The European Banking Authority (EBA) today launched a public consultation on the draft Guidelines on the sound management of third-party risk. The draft Guidelines focus on third-party arrangements in relation to non-ICT related services provided by third-party service providers and their subcontractors with a particular focus on the provision of critical or important functions.
These Guidelines revise and update the previous EBA Guidelines on outsourcing, published in 2019, in line with the Digital Operational Resilience Act (DORA). The consultation runs until 8 October 2025.