This DORA Mandatory Terms Addendum (“Addendum”) shall form part of and is hereby incorporated into the Software License and Services Agreement (hereafter referred to as the “Agreement”) entered into between Licensee and FireMon (together referred to as the “Parties”).
1. Introduction
1.1. The Digital and Operational Resilience Regulation (EU) 2022/2554 (“DORA”) is a new EU legislation entered into force on 16 January 2024 and will apply as of 17 January 2025. The legislation will affect the Agreement entered into between the Parties.
1.2. This Addendum is designed as an industry template designed by members of the proprietary trading industry to implement, within the Agreements, the mandatory contractual provisions required by DORA as well as the associated Regulatory Technical Standards (“RTS”) (together the “Mandatory Terms”).
1.3. This Addendum solely aims to include the Mandatory Terms into the Agreement. All other contractual provisions in the Agreement between the Parties will remain unaffected. Where there is any conflict between the terms of the Agreement and the terms of this Addendum, the terms of this Addendum shall take precedent.
1.4. Capitalised terms used but not defined in this Addendum, shall have the meaning given to them in DORA or the Agreement.
1.5. The Parties have mutually determined the Software and related support services being provided by FireMon in connection with the Agreement are not considered to include critical or important function(s) in accordance with Art 3 (22) of DORA.
1.6. These Mandatory Terms constitute a legally binding amendment to the Agreement which are required by the Licensee to comply with its, or its affiliates’, legal obligations. By continuing to service the Licensee, you confirm you accept the terms of these Mandatory Terms which shall, by continued course of dealings, be legally binding on both Parties.
2. Software Descriptions and Performance Monitoring
2.1. The Parties agree that:
2.1.1. the Agreement sets out the functionality, features, and related services (the “Software”) to be provided by FireMon to the Licensee.
2.1.2. the Software will be installed on Licensee’s premises. FireMon shall not store or process any personal or otherwise sensitive data, or non-personal data as required by DORA of Licensee (“Licensee Data”) in connection with the Software or related support services.
2.2. To the extent in the future, if any Licensee Data is transferred to FireMon by Licensee for the purposes of processing by FireMon, FireMon agrees to the following requirements for critical or important functions:
2.2.1. FireMon shall ensure the protection, availability, authenticity, integrity and confidentiality of Licensee Data, in accordance with all applicable laws and regulations (including data privacy laws and regulations).
2.2.2. in the event of insolvency, resolution or discontinuation of the business operations of FireMon, or in the event of the termination of the Agreement, FireMon will ensure proper access, recovery and return of all Licensee Data processed by FireMon, in an easily accessible format;
2.2.3. when an ICT-Related Incident occurs, related to the Software provided to the Licensee, FireMon undertakes to provide all reasonable assistance to the Licensee, at no additional cost or at a cost that is determined in advance;
2.2.4. in the event that the Licensee becomes subject to any type of enquiry or intervention by its competent authorities or resolution authorities, FireMon hereby undertakes to fully cooperate with such competent authorities and/or resolution authorities of the Licensee, including persons appointed by them;
2.2.5. FireMon will comply with any reasonable request to participate in the Licensee’s ICT security awareness programs and digital operational resilience training, where appropriate.
3. Termination
3.1. Notwithstanding the termination provisions contained in the Agreement, the Licensee may terminate the relevant Agreement with immediate effect in any of the following circumstances:
3.1.a. in the event that there is a significant breach by FireMon of any applicable laws and/or regulations or if there is a material breach of the terms of this Addendum;
3.1.b. in the event that certain circumstances have been identified, throughout the monitoring of the ICT third-party risk, which circumstances are deemed capable of altering the performance of the functions provided by FireMon in accordance with this Addendum, including material changes that may affect the arrangement with, or the situation of, FireMon;
3.1.c. FireMon’s evidenced weaknesses pertaining to its overall ICT risk management and in particular in the way it ensures the availability, authenticity, integrity and, confidentiality of Licensee Data, whether personal or otherwise sensitive data, or non-personal data as required by DORA; or
3.1.d. where the competent authority can no longer effectively supervise the Licensee, due to the conditions of, or circumstances related to, the respective contractual arrangement and/or Agreement.
3.2. When the Licensee’s is mandated by a competent authority or resolution authority to terminate any Agreement, such Agreement may be terminated by Licensee upon 90 days’ prior written notice unless a shorter notice period applies and/or is required by a competent authority or resolution authority.
4. Miscellaneous
4.1. The Agreement, it’s amendments, and this Addendum, constitute the entire agreement between the Parties.
4.2. Where a provision of DORA is superseded or invalidated by law or regulation including updates on the Contracting RTS and Subcontracting RTS, the Parties agree that such amendments will automatically apply to this Agreement, and will be deemed to be implemented into the Agreement. If such updates are consequential or deviate materially from the terms agreed to in this Addendum, the Parties shall negotiate in good faith to replace the affected provision with a provision which is in accordance with applicable law and regulations.
4.3. The laws governing the Agreement also govern the terms supplemented by way of this Addendum and the courts identified in the Agreement also have jurisdiction over the terms supplemented by way of this Addendum.
4.4. Each Party bears its own cost responsibilities and liabilities in respect of this Addendum and the implementation thereof.
