Regulatory Alerts2024-07-26
Final report on draft regulatory technical standards for ICT subcontracting under DORA
The European Supervisory Authorities have issued a final report on draft regulatory technical standards mandating that financial entities assess risks and conduct due diligence when subcontracting ICT services supporting critical or important functions. These standards require financial entities to monitor the entire subcontracting chain, ensure consistent group-wide application, and maintain contractual rights to terminate agreements if new subcontracting arrangements exceed their risk tolerance. The regulations apply proportionally based on the entity's size and complexity, treating intra-group subcontractors with the same rigor as external providers to ensure digital operational resilience.
Share