[LT-07]
DORA's ICT Vendor Obligations
The EU Digital Operational Resilience Act (DORA), effective January 2025, requires financial institutions — banks, insurance companies, investment firms, payment service providers — to implement rigorous ICT third-party risk management programs. Key requirements:
Mandatory contractual provisions (Article 30): DORA specifies mandatory clauses for contracts with ICT third-party service providers, including provisions for full access, inspection, and audit ri...