DORA Compliance

English

Deutsch

English

Deutsch

Appearance

RTS (EU) 2025/532 – Subcontracting

PropertyValue
NumberDelegated Regulation (EU) 2025/532
DORA ArticleArt. 30(5)
PillarP4 – Third-Party Risk
Adoption24.03.2025
Publication17.04.2025 (OJ), 02.07.2025 (correction)
Entry into force22.07.2025
EUR-LexLink

Background

The original draft was rejected by the EU Commission on 21.01.2025, as Art. 5 (monitoring of the subcontracting chain) exceeded the mandate under Art. 30(5) DORA. After removal of Art. 5 and the related recital, adoption took place on 24.03.2025.

Content

Specifies the requirements for financial entities when sub-outsourcing ICT services:

  • Due diligence before engaging subcontractors
  • Risk assessment of the subcontracting chain
  • Contractual conditions for sub-outsourcing
  • Approval and change processes
  • Termination procedures with transition arrangements

BAUER GROUP Relevance

If BAUER GROUP itself uses subcontractors (e.g. cloud providers, specialised developers), these must be disclosed in the subcontracting chain and the due diligence requirements must be met.

Documentation licensed under CC BY-NC 4.0 · Code licensed under MIT

© 2026 BAUER GROUP. Commercial use of the documentation is not permitted.

Documentation licensed under CC BY-NC 4.0 · Code licensed under MIT

© 2026 BAUER GROUP. Commercial use of the documentation is not permitted.