Company for development and maintenance of banking software has identified the following unclarities related to the EBA Guidelines on outsourcing arrangements (EBA/GL/2019/02) that were published by European Banking Authority (EBA) and for which we ask for clarification/interpretation:

1. Is custom software development, which is based on specifications and orders from a bank, and which covers thematic area or function that the bank defined as a critical function, considered as outsourcing (in terms of the referenced guidelines) when the act of development is performed on an occasional (not recurrent and not ongoing) basis?

2. Is regular custom software maintenance and support of software mentioned in the previous bullet point, which covers thematic area or function that the bank defined as a critical function, considered as outsourcing (in terms of the referenced guidelines) if the company providing the software maintenance and support service doesn’t have access to bank’s production environment or data from the production environment? IT department of the bank exclusively maintains their production environment, and only the bank has access to production environment data (first level support). The company offers second level support to the IT department, which consists of consultations for resolving more demanding problems, which are simulated in the test environment (without any access to the production environment).

3. In case any of the services mentioned in the previous bullet points are considered as outsourcing (in terms of the referenced guidelines), must the contract between the company and the bank implement all guidelines or only those that are relevant for the scope of cooperation between the company and the bank? Please confirm that there is no need for the contract to cover guidelines related to cloud services and outsourcing data processing services if the company does not offer cloud services nor processes any data of the bank.