or important functions.

Rule Overview

Jurisdiction: European Union

Regulator: ESMA

Topic: Resilience

Overview

Rules in This Collection

Notable

Latest News

Further Reading

The policy is to be a part of the financial entity’s ICT risk management framework, is to apply on an individual and, where relevant, sub-consolidated and consolidated basis and must be regularly reviewed.

Article 1

Risk profile and complexity

Article 2

Group application

Article 3

Governance arrangements

Article 4

Contract life cycle

Article 5

Ex-ante risk assessment

Article 6

Due diligence

Article 7

Conflicts of interest

Article 8

Contractual clauses

Article 9

Monitoring arrangements

Article 10

Exit and termination

Rules in This Collection

EU DORA RTS - Third party contractual arrangements This Rule

EU DORA RTS - third party contractual arrangements - Art 1

EU DORA RTS - third party contractual arrangements - Art 4

EU DORA RTS - third party contractual arrangements - Art 6

EU DORA RTS - third party contractual arrangements - Art 8

Notable

Your DORA questions answered – Business resilience more broadly

Technology

Your DORA questions answered – Business resilience more broadly

March 27, 2024

This fifth of a series of articles covering a practical session organised by Ashurst focuses on business resilience questions connected to DORA.

Thomas Hyrkiel3 min read

Your DORA questions answered – CIFs

Technology

Your DORA questions answered – CIFs

March 25, 2024

This third of a series of six articles covering a practical session organised by Ashurst focuses on critical or important functions.

Thomas Hyrkiel4 min read

Your DORA questions answered – ICT services in scope

Technology

Your DORA questions answered – ICT services in scope

March 22, 2024

This second of a series of six articles covering a practical session organised by Ashurst focuses on the ICT services in scope of DORA.

Thomas Hyrkiel3 min read

Technology

Your DORA questions answered – Business resilience more broadly

Technology

Your DORA questions answered – CIFs

Technology

Your DORA questions answered – ICT services in scope

Latest News More on DORA

ESMA

ESAs make progress on critical ICT third-party oversight framework

February 24, 2025

ICT providers designated critical under DORA will get six weeks to challenge the designation.

Jean Hurley1 min read
Regulation

EBA narrows existing ICT guidelines

February 17, 2025

DORA ICT risk management requirements apply to financial entities in their place.

Thomas Hyrkiel1 min read
Security

Why tech, process and people are top of mind for CISO Laurence Lafond

January 28, 2025

In this second part of our discussion with Lafond, he refers to internal threats, side-channel attacks, vendor risks and having a well-equipped incident response plan and team.

Julie DiMauro10 min read
ESMA

DORA: Navigating the path ahead

January 27, 2025

With DORA now in effect, the EU’s financial sector is entering a new phase of operational resilience obligations, where firms must shift from preparation to action.

Nathaniel Lalone | Katten, Ciara McBrien | Katten5 min read
ESMA

Facing up to the challenge as the age of DORA dawns

January 17, 2025

The absence of a transitional period presents a challenge for firms and third parties.

Thomas Hyrkiel2 min read
Conferences and events

XLOD London 2024: What’s next for operational resilience?

January 13, 2025

Experts from Morgan Stanley, BNY, Nomura and First Abu Dhabi Bank discussed this key issue at the leading compliance industry event.

Alex Viall4 min read
Compliance

1LoD report points to key regulatory trends in 2025

January 8, 2025

Regulatory preparedness, resilience and evolving challenges among the topics covered in an insightful and data-rich document.

Thomas Hyrkiel3 min read
Technology

Counting down to DORA compliance

October 23, 2024

Developments include: potential standardization of threat-led penetration testing, new oversight director for DORA and ESA's work program.

Nathaniel Lalone | Katten, Ciara McBrien | Katten3 min read

Further Reading

EIOPA Draft RTS Final Report

DORA RTS for in-house lawyers