Initiatives & Releases

Readiness for projects

Digital Operational Resilience Act (DORA)

The Digital Operational Resilience Act (Regulation (EU) 2022/2554, “DORA”) is an EU regulation ultimately effective as of 17 January 2025. It aims to strengthen the resilience, reliability, and continuity of financial services across the European Union. DORA is designed to ensure that organizations can withstand, respond to, and recover from cyber incidents and therefore aims to strengthen the resilience, reliability, and continuity of financial services throughout the European Union.       

The purpose of this Initiative page is to answer frequently asked questions with respect to the relationship between customers (in their role as Financial Entity) and Eurex Clearing AG.


Effective date: 17 January 2025

DORA













Circulars

FAQ

  • Definition: DORA defines an ICT Service as digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis (Art. 3(21) DORA).
  • Requirements: ICT Services provided by ICT third-party service providers to Financial Entities must comply with Art. 30 DORA.
  • Examples: Annex III of the Commission Implementing Technical Regulation 2024/2956 (the “ITS”) provides examples of ICT Services, focusing on the information needed for the register as per Art. 28(3) DORA.
  • Clarification: The European Commission has provided additional guidance on how to determine whether a service received from a financial entity should be classified as an ‘ICT Service’ within the meaning of DORA (the “EU COM Guidance”, cp. 2999 - DORA030 - EIOPA).

Eurex Clearing AG (“ECAG”) is authorized, among other things, as central counterparty.

In accordance with the EU COM Guidance, ECAG does not consider the core services (such as the operation of a clearing system) to be ICT services within the meaning of DORA.

Additionally, in accordance with the EU COM Guidance, ECAG considers its services providing connectivity to its clearing services not to be ICT services within the meaning of DORA.

Accordingly, we consider it not necessary to amend existing contractual arrangements in this respect.

We are closely monitoring the further development of the DORA legislation and the associated administrative practice. 

For clients of Eurex Clearing AG, your first point of contact is client.services@deutsche-boerse.com. As reference, please mention the market, your Member ID, and the Service you are referring too.

The Vendor Access Agreement is addressed to vendors. The services under the Vendor Access Agreement are not made available to financial entities. Therefore, the DORA requirements for ICT third-party service providers do not apply.

Due to high inquiry volumes, we cannot fill out individual questionnaires. Please refer to our website, customer portal, or industry sources like the commercial register or SWIFT Registry. To make this convenient to you, sources incl. download links are made available by e-mail on request.

It is one of our main goals to apply the highest security standards to protect our systems and ensure stable market and clearing environments. In order to assist our customers with their due diligence, we have already made a comprehensive catalogue available in our Member Section (under Resources > Compliance > Information Security). 



 

Eurex Initiatives Lifecycle

From the announcement till the rollout, all phases of the Eurex initiatives outlined on one page! Get an overview here and find other useful resources.

Are you looking for information on a previous initiative? We have stored information about our previous initiatives in our Archive for you!

Contacts

Eurex Frankfurt AG
Key Account Management

Service times from 09:00 - 18:00 CET

client.services@eurex.com