2025-04-09

Circular CSSF 25/882 on requirements for the use of ICT third-party services under DORA

The CSSF issued Circular 25/882 to establish specific requirements for financial entities subject to the Digital Operational Resilience Act regarding their use of ICT third-party services. This directive mandates compliance with operational resilience standards to mitigate risks associated with external technology providers. The regulation aims to ensure that financial entities maintain robust ICT risk management frameworks in accordance with DORA provisions.

Commission de Surveillance du Secteur Financier logo

Luxembourg

Commission de Surveillance du Secteur Financier

Click to view full text
Share