EU-DORA-29-05
Risk Management
29 — Preliminary assessment of ICT concentration risk at entity level
Consider insolvency law provisions and data recovery constraints
Description
Where contractual arrangements concern ICT services supporting critical or important functions, financial entities must duly consider the insolvency law provisions that would apply in the event of...
Full Analysis & Evidence Requirements
Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.
Sign In to ViewRelated Obligations
EU-DORA-29-01
Risk Management
Assess non-substitutable ICT provider risk
EU-DORA-29-02
Risk Management
Assess concentration risk from multiple arrangements
EU-DORA-29-03
Risk Management
Weigh benefits and costs of alternative solutions
EU-DORA-29-04
Risk Management
Assess subcontracting benefits and risks
EU-DORA-29-06
Risk Management
Consider data protection compliance and law enforcement for third country providers
EU-DORA-29-07
Risk Management
Assess impact of subcontracting chains on monitoring and supervision
Map this obligation to your AI systems
ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.
Get Started