Source: OJ L, 2025/295, 13.2.2025

Current language: EN

Article 4 Structure and format of information provided by critical ICT third-party service providers


Summary What does Article 4 of the RTS on harmonisation for oversight conduct say?

This article sets out the practical requirements for how critical ICT third-party service providers must submit information to the Lead Overseer.

Rather than addressing what information must be provided (covered in Article 2), this article governs the manner and format of that submission, ensuring the Lead Overseer retains control over how information is delivered and organised.

Important points:

  • Submit all requested information through the secure electronic channels specified by the Lead Overseer, in the form it prescribes.
  • Follow the structure set by the Lead Overseer in its request and clearly locate the relevant information within the submitted documentation.
  • All information submitted to the Lead Overseer must be in a language customary in the sphere of international finance.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. The critical ICT third-party service provider shall provide the requested information to the Lead Overseer through the dedicated secure electronic channels indicated by the Lead Overseer in its request and in the form set out by the Lead Overseer.

    1. When providing information to the Lead Overseer, the critical ICT third-party service providers shall:

      1. follow the structure indicated by the Lead Overseer in its information request;

      2. clearly locate the relevant piece of information in the submitted documentation.

    1. Information submitted, disclosed or reported to the Lead Overseer by the critical ICT third-party service provider shall be in a language customary in the sphere of international finance.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod