The provisions of this Regulation relate to the area of the ICT riskmeans any reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment; management framework, by detailing specific elements applicable to the financial entitiesas defined in Article 2, points (a) to (t) in accordance with Article 15 of Regulation (EU) 2022/2554 and by designing the simplified ICT riskmeans any reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment; management framework for the financial entitiesas defined in Article 2, points (a) to (t) set out in Article 16(1) of that Regulation. To ensure coherence between the ordinary and the simplified ICT riskmeans any reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment; management framework, and considering that those provisions should become applicable at the same time, it is appropriate to include those provisions in a single legislative act.