2025-04-09
The CSSF issued Circular 25/882 to establish specific requirements for financial entities subject to the Digital Operational Resilience Act regarding their use of ICT third-party services. This directive mandates compliance with operational resilience standards to mitigate risks associated with external technology providers. The regulation aims to ensure that financial entities maintain robust ICT risk management frameworks in accordance with DORA provisions.