EU Commission Delegated Regulation 2024/1773 of 13 March 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the detailed content of the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers

Commission Delegated Regulation (EU) 2024/1773 of 13 March 2024 supplements Regulation (EU) 2022/2554 (DORA) by establishing regulatory technical standards that specify the detailed content required in policies governing contractual arrangements for ICT services supporting critical or important functions provided by third-party service providers. The regulation mandates that financial entities develop comprehensive policies addressing the entire lifecycle of such contracts, including risk assessment, due diligence, governance arrangements, and management of conflicts of interest. It sets out requirements for clear contractual clauses to ensure data security, operational continuity, and regulatory compliance, as well as robust monitoring and annual reviews of ICT service providers. The regulation also requires the inclusion of exit strategies to manage potential disruptions or terminations of contracts, thereby strengthening operational resilience and cybersecurity across the EU financial sector.

Publication's URL

URL: https://eur-lex.europa.eu/eli/reg_del/2024/1773/oj/eng

Publication's scorecard

Error: unable to get links from server. Please make sure that your site supports either file_get_contents() or the cURL library.