The Digital Operational Resilience Act (Regulation (EU) 2022/2554, “DORA”) is an EU regulation ultimately effective as of 17 January 2025. It aims to strengthen the resilience, reliability, and continuity of financial services across the European Union. DORA is designed to ensure that organizations can withstand, respond to, and recover from cyber incidents and therefore aims to strengthen the resilience, reliability, and continuity of financial services throughout the European Union.
The purpose of this Initiative page is to answer frequently asked questions with respect to the relationship between customers (in their role as Financial Entity) and Eurex Clearing AG.
Effective date: 17 January 2025
Eurex Clearing AG (“ECAG”) is authorized, among other things, as central counterparty.
However, clearing is not provided as an IT platform or software solution service. The aforementioned clearing activities are subject to a regulatory authorization requirement and such activities are conducted by ECAG, but we do not offer clearing as PaaS, Saas, IaaS solutions enabling third-parties to become a CCP on their own. ECAG does not offer services conformant to the ICT Services mentioned in Annex III of Commission Implementing Technical Regulation 2024/2956 with respect to the operation of the clearing system. This core function is not to be considered as ICT Service.
Accordingly, we believe that customers will not be required to amend their existing contractual arrangements in this respect. We refer to the publications of Market Data & Services with respect to the implementation of DORA to the relevant market data products.
Please note that, as of now, the legal framework comprising the regulatory technical standards for DORA is not fully complete and yet to be finalized. In addition, the EU Commission announced to issue an administrative practice on the interpretation of ICT Services with a potential relevance for other services than the services mentioned above (such as the technical access to clearing services). We are closely monitoring the further development of the DORA legislation and the associated administrative practice – and are prepared to roll-out respective DORA appendices for contracts in scope, if needed. We, therefore, ask you to wait until the matter has been finally clarified and subsequently acknowledge that we will not be able to sign any individual contracts until then.
For clients of Eurex Clearing AG, your first point of contact should always be client.services@deutsche-boerse.com. As reference, please mention the market, your Member ID, and the Service you are referring too.
The Vendor Access Agreement is addressed to vendors. The services under the Vendor Access Agreement are not made available to financial entities. Therefore, the DORA requirements for ICT third-party service providers do not apply.
Due to high inquiry volumes, we cannot fill out individual questionnaires. Please refer to our website, customer portal, or industry sources like the commercial register or SWIFT Registry. To make this convenient to you, sources incl. download links are made available by email on request.
The RTS on subcontracting is currently only available in a draft version and does not constitute applicable law. According to our information, the draft version is currently being discussed (in particular by various companies and associations) and an exchange is taking place with the EU Commission. For this reason, it has been decided to implement DORA requirements only if they also constitute applicable law. Eurex Clearing AG will take the necessary measures for implementation as soon as the aforementioned RTS has been adopted and entered into force with binding effect.
It is one of our main goals to apply the highest security standards to protect our systems and ensure stable market and clearing environments. In order to assist our customers with their due diligence, we have already made a comprehensive catalogue available in our Member Section (under Resources > Compliance > Information Security). In addition, we are planning to make a DORA aligned control report for the year of 2025 available in early 2026.
It is one of our main goals to apply the highest security standards to protect our systems and ensure stable market and clearing environments. In order to assist our customers with their due diligence, we have already made a comprehensive catalogue available in our Member Section (under Resources > Compliance > Information Security). In addition, we are planning to make a DORA aligned control report for the year of 2025 available in early 2026.
Are you looking for information on a previous initiative? We have stored information about our previous initiatives in our Archive for you!
Contacts
Eurex Frankfurt AG
Key Account Management
Service times from 09:00 - 18:00 CET
