Articles 28–44 · 17 controls
| Control ID | Article | Description | EUR-Lex |
|---|---|---|---|
| DORA-Art28-P3 | Art. 28(3) | Financial entities shall, at entity level, and on a sub-consolidated and consolidated basis, maintain and update a regis… | Art. 28 |
| DORA-Art29-P1 | Art. 29(1) | Financial entities shall carry out a preliminary assessment of ICT concentration risk at entity level before entering in… | Art. 29 |
| DORA-Art30-P1 | Art. 30(1) | Contractual arrangements on the use of ICT services shall include at least the following elements: a clear and complete … | Art. 30 |
| DORA-Art31-P1 | Art. 31(1) | Financial entities shall assess the concentration risk arising from the use of ICT services provided by ICT third-party … | Art. 31 |
| DORA-Art32-P1 | Art. 32(1) | The ESAs shall, through the Joint Committee, develop common draft regulatory technical standards to further specify the … | Art. 32 |
| DORA-Art33-P1 | Art. 33(1) | The Lead Overseer shall assess whether each critical ICT third-party service provider has in place comprehensive, sound … | Art. 33 |
| DORA-Art34-P1 | Art. 34(1) | The Lead Overseer shall, on the basis of the assessment referred to in Article 33, adopt a clear, detailed and reasoned … | Art. 34 |
| DORA-Art35-P1 | Art. 35(1) | For the purpose of carrying out the duties laid down in this Section, the Lead Overseer shall have the powers to request… | Art. 35 |
| DORA-Art36-P1 | Art. 36(1) | The Lead Overseer may conduct general investigations of critical ICT third-party service providers, including examining … | Art. 36 |
| DORA-Art37-P1 | Art. 37(1) | For the purpose of carrying out its duties under this Regulation, the Lead Overseer shall have the power to conduct on-s… | Art. 37 |
| DORA-Art38-P1 | Art. 38(1) | The Lead Overseer shall, on the basis of all oversight activities conducted, adopt recommendations to be addressed to th… | Art. 38 |
| DORA-Art39-P1 | Art. 39(1) | Where a critical ICT third-party service provider does not comply with the recommendations addressed to it, the Lead Ove… | Art. 39 |
| DORA-Art40-P1 | Art. 40(1) | The Lead Overseer shall exercise its powers in close consultation with the Joint Oversight Network and shall report regu… | Art. 40 |
| DORA-Art41-P1 | Art. 41(1) | The competent authorities shall, in a timely manner, provide the Lead Overseer with any information relevant for the pur… | Art. 41 |
| DORA-Art42-P1 | Art. 42(1) | The ESAs shall, through the Joint Committee, establish an Oversight Forum to support the work of the Lead Overseers and … | Art. 42 |
| DORA-Art43-P1 | Art. 43(1) | The competent authorities shall duly take into account the oversight activities carried out by the Lead Overseer when as… | Art. 43 |
| DORA-Art44-P1 | Art. 44(1) | Financial entities shall have in place exit strategies for ICT services provided by ICT third-party service providers, t… | Art. 44 |