EU DORA RTS – third party contractual arrangements – Art 4 – Global Relay Intelligence & Practice

EU DORA RTS - third party contractual arrangements - Art 4

Outlines the requirements for each main phase of the lifecycle for of a contractual arrangement with a third party.

Rule Overview

Jurisdiction: European Union

Regulator: ESMA

Topic: Resilience, Business Continuity

Overview

Rules in This Collection

Notable

Latest News

Further Reading

The policy must cover at least the following:

Art 4(a)

The responsibilities of the management body including its involvement in the decision-making process

Art 4(b)

The planning of contractual arrangements including risk assessment, due diligence and process for material changes

Art 4(c)

The involvement of business units, internal controls and other relevants parts of the business

Art 4(d)

The implementation, monitoring and management of contractual arrangements

Art 4(e)

Documentation and record-keeping requirements

Art 4(f)

Exit strategies and termination processes

Rules in This Collection

EU DORA RTS - Third party contractual arrangements

EU DORA RTS - third party contractual arrangements - Art 1

EU DORA RTS - third party contractual arrangements - Art 4 This Rule

EU DORA RTS - third party contractual arrangements - Art 6

EU DORA RTS - third party contractual arrangements - Art 8

Notable

Your DORA questions answered – ICT third party contracts

Technology

Your DORA questions answered – ICT third party contracts

March 26, 2024

This fourth of a series of six articles covering a practical session organised by Ashurst focuses on information and communication technology third party contracts.

Thomas Hyrkiel5 min read

Your DORA questions answered – ICT services in scope

Technology

Your DORA questions answered – ICT services in scope

March 22, 2024

This second of a series of six articles covering a practical session organised by Ashurst focuses on the ICT services in scope of DORA.

Thomas Hyrkiel3 min read

Your DORA questions answered – CIFs

Technology

Your DORA questions answered – CIFs

March 25, 2024

This third of a series of six articles covering a practical session organised by Ashurst focuses on critical or important functions.

Thomas Hyrkiel4 min read

Technology

Your DORA questions answered – ICT third party contracts

Technology

Your DORA questions answered – ICT services in scope

Technology

Your DORA questions answered – CIFs

Latest News More on DORA

Regulation

BaFin publishes DORA document requirements cheat sheet

August 19, 2025

Comprehensive register of key documents is relevant to all organizations running digital systems and needing to ensure their security.

Thomas Hyrkiel2 min read
Regulation

BaFIN to intensify third-party supervision in 2025

August 11, 2025

The regulator continues to be concerned about outsourcing dependency and concentration risk and wants to obtain clarity on technology interconnectedness in the financial sector.

Thomas Hyrkiel2 min read
ESMA

Infringement procedures launched over delayed DORA transposition

April 1, 2025

Full implementation is vital for strengthening the EU's financial sector against increasing digital risks.

Jean Hurley1 min read
GRIP Extra

GRIP Extra: CFPB drops Zelle suit, Barclays suffers 3-day IT outage

March 7, 2025

Other news includes assistance from the SEC for filers using EDGAR, a probe into Nvidia shipments to Malaysia and another bank reviewing its approach to DEI.

GRIP1 min read
Conferences and events

Privacy experts give advice on complying with DORA and NIS2

March 7, 2025

Adequate preparation, identifying what and who is critical, and, above all, "practice, practice, practice" highlighted.

Martina Lindberg, Jean Hurley3 min read
Podcasts

Podcast: Practice and procedure with GRIP – DORA implementation

March 3, 2025

DORA is a response to persistently elevated cyber threat levels, Jean and Thomas discuss how firms can achieve operational resilience.

Jean Hurley, Thomas Hyrkiel23 min listen
ESMA

ESAs make progress on critical ICT third-party oversight framework

February 24, 2025

ICT providers designated critical under DORA will get six weeks to challenge the designation.

Jean Hurley1 min read
Regulation

EBA narrows existing ICT guidelines

February 17, 2025

DORA ICT risk management requirements apply to financial entities in their place.

Thomas Hyrkiel1 min read

Further Reading

EIOPA Final report on draft RTS