Source: OJ L, 2024/2956, 2.12.2024Current language: EN
- Digital operational resilience in the financial sector
ICT third-party service providers
- ITS on register of information
Article 5 Content of the register of information
Summary What does Article 5 of the ITS on register of information say?
This article is the primary content specification for the register of information, directly implementing the obligation established in Article 3 to use the Annex I templates.
It catalogues the full range of information categories that financial entities must populate across those templates, covering everything from basic entity identification and contractual arrangements, through to supply chain mapping, function identification, and service assessments.
It also grants financial entities the discretion to include additional information beyond what is mandated, provided it serves their own risk or contract management purposes.
Important points:
- Populate the register of information with all prescribed categories of data, spanning entity details, contractual arrangements, ICT third-party service providers, supply chain structure, and assessments of services supporting critical or important functions.
- The register must also capture terminology and classification systems used when completing the templates.
- You may add supplementary information to the register beyond what is required, in whatever format best suits your risk or contract management needs.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Financial entities shall include in the register of information, in accordance with the instructions set out in Annex I, the following information:
general information on the financial entity maintaining and updating the register of information at entity, sub-consolidated and consolidated level, respectively, as specified in template B_01.01 of Annex I;
general information on the entities in the consolidation as specified in template B_01.02 of Annex I;
identification of the branches of financial entities located outside the home country listed in template B_01.02, where applicable, as specified in template B_01.03 of Annex I;
general information on the contractual arrangements as specified in template B_02.01 of Annex I;
specific information on the contractual arrangements as specified in template B_02.02 of Annex I;
information on the links between intra-group contractual arrangements and contractual arrangements with ICT third-party service providers which are not part of the group using the contractual reference numbers when part of the ICT service supply chain is intra-group as specified in template B_02.03 of Annex I;
information on the entities signing the contractual arrangements with the direct ICT third-party service providers for receiving ICT services or on behalf of the entities using the ICT services as specified in template B_03.01 of Annex I;
identification of the ICT third-party service providers signing the contractual arrangements for providing ICT services as specified in template B_03.02 of Annex I;
identification of the entities signing the contractual arrangements for providing ICT services to other entities in the consolidation as specified in template B_03.03 of Annex I;
information on the entities making use of the ICT services provided by the ICT third-party service providers as specified in template B_04.01 of Annex I;
information on the direct ICT third-party service providers and subcontractors, as specified in template B_05.01 of Annex I;
information on the ICT service supply chain, as specified in template B_05.02 of Annex I;
information on the identification of functions as specified in template B_06.01 of Annex I;
information on the assessment of the ICT services provided by ICT third-party service providers supporting a critical or important function or material parts thereof as specified in template B_07.01 of Annex I;
information on the terminology used by financial entities and the terms included in the closed lists and classification systems used when filling in the templates as specified in template B_99.01 of Annex I.
Where relevant for their risk management or contract management purposes, financial entities may include into the register of information additional information in the format that is most appropriate for the purposes of such additional information.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
ICT third-party service provider
Definition
subsidiary
Definition
group
Definition
ICT intra-group service provider
Definition
parent undertaking
Definition
ICT services
Definition
critical or important function
Definition
direct ICT third-party service provider
- a financial entity to provide its ICT services directly to that financial entity;
- a financial or a non-financial entity to provide its services to other financial entities within the same group;
Definition
ICT service supply chain