Skip to content
Home / Function (NIST CSF 2.0) / RC - Recover / Cyber Resilience

EU Commission Delegated Regulation 2024/1773 of 13 March 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the detailed content of the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers

This document focuses on:

Commission Delegated Regulation (EU) 2024/1773 of 13 March 2024 supplements Regulation (EU) 2022/2554 (DORA) by establishing regulatory technical standards that specify the detailed content required in policies governing contractual arrangements for ICT services supporting critical or important functions provided by third-party service providers. The regulation mandates that financial entities develop comprehensive policies addressing the entire lifecycle of such contracts, including risk assessment, due diligence, governance arrangements, and management of conflicts of interest. It sets out requirements for clear contractual clauses to ensure data security, operational continuity, and regulatory compliance, as well as robust monitoring and annual reviews of ICT service providers. The regulation also requires the inclusion of exit strategies to manage potential disruptions or terminations of contracts, thereby strengthening operational resilience and cybersecurity across the EU financial sector.


Publication's URL

https://eur-lex.europa.eu/eli/reg_del/2024/1773/oj/eng

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *