Publication
28.11.2024
Financial institutions and ICT suppliers are updating their contracts to comply with the Digital Operational Resilience Act (DORA), impacting agreements like outsourced services and software.

Templates are used for medium to low-risk services, but high-risk services need tailored approaches. Compliance must align with existing regulations like GDPR and EBA Outsourcing Guidelines. The process is challenging due to tight timelines and internal dependencies.

The CSSF DORA readiness survey revealed that, as of last September, 70% of institutions considered themselves partially or not ready when it comes to ICT third-party risk management, so a lot of work remains to be done before the deadline of 17 January 2025.
Sigrid Heibrant, counsel

The article is available in English and French.

Related articles

Cookie notification

This functionality uses third-party cookies. Change your cookie preferences to view this content or view more information.
These cookies ensure that the website works properly. These cookies cannot be disabled.
These cookies can be placed by third parties, such as YouTube or Vimeo.
By deactivating categories, it is possible that related functionalities within the website may no longer work properly. It is always possible to change your preferences at a later time. View more information.