You are here
Position paper - Response to the European Central Bank’s consultation on its Guide on outsourcing cloud services
The EU financial sector faces a complex regulatory environment for outsourcing and third-party risk management due to a number of overlapping frameworks, including the incoming Digital Operational Resilience Act (DORA). The European Central Bank (ECB)’s Guide on outsourcing cloud services to cloud service providers (Guide) adds another layer of overlapping requirements and goes beyond the underlying regulations, introducing more detailed and prescriptive expectations. To avoid undermining DORA’s harmonisation objectives and creating an increasingly convoluted regulatory environment, the ECB should revise the Guide to provide flexible and risk-based guidance, focusing on proportionate outcomes and ensuring consistency with the DORA level 1 text.