Compliance Library Blog Product Sign In
EU-DORA-29-07 Risk Management 29 — Preliminary assessment of ICT concentration risk at entity level

Assess impact of subcontracting chains on monitoring and supervision

Description

Where contractual arrangements for ICT services supporting critical or important functions provide for subcontracting, financial entities must assess whether and how potentially long or complex...

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Sign In to View

Related Obligations

EU-DORA-29-01 Risk Management

Assess non-substitutable ICT provider risk
EU-DORA-29-02 Risk Management

Assess concentration risk from multiple arrangements
EU-DORA-29-03 Risk Management

Weigh benefits and costs of alternative solutions
EU-DORA-29-04 Risk Management

Assess subcontracting benefits and risks
EU-DORA-29-05 Risk Management

Consider insolvency law provisions and data recovery constraints
EU-DORA-29-06 Risk Management

Consider data protection compliance and law enforcement for third country providers

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Start your compliance assessment

Map obligations to your AI systems, identify gaps, and generate board-ready reports. Plans start at $149/mo.

Get Started