The requirements set out in the outsourcing rules (such as the EBA and ESMA (cloud) outsourcing guidelines) and in DORA show many similarities, but there are key differences.

Both the outsourcing rules and DORA set out requirements for arrangements with third-party service providers, and those in DORA take inspiration from the outsourcing. However, the obligations in DORA focus on all digital and data services provided on an ongoing (i.e. not one-off) basis via ICT systems and are not limited to ICT services that qualify as outsourcing. The outsourcing rules pertain to all outsourcing arrangements, whether or not these are ICT-related. Furthermore, the requirements to implement in respect of third-party service providers are more detailed than those currently found in outsourcing rules.

Our DORA team has compiled a comparison of the EBA and ESMA (cloud) outsourcing guidelines and the DORA provisions in the context of the relationship with third-party service providers that can be used for the implementation of the DORA provisions in respect of third-party service providers. It has been updated to reflect the latest RTS/ITS developments.

Would you like to receive the full ‘Comparison – ESMA outsourcing guidelines, EBA outsourcing guidelines & DORA’ overview? Please contact Max Mohrmann

Related articles

Cookie notification

This functionality uses third-party cookies. Change your cookie preferences to view this content or view more information.
These cookies ensure that the website works properly. These cookies cannot be disabled.
These cookies can be placed by third parties, such as YouTube or Vimeo.
By deactivating categories, it is possible that related functionalities within the website may no longer work properly. It is always possible to change your preferences at a later time. View more information.