Harmonization of conduct activities

Preamble (Recitals 1 – 14)

Recitals

Chapter I (Articles 1 – 2)

Information to be provided by ICT third-party service providers in the application for a voluntary request to be designed as critical

Article 1

Information to be provided by ICT third-party service provider in the application for a voluntary request to be designated as critical

Article 2

Assessment of completeness of application

Chapter II (Articles 3 – 6)

Information from critical ICT third-party service providers to the lead overseer

Article 3

Content of information provided by critical ICT third-party service providers

Article 4

Information from critical ICT third-party providers after the issuance of recommendations

Article 5

Structure and format of information provided by critical ICT third-party service providers

Article 6

Information on subcontracting arrangements provided by critical ICT third-party service providers

Chapter III (Article 7)

Competent authorities’ assessment of the measures taken by critical ICT third-party service providers based on recommendations of the lead overseer

Article 7

Competent authorities’ assessment of the risks addressed in the recommendations of the Lead Overseer

Chapter IV (Article 8)

Final provisions

Article 8

Entry into force

Article 5Note: This article is based on the final draft from the ESAs and is not yet adopted. Structure and format of information provided by critical ICT third-party service providers

  1. The critical ICT third-party service providermeans an ICT third-party service provider designated as critical in accordance with Article 31; shall provide the requested information to the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; through the dedicated secure electronic channels indicated by the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; in its request.

  2. When providing information to the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation;, the critical ICT third-party providers shall:

    1. follow the structure indicated by the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; in its information request;

    2. clearly locate the relevant piece of information in the submitted documentation.

  3. Information submitted, disclosed or reported to the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; by the critical ICT third-party service providermeans an ICT third-party service provider designated as critical in accordance with Article 31; shall be in English.

Table of contents