Beta

Source: OJ L, 2025/295, 13.2.2025

EN

Recital 7 Information sharing after issuing recommendations

Once the recommendations to a critical ICT third-party service providermeans an ICT third-party service provider designated as critical in accordance with Article 31; are issued by the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation;, and competent authorities have informed the relevant financial entities of the risks identified in that recommendations, the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; should monitor and assess the implementation by the critical ICT third-party service providermeans an ICT third-party service provider designated as critical in accordance with Article 31; of the actions and remedies to comply with the recommendations. Competent authorities should monitor and assess the extent to which the financial entities are exposed to the risks identified in these recommendations. With a view to maintain a level playing field while carrying out their respective tasks, particularly when the risks identified in the recommendations are severe and shared among a large number of financial entities in multiple Member States, both the competent authorities and the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; should share among each other any relevant findings which are necessary for them to carry out their respective tasks. The objective of the information sharing is to ensure that the feedback of the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; to the critical ICT third-party service providermeans an ICT third-party service provider designated as critical in accordance with Article 31; in relation to the actions and remedies the latter is implementing takes into account the impact on the risks of the financial entities, and that the supervisory activities performed by the competent authorities are informed by the assessment carried out by the Lead Overseermeans the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation;.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod