Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The EU Digital Operational Resilience Act (DORA) defines a set of contractual requirements for those financial entities that are subject to the regulation. To help our Financial Services Industry (FSI) customers understand how Microsoft's contract stack satisfies these requirements, we've developed a comprehensive mapping document that links our contracts to the key contractual provisions outlined in DORA Article 30 and other material contractual requirements in DORA, including from the Regulatory Technical Standards on subcontracting (“RTS 53”). In addition, we've provided commentary for each mapping which describes how we at Microsoft address each of these requirements.
Contracts
Below is a list of the contracts linked to requirements in this mapping document. Some are existing contracts, but there's also the new DORA addendum for eligible financial entities which is designed specifically to address the remaining parts of the namesake regulation. The DORA addendum outlines, but isn't limited to:
- How Microsoft collaborates with material subcontractors (Important Providers).
- Our commitment to safeguarding your data in the specific terms of the regulation.
- Additional termination rights if you don't agree with a material change with an Important Provider.
- Provisions for monitoring and reporting, ensuring transparency and accountability throughout the service delivery process.
- Product terms
- Data Protection Amendment (DPA)
- Security and privacy terms
- Service level agreement for Microsoft Online Services
- Enterprise Agreement (that is, the document via which enterprise level customers purchase services)
- DORA Addendum
- Financial Services Agreement (FSA) (document(s) available to eligible financial services customers)
Microsoft's contract stack listed above is designed to provide financial entities with the tools and assurances they need to comply with DORA contractual requirements. To see the full detailed mapping document that links DORA requirements to each of these specific contracts, you can download it on Service Trust Portal.