Question ID
2024_6991
Legal act
Regulation (EU) No 2022/2554 (DORA Reg)
Topic
ICT third-party risk management
Article
28
Paragraph
3
COM Delegated or Implementing Acts/RTS/ITS/GLs/Recommendations
Not applicable
Article/Paragraph
Article 28, Paragraph 3
Type of submitter
Credit institution
Subject matter
Grace period for existing contractual arrangements in the register of information
Question

As stated in Regulation (EU) No 2022/2554 (DORA) Article 28, paragraph 3 - As part of their ICT risk management framework, financial entities shall maintain and update at entity level, and at sub-consolidated and consolidated levels, a register of information in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers. Is there a grace period for the existing contractual arrangements, or does all the information have to be collected and recorded in the register of information before the regulatory deadline in January 2025? 

Background on the question

This could be relevant to the companies with the large amount of contractual arrangements.

Submission date
Rejected publishing date
Rationale for rejection

This question has been rejected because the issue it deals with is already explained addressed in Article 64 of Regulation (EU) No 2022/2554 (DORA) and it is considered that EBA guidance or clarification is not needed with regard to the issue that it raises.

The Single Rule Book Q&A tool has been established to provide explanations and non-binding interpretations on questions relating to the practical application or implementation of the provisions of legislative acts referred to in Article 1(2) of the EBA’s founding Regulation, as well as associated delegated and implementing acts, and guidelines and recommendations, adopted under these legislative acts.

For further information on the purpose of this tool and on how to submit questions, please see “Additional background and guidance for asking questions”.

Status
Rejected question