Update
08.12.2023
The requirements set out in the outsourcing rules and in DORA show many similarities. Both the outsourcing rules and DORA set requirements for arrangements with third-party service providers.

This document provides a comparison of the ESMA Guidelines on outsourcing to cloud service providers, the EBA Guidelines on outsourcing arrangements and the Digital Operational Resilience Act (DORA), in the context of the relationship with third-party service providers. One difference to highlight is that the obligations in DORA focus on all digital and data services provided on an ongoing (i.e. not one-off) basis via ICT systems and are not limited to ICT services that qualify as outsourcing. The outsourcing rules pertain to all outsourcing arrangements, whether or not these are ICT-related.

Would you like to receive this overview? Please contact Willemijn Pieters

Cookie notification

This functionality uses third-party cookies. Change your cookie preferences to view this content or view more information.
These cookies ensure that the website works properly. These cookies cannot be disabled.
These cookies can be placed by third parties, such as YouTube or Vimeo.
By deactivating categories, it is possible that related functionalities within the website may no longer work properly. It is always possible to change your preferences at a later time. View more information.