General
(i)    ZTL acknowledges and agrees that it is solely responsible for complying with any Regulatory Requirements applicable to the Payment Solution and any Authorised User Data processed or generated in the Payment Solution. 
(ii)    Partner acknowledges and agrees that it is solely responsible for complying with any Regulatory Requirements applicable to the Software Solution and any Authorised User Data processed or generated in the Software Solution.

Financial Services Regulations (FSR)
(i)    ZTL shall have the overall responsibility for compliance with the Financial Services Regulations in relation to the provision of the Payment Solution to the End Clients.
(ii)    ZTL will be responsible for all necessary FSR-compliance tasks including carrying out the required strong customer authentication ("SCA"), know your customer ("KYC") and anti-money laundering ("AML") procedures. To the extent allowed by law, the Parties shall cooperate in order to further improve all aspects of FSR-compliance, including fraud detection procedures.
(iii)    ZTL will carry out the FSR-compliance functions and collect the necessary data in this regard itself or through the use of subcontractors, either directly in the Payment Solution, or by redirecting the End Client to the appropriate websites (e.g. the End Client's house bank's authentication portal of choice). 
(iv)    The Partner agrees to execute such instructions and implement such changes as are deemed necessary by ZTL to ensure that ZTL is able to provide the Payment Solution through the APIs with the Software Solution in compliance with the Financial Services Regulations and/or instructions from the Norwegian FSA at all times.

Personal Data
(i)    ZTL is responsible for compliance with the applicable Data Protection Law in connection with the processing of Personal Data in the Payment Solution.
(ii)    Partner is responsible for compliance with the applicable Data Protection Law in connection with the processing of Personal Data in the Software Solution.
(iii)    ZTL acts as a Personal Data controller (as defined under the Data Protection Law) with respect to the End Clients' use of ZTL's Payment Service. The End Clients will authorise the transfer of data from and to the Software Solution in connection with the End Client onboarding process.
(iv)    In connection with ZTLs provision of the Payment Service to the End Clients, the Partner will, on ZTL's behalf, handle the receipt of service requests and incident reports from End Clients concerning their use of Payment Solution and forward such requests and reports to ZTL's support team (as further described in Appendix 2). The Partner's handling of the receipt of End Client service requests and incident reports concerning the Payment Solution means the Partner will process certain Personal Data concerning the Authorized Users or other relations of the End Clients on ZTL's behalf. In this respect, the Partner will be acting as a Personal Data processor (as defined under the Data Protection Law) and shall enter into a separate data processor agreement with the End Clients. The parties have consequently entered into terms consistent with a data processing agreement as a part of this Agreement, included as Appendix 4 and Appendix 5 hereto. 
(v)    The parties agree that in case of conflict between the data processing agreement and any other contractual document entered into between ZTL and the Partner concerning the Partner's processing of Personal Data on behalf of ZTL, the provisions of the data processing agreement shall prevail.
(vi)    If the Partner is to provide ZTL with services and/or data not related to the Payment Service, the parties will need to enter into a separate Data Processing Agreement

IT Security
(i)    Both parties shall ensure that their respective solutions meet all regulatory security requirements and any additions reasonably required by the other part
(ii)    ZTL is responsible for ensuring the applicable information security requirements during the End Clients' transaction, while the Partner shall be responsible for ensuring the same before the transaction is initiated and after it is completed. 
(iii)    In order to ensure compliance with the applicable Financial Services Regulations, the Partner shall implement any reasonable changes to the Software Solution that ZTL deems necessary to ensure that the End Clients' use of the Payment Solution is in accordance with regulatory requirements and ZTL's information security policy.

Audits
(i)    The Partner and ZTL agrees to submit to, and within reasonable notice time participate in audits performed by an independent third party appointed by the other party, or any supervisory authority (including the Financial Supervisory Authority) to the extent necessary to fulfil each party's obligations pursuant to the Regulatory Requirements and/or demonstrate that the Payment Solution or the Software Solution is in accordance with the same. 

Changes due to the Regulatory Requirements
(i)    To the extent that changes in the Regulatory Requirements requires changes to the interfaces between the Payment Solution and the Software Solution, each party shall cover its own cost for such changes.