Article 30 lists important contractual terms that must be included in agreements between financial entities and ICT Providers to comply with DORA. The adoption of clear, detailed contract clauses is essential for effective risk management.
The list is divided into two parts, contractual clauses in Article 30.2 are applicable as a standard basis, such as including clear descriptions of services, and data protection measures. Article 30.3 details the additional requirements for contractual clauses supporting critical or important functions, such as full-service level descriptions, business contingency plans, audit rights and exit strategies.
Some of the mandatory elements to be addressed in all ICT services contracts include:
By embracing DORA your EU/ non-EU business benefits from streamlined contracts, improved risk management, and increased trust with financial clients. Also, as a result of building trust, both financial entities and ICT providers subsequently benefit from a strengthening their market position. With the financial industry constantly evolving, compliance with DORA will serve your business with a strategic opportunity to create a secure, and competitive digital financial environment.
Want advice on this topic? Reach out to Andrew Gordon.
The National Security and Investment Act 2021 came into force came into force on 4 January 2022 and introduced the first stand-alone regime for screening acquisitions and investments to protect UK national security.
On 19th November 2025, the European Commission announced proposed changes to the AI Act, following their commitment to a “clear, simple, and innovation-friendly implementation of the AI Act.”
What Are The EBA Outsourcing Guidlines? The European Banking Authority (EBA) Outsourcing Guidelines aims to…