Skip to Primary Navigation

Skip to main content

EU DORA RTS - third party contractual arrangements - Art 1

Outlines the complexity and risk considerations that need to be taken under consideration in a written policy covering services supporting the financial institution's critical or important functions that are provided by third parties.

Rule Overview

Jurisdiction: European Union

Regulator: ESMA

Topic: Resilience, Business Continuity

Overview
Rules in This Collection
Notable
Latest News
Further Reading

Complexity and risk considerations include:

  • Type of service
  • Location of third party (or parent)
  • Nature of shared data
  • Data processing and storage location
  • Intra-group or independent service provision
  • Impact of risks / disruptions on continuity / availability of services

Article 1 distinguishes between third-service providers located within an EU member state  and those located in a third country (Art 1(c)). As well as those providers who are authorised and supervised by a competent authority in an EU member state and those that are not (Art 1(f)).

A practical way of approaching this foundational article is to:

Differentiate between third parties that are:

  • Authorised by EU country Authorised by third country
  • Located in EU country Located in third country
  • Subject to supervision or oversight
  • Not subject to supervision or oversight
  • Intra-group
  • Outside of the group

And two key questions to ask in connection with the location:

  • Where are the services actually provided from?
  • What is the location where data is actually processed and stored?
Rules in This Collection
EU DORA RTS - Third party contractual arrangements
EU DORA RTS - third party contractual arrangements - Art 1 This Rule
EU DORA RTS - third party contractual arrangements - Art 4
EU DORA RTS - third party contractual arrangements - Art 6
EU DORA RTS - third party contractual arrangements - Art 8
Notable
Managing vendors supporting critical or important functions - from zero to full compliance with DORA

Managing vendors supporting critical or important functions - from zero to full compliance with DORA

A summary of key practical steps based on the draft technical standard.

Thomas Hyrkiel, Katarzyna Parchimowicz5 min read

Your DORA questions answered – Extraterritoriality and interaction with existing rules

Your DORA questions answered – Extraterritoriality and interaction with existing rules

This last of a series of six articles covering a practical session organised by Ashurst focuses on how DORA will interact with existing rules as well as its extraterritorial effects.

Thomas Hyrkiel3 min read

Your DORA questions answered – ICT services in scope

Your DORA questions answered – ICT services in scope

This second of a series of six articles covering a practical session organised by Ashurst focuses on the ICT services in scope of DORA.

Thomas Hyrkiel3 min read

Technology

Managing vendors supporting critical or important functions - from zero to full compliance with DORA

Technology

Your DORA questions answered – Extraterritoriality and interaction with existing rules

Technology

Your DORA questions answered – ICT services in scope

Latest News More on DORA 

Further Reading

EIOPA Final report on draft RTS Go to https://www.eiopa.europa.eu/document/download/428c8cb4-a077-44d4-abd9-2bb130f63c0d_en?filename.pdf