Search QAs

For the purposes of DORA Regulation, what category of enterprise should be a financial entity that is not a „small enterprise“ and employs more than 250 persons but has an annual turnover that does not exceed EUR 50 million and an annual balance sheet that does not exceed EUR 43 million? Interpretin…

Does Article 28(6) requires financial entity to obtain access, inspection and audit rights in relation to any ICT third party service providers, regardless of whether their services supporto critical or important functions?

Are financial entities permitted to determine more than one risk tolerance level of ICT risk?

We are specialized in providing collaboration solutions (Voip, Video and Chat) for public sector and banking sector within the EU. with the DORE regulation we have been approached by almost all of our customers seeking a new solution to satisfy the DORE requirements in regards to the data being gene…

Are you able to provide a legal definition or additional context for the interpretation of "ICT Service" and "ICT Service Provider"?

"For clarification, does the requirement for a 'separate and dedicated network for the administration of ICT assets' refer to a physically separate network, a logically segmented one ? Could you please clarify what is meant by 'administration of ICT assets' in the context , does this refer only to m…

I kindly request that you answer the following question as quickly as possible: Our client is a financial company that is the only financial company belonging to another group of companies. However, the group of companies is not a group of financial companies, but rather a group of non-financial com…

Expression for the validation rule v8821_m: with{tB_05.01, default:0, interval: false}: if({c0020} = [eba_qCO:qx2000]) then ( (match({c0030}, "^[A-Z0-9]{18}[0-9]{2}$"))) endif Question: The check on ‘Additional’ identification code (c0030) based on the type of the original identifier (c0020) looks i…

Request for clarification regarding the scope of the term "any planned contractual arrangements related to the use of ICT services supporting critical or important functions", as referenced in Article 28(3) of Regulation (EU) 2022/2554 (DORA). In particular, I would appreciate clarification on the f…