Designation mechanism for critical ICT third-party providers


The Oversight Framework should apply only to critical ICT third-party service providersmeans an ICT third-party service provider designated as critical in accordance with Article 31;. There should therefore be a designation mechanism to take into account the dimension and nature of the financial sector’s reliance on such ICT third-party service providersmeans an undertaking providing ICT services;. That mechanism should involve a set of quantitative and qualitative criteria to set the criticality parameters as a basis for inclusion in the Oversight Framework. In order to ensure the accuracy of that assessment, and regardless of the corporate structure of the ICT third-party service providermeans an undertaking providing ICT services;, such criteria should, in the case of a ICT third-party service providermeans an undertaking providing ICT services; that is part of a wider groupmeans a group as defined in Article 2, point (11), of Directive 2013/34/EU;, take into consideration the entire ICT third-party service provider’s groupmeans a group as defined in Article 2, point (11), of Directive 2013/34/EU; structure. On the one hand, critical ICT third-party service providersmeans an ICT third-party service provider designated as critical in accordance with Article 31;, which are not automatically designated by virtue of the application of those criteria, should have the possibility to opt in to the Oversight Framework on a voluntary basis, on the other hand, ICT third-party service providersmeans an undertaking providing ICT services;, that are already subject to oversight mechanism frameworks supporting the fulfilment of the tasks of the European System of Central Banks as referred to in Article 127(2) TFEU, should be exempted.