IddiLabs · Tools · Third-Party Contracts · Luxembourg

Contract Clause Gap Checker

Pick the regime that governs your arrangement and check the contract against it, clause by clause: every item carries its legal anchor, a severity, and the risk you run if it is missing. Mark each clause present, partial or missing, read the gap score, and export the analysis as an Excel gap register or a printable memo. Everything runs in your browser; nothing is stored or sent.

Browser-only No data leaves this page Clause-by-clause risk view Not legal advice
Which regime? Two clicks upstreamNot sure whether the arrangement sits under 22/806 or DORA? Qualify it first with the Regime Classifier, then come back with the answer.
01 · Pick the regime
02 · The checklist

Pick a regime above to load its clause set.

Sources & honesty notes
  • CSSF 22/806 (as amended by 25/883): the checklist mirrors point 77(a)–(q) — one mandatory content list for every written outsourcing agreement — plus the reinforced expectations for critical or important functions (points 80–82, 90, 102) and the universal ban on insolvency/resolution termination clauses (point 103, with the point 118 proportionality carve-out for non-critical ICT).
  • DORA: Article 30(2) baseline for all ICT services and Article 30(3) additions for ICT services supporting critical or important functions; read with Circular CSSF 25/882 for notification and Register of Information consequences.
  • EU AI Act: the Act contains no Article 30-style mandatory clause list. This checklist is derived: the contract outcomes that deployer and value-chain obligations force you to secure (Articles 13–15, 20, 25(4), 26, 27, 50, 73), with the Commission's voluntary MCC-AI model contractual clauses as the drafting reference. It is labelled as derived because presenting it as statutory would overclaim.
  • Severities and risk lines are an illustrative practitioner view, not a regulatory scale — recalibrate to your own risk taxonomy.

Informational tool — verify against the source texts before relying on the outcome. Circular CSSF 22/806: CSSF · DORA: Regulation (EU) 2022/2554 · EU AI Act: Regulation (EU) 2024/1689.