Art 30 - Key contractual provisions

Article 30 of the Digital Operational Resilience Act sets out the mandatory contractual clauses that financial entities must include in agreements with ICT service providers. It requires clear allocation of responsibilities for security, continuity, risk management, reporting, audit rights and termination conditions, ensuring that the provider's obligations support the entity's overall operational resilience and regulatory compliance.