EU-DORA-29-06
Risk Management
29 — Preliminary assessment of ICT concentration risk at entity level
Consider data protection compliance and law enforcement for third country providers
Description
Where contractual arrangements for ICT services supporting critical or important functions are concluded with an ICT third-party service provider established in a third country, financial entities...
Full Analysis & Evidence Requirements
Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.
Sign In to ViewRelated Obligations
EU-DORA-29-01
Risk Management
Assess non-substitutable ICT provider risk
EU-DORA-29-02
Risk Management
Assess concentration risk from multiple arrangements
EU-DORA-29-03
Risk Management
Weigh benefits and costs of alternative solutions
EU-DORA-29-04
Risk Management
Assess subcontracting benefits and risks
EU-DORA-29-05
Risk Management
Consider insolvency law provisions and data recovery constraints
EU-DORA-29-07
Risk Management
Assess impact of subcontracting chains on monitoring and supervision
Map this obligation to your AI systems
ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.
Get Started