SaaS Agreements – DORA – ICT Supplier Obligations

SaaS suppliers obligations under the Digital Operational Resilience Act,(“DORA”), (Regulation (EU) 2022/2554 on digital operational resilience for the EU financial sector), are effective from the 17th of January 2025. From this date DORA provisions must be included in contracts entered into between financial services entities subject to DORA and their third party providers of ICT Services. As SaaS suppliers are third party providers of digital and data services on an ongoing basis they will be third party providers of ICT services if their SaaS customers are regulated by DORA. Both

Continue reading

SaaS Agreements – Terms and Conditions – Data Processing Agreement

Under the Data Protection Act 1998 (DPA) UK SaaS suppliers currently have limited obligations to SaaS customers when processing personal data as part of their SaaS services. However, from the 25th of May 2018 the General Data Protection Regulation (GDPR) will impose numerous new data processing obligations on SaaS suppliers. In particular, the obligation for SaaS suppliers to enter into a written data processing agreement with SaaS customers and sub-contractors.

Continue reading