Harmonization of conduct activities

Preamble (Recitals 1 – 14)

Recitals

Chapter I (Articles 1 – 2)

Information to be provided by ICT third-party service providers in the application for a voluntary request to be designed as critical

Article 1

Information to be provided by ICT third-party service provider in the application for a voluntary request to be designated as critical

Article 2

Assessment of completeness of application

Chapter II (Articles 3 – 6)

Information from critical ICT third-party service providers to the lead overseer

Article 3

Content of information provided by critical ICT third-party service providers

Article 4

Information from critical ICT third-party providers after the issuance of recommendations

Article 5

Structure and format of information provided by critical ICT third-party service providers

Article 6

Information on subcontracting arrangements provided by critical ICT third-party service providers

Chapter III (Article 7)

Competent authorities’ assessment of the measures taken by critical ICT third-party service providers based on recommendations of the lead overseer

Article 7

Competent authorities’ assessment of the risks addressed in the recommendations of the Lead Overseer

Chapter IV (Article 8)

Final provisions

Article 8

Entry into force

Recital 2

Considering that Article 31(11) of Regulation (EU) 2022/2554 grants a limited time period of 6 months from the receipt of the application, it is crucial that the European Banking Authority, European Insurance and Occupational Pensions Authority, and European Securities and Markets Authority (collectively European Supervisory Authorities or ESAsEuropean Supervisory Authority), receive a voluntary request to be designated as critical from a ICT third-party service providermeans an undertaking providing ICT services;, that is complete. In case the application submitted is not complete, the relevant ESAEuropean Supervisory Authority should reject the application and request the missing information.
Table of contents