PPodcast

DORA requirements for IT procurement | ALLES LEGAL #101

0
Shares
0
0
0
0
0
0

🎧 Find out in a nutshell what requirements DORA places on IT service provider contracts – and how these can be implemented pragmatically. Listen now:

This podcast episode is about the new EU legal framework DORA (Digital Operational Resilience Act), which affects all regulated financial companies – from fintechs and payment service providers to major banks. DORA is the first binding regulation on how financial companies must strengthen their digital resilience.

In this episode of Alles Legal, Josefine Spengler, lawyer at Annerton, explains what financial companies will have to consider when purchasing IT services in the future. The Digital Operational Resilience Act (DORA) requires companies to systematically record, evaluate and monitor external ICT services – from cloud services and telecommunications to hardware provision.

In the latest episode, Josefine Spengler explains which external service providers fall under the term ‘third-party ICT providers’ and why this term is broader than many people assume. She highlights the minimum contractual requirements that will become mandatory under DORA, including provisions on data protection, audit rights, exit strategies and contingency plans.

You will also learn how existing contracts – even those with large tech providers such as hyperscalers – should be reviewed and adapted. Josefine Spengler explains why implementing the DORA requirements is not the sole responsibility of the legal department, but requires interdisciplinary cooperation.

Finally, she provides practical tips on how companies can find a structured approach to implementing DORA with a realistic risk analysis and clear prioritisation – even without perfect contracts.

The next episode will focus on what DORA means for the risk management of digital processes – stay tuned!

Test it now quickly and easily: How ready is your company for DORA?

🎯 Take advantage of Annerton’s free DORA self-test: In just a few minutes, you can check your individual DORA maturity and identify specific areas for action.

👉 Go to Annerton’s self-test

About this podcast

Alles Legal – Fintech Recht Kompakt delivers sharp, weekly insights into legal and compliance matters in the world of banking. (in German only)
This podcast is a collaboration between Payment & Banking and PayTechLaw.
Each Wednesday, we unpack the legal developments shaping the financial world – clearly, concisely, and without the legal jargon.
Since 2021, PayTechLaw authors and Annerton attorneys have brought depth and clarity to complex topics.
Whether it’s PSD3, DORA, or FiDA – we provide the legal context you need.
In 20 minutes. No detours.

0
0

Josefine Spengler is a lawyer and IT law specialist at Annerton's Berlin office. She has many years of in-house experience as Head of Legal and Data Protection Officer at a payment service provider. As an expert in the IT and FinTech segment, Josefine Spengler advises national and international clients on all issues at the interface between regulatory law and IT law as well as on compliance and AML issues. Josefine Spengler is a regular speaker at events on IT law and regulatory requirements for the IT of financial companies.



By continuing, you accept our privacy policy.
You May Also Like