New European Cloud Outsourcing Requirements for Fund Managers

On 18 December 2020, the European Securities Market Authority (“ESMA”) released guidelines on outsourcing to cloud service providers (the “ESMA Guidelines”).

The ESMA Guidelines aim to provide guidance to, amongst others, fund managers, depositaries, as well as, to competent national supervisory authorities on what regulatory standards should apply in the case of outsourcing to cloud service providers (“CSP”).

The past two years have led to a development to regulate (cloud) outsourcing increasingly on the European level. In February 2019, the European Banking Authority (the “EBA”) guidelines on outsourcing arrangements, which incorporated the EBA Recommendations on outsourcing to CSPs, were adopted and harmonized the legal framework applicable to, amongst others, banks, e-money and payment institutions. Furthermore, the European Insurance and Occupational Pensions Authority (“EIOPA”) published on the 31 January 2020 the guidelines in the cloud domain applicable to insurance and reinsurance undertakings (the “EIOPA Guidelines”). Given these developments, it is unsurprising that ESMA has followed the approach of the EBA and EIOPA by setting out a harmonized legal framework that is coherent with the previously mentioned initiatives for entities falling under its responsibility.

Click here to read the full article.

Source: Agefi - January 2021

Related articles

AIFMD II enters into force - the implementation period has started

Counting down to DORA – governance of ICT risks and board member responsibility

ICT services: comparison of the ESMA and EBA outsourcing guidelines and DORA

DMA countdown - Perhaps the most important milestone: gatekeepers must ensure compliance

NautaDutilh IP team maintains strong standing in WTR 1000 2024

Counting down to DORA – Mapping and classification of ICT services

Privacy & data in the Benelux: five things you need to know in 2024

Benelux Competition Law in 2024: five things you need to know

Technology and the law in 2024: five things you need to know

Counting down to DORA – three key aspects

Strict liability regime in case of enforcement of invalid IP rights can be 'appropriate'

EU AI Act: three key insights on the world's first comprehensive AI law

The Chambers Technology & Outsourcing guide 2023

The Foreign Direct Investment Regimes Guide 2024

Life Sciences challenges and opportunities in Europe and the USA: key insights

Luxembourg FDI screening mechanism enters into force

A new era in patent litigation: five things to know about the start of the UPC

Update Luxembourg law on business licenses: three key insights

New bill of law for modernisation and retailisation of Luxembourg fund solutions

Third parties can intervene in BDPA proceedings and appeal its decisions

The law on the use of digital tools and processes in company law in force in Luxembourg

The competition dynamics in relation to cloud services

NautaDutilh assists founding shareholders of Route Mobile in selling majority stake to Proximus

Green light for EU-US Data Privacy Framework: a new era for transatlantic data flows

NautaDutilh named Benelux Trademark Firm of the Year at the 2023 Managing IP Awards

The law on the use of digital tools and processes in company law

Luxembourg: introduction of national FDI screening mechanism

Upcoming EU legislation on artificial intelligence

New bill of law for the modernisation and retailisation of Luxembourg fund solutions

NautaDutilh Luxembourg ranked in Chambers FinTech 2023

Best practices for drafting and updating data protection notices

EU Foreign Subsidies Regulation (FSR): five things you need to know

The EDPB provides for further guidance on the use of cloud solutions in line with the GDPR

Benelux Competition Law in 2023: five things you need to know

Data Protection in Belgium: the 2023 focus of the BDPA

NautaDutilh contributes to IAPP's Global Legislative Predictions 2023

Online platforms and search engines to publish average monthly active recipients (AMARs) in EU by 17 February 2023

Benelux Technology Law in 2023: five things you need to know

CJEU decision extending the scope of article 5(1) of the Damages Directive

UPC update: extension Sunrise Period, judicial appointments and more

GDPR & AML: no longer public access to UBO data without legitimate interest

A low degree of similarity?

No longer public access to UBO data without legitimate interest

DORA: the forthcoming EU legal framework on Digital Operational Resilience in the financial sector

Vincent Wellens on FATCA in the Paperjam

DORA the EU Regulation

NautaDutilh contributes to Technology Disputes Guide by Lexology

The Unified Patent Court: five things you need to know

CSSF publishes Communication on SFDR RTS confirmation letter

NautaDutilh boosts its funds practice with the arrival of partner Géraldine Léonard

Paying a tribute is not dishonest

Luxembourg first member state to launch a certification mechanism under the GDPR

European Data Protection Board harmonises EU fining guidelines

Introduction of a New eDesk Module – ePassporting

New GDPR guidelines on fines on the way

Data protection impact assessments new EDPS recommendations

Heavy fines for Belgian airports for using thermal imaging cameras – what are the lessons for the other controllers?

CSSF Circular 22/811 - Authorisation and Organisation of Entities Acting as UCI Administrators

CSSF Circular 22/810 - Pre-marketing and Cross-border Marketing Notification Procedures

Revamped CSSF outsourcing guidance for the financial sector

20 years of NautaDutilh Luxembourg

NautaDutilh assists Resilience Partners with the launch of a EUR 200 million regulated fund (SICAR) to provide financing to SMEs

CSSF FAQ on use of liquidity management tools by investment funds

Public procurement in 2022: five things you need to know

NautaDutilh's Benelux IP-team stands out in WTR1000 2022

Luxembourg investment funds in 2022: five things you need to know

Our privacy experts Vincent Wellens and Yoann Le Bihan contribute to the IAPP’s Global Legislative Predictions 2022

Benelux Data Law: five things you need to know in 2023

Luxembourg IP & Technology Law: five things you need to know

Retailisation: the latest trend in the fund industry

Data Protection notices after the Whatsapp case: what's the message?

NautaDutilh Luxembourg ranked in Chambers FinTech 2022

CSSF communiqués of 29 November and 2 December 2021 - prepare for a green holiday season

Why all companies should care about the UN's cybersecurity & software update regulations: Lessons for all sectors

New rules on material IT outsourcing in the financial sector

CSSF introduces new eDesk module

NautaDutilh contributes to Technology Disputes Guide by Lexology

NautaDutilh contributes to digitalization series by EACCNY

Long-awaited clarity on required safeguards for international data transfers