Question ID: 2989
Regulation Reference: (EU) 2022/2554 - Digital Operational Resilience Act (DORA)
Topic: Other DORA topics
Status: Rejected
Date of submission: 14 Feb 2024
Question
Is our understanding correct, that Article 30 II lit. a) concerning the permit to subcontracting only applies to ICT third party service providers who support critical or important functions of the financial entity itself?
Background of the question
Article 30 I lit a) contains the following wording: 2. The contractual arrangements on the use of ICT services shall include at least the following elements: (a) a clear and complete description of all functions and ICT services to be provided by the ICT third-party service provider, indicating whether subcontracting of an ICT service supporting a critical or important function, or material parts thereof, is permitted and, when that is the case, the conditions applying to such subcontracting.
EIOPA answer
The answer to the question can be found in the regulatory texts, the question is therefore rejected.