Source: OJ L, 2024/2956, 2.12.2024Current language: EN
- Digital operational resilience in the financial sector
ICT third-party service providers
- ITS on register of information
Article 1 Definitions
Summary What does Article 1 of the ITS on register of information say?
This is a definitions article, establishing the precise meaning of three key terms used throughout the regulation.
It lays the conceptual groundwork for understanding how ICT third-party relationships are structured and categorised, particularly in the context of maintaining the register of information required under DORA.
The three terms defined — direct ICT third-party service provider, ICT service supply chain, and rank — are foundational to the obligations set out in the subsequent articles.
Important points:
- Understand that a "direct ICT third-party service provider" is the provider that has a contractual arrangement directly with the financial entity or with another entity on behalf of the group.
- The "ICT service supply chain" captures the full sequence of contractual arrangements flowing from that direct provider down through any subcontractors.
- "Rank" denotes where a given ICT third-party service provider sits within that supply chain, a concept that is operationalised further in Article 2.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
For the purposes of this Regulation, the following definitions apply:
‘direct ICT third-party service provider’ means an ICT third-party service provider or ICT intra-group service provider that signed a contractual arrangement with:
a financial entity to provide its ICT services directly to that financial entity;
a financial or a non-financial entity to provide its services to other financial entities within the same group;
‘ICT service supply chain’ means a sequence of contractual arrangements connected with the ICT service being provided by the direct ICT third-party service provider to the financial entity, starting with the direct ICT third-party service provider which has one or multiple other ICT third-party service providers as counterparties (subcontractors);
‘rank’ means the position of an ICT third-party service provider in the ICT service supply chain.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
ICT third-party service provider
Definition
subsidiary
Definition
group
Definition
ICT intra-group service provider
Definition
parent undertaking
Definition
ICT services
Definition
rank
Definition
direct ICT third-party service provider
- a financial entity to provide its ICT services directly to that financial entity;
- a financial or a non-financial entity to provide its services to other financial entities within the same group;
Definition
ICT service supply chain