ESMA_QA_2675

Status: ✅ Answer Published

Link to ESMA Q&A tool: https://www.esma.europa.eu/publications-data/questions-answers/2675

Regulatory Context

Regulation : DORA

Level 1 Regulation: Regulation (EU) 2022/2554 - The Digital Operational Resilience Act (DORA)

Level 2 Regulation: No information available

Level 3 Regulation: No information available

Topic: ICT third-party risk management

Subject Matter: Contractual agreement with ICT service providers

Question

Submission Date: 28 October 2025

Art. 30 (1) & (2) of DORA demand that financial institutions have signed contractual agreements with all their ICT service providers, in particular in Art. 30(2) &(3) the elements that shall be included in the contractual arrangements are listed.

Are ICT service providers permitted under DORA to charge the financial institutions “merely for signing” a DORA addendum or updated contractual arrangements in the framework of Art. 30, DORA?

ESMA Answer

Answer Date: 28-10-2025

No answer has been published yet for this question.

This document was automatically extracted from the ESMA EMIR Q&A database.

NOMOX

Explorer

ESMA_QA_2675

ESMA_QA_2675

Regulatory Context

Question

ESMA Answer

Table of Contents

Backlinks