The DORA (Digital Operational Resilience Act) regulation is an EU-wide regulation for digital operational stability in the financial sector. It was adopted in December 2022 and aims to make financial companies more resilient to IT disruptions and cyber attacks. It has been in force since January 19. DORA applies to all organizations in the financial sector, including banks, insurance companies, payment service providers and their IT service providers.
Third-party service providers
According to DORA, financial sector companies must oblige their own subcontractors (if they perform critical or important functions for the operation of their own services) to a prescribed security level.
In addition, third-party service providers of companies that provide critical services for operations must be committed to a similar level of security. Particularly relevant in this context are which service providers are in turn used by the third-party service provider and where the data of these service providers is stored.
Service Provider | Service | Data residency |
Amazon Web Services EMEA Sàrl 5 Rue Plaetis L-2338 Luxemburg | Hosting the software | Frankfurt, Germany |
Gini GmbH Lyonel-Feininger-Str. 28 80807 Munich | Recognition of relevant information from PDFs and scanned text documents | Munich, Germany |
Mailjet SAS 13-13 bis, rue de l’Aubrac, 75012 Paris, France | Sending notification emails | Frankfurt, Germany |
Google Cloud EMEA 70 Sir John Rogerson's Quay Dublin 2 Irland | Provision of automated document type differentiation | Dublin, Irelan |
DORA contract amendment & how do existing customers categorize Candis as a third-party service provider?
We accept contract amendments for the DORA, so far the categorization as a non-critical third-party service provider is most commonly used. If you need a contract amendment for the DORA guideline, just write to us in the support chat and we will take care of the conclusion of the contract amendment.