Article 30: Key contractual provisions
Last updated: 1 authoritative sourceDORA Auditor Editorial Team
Article 30 specifies the mandatory contractual provisions for ICT service arrangements, including clear service descriptions, data location, access and audit rights, security requirements, sub-outsourcing conditions, and exit strategies.
Chapter V, Managing of ICT third-party risk · Pillar: ICT Third-Party Risk
Key points
- Lists mandatory ICT contract clauses
- Covers access, audit, security, and data location
- Requires exit strategies and sub-outsourcing controls
How this fits DORA
Article 30 sits within the ICT Third-Party Risk pillar. For the full set of obligations and how they interlock, see the DORA requirements overview.
Read the official text
This is an editorial summary. Read the binding text of Article 30 in the consolidated regulation on EUR-Lex.