Source: OJ L, 2025/420, 24.3.2025

Current language: EN

Article 3 Members of the joint examination team


Summary What does Article 3 of the RTS on joint examination teams say?

This article sets out how the Lead Overseer determines the size and composition of a joint examination team, a process that must be agreed with the Joint Oversight Network and conducted in consultation with the Oversight Forum.

It builds directly on Article 2, which establishes the joint examination team, by now specifying the criteria that govern how that team is actually sized and staffed.

The Lead Overseer must weigh a broad range of factors, from the scale and complexity of the critical ICT third-party service provider being overseen, to the geographic spread of its services, the types of financial entities relying on it, and the skills needed within the team.

Nominating authorities are also bound by a subset of these same criteria when putting forward their candidates.

Important points:

  • The Lead Overseer is responsible for determining the number and composition of joint examination team members, taking into account oversight intensity, provider complexity, required skills, and cross-sectoral representation.
  • Nominating authorities, when putting forward candidates, must consider a defined subset of those criteria, specifically individual oversight needs, team stability, required skills, the financial entities served, and the most dependent financial entities' competent authorities.
  • The composition must be reviewed not only at the point of establishment but also on an ongoing basis as circumstances evolve.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. The Lead Overseer shall determine the number of members of the joint examination team and its composition in agreement with the Joint Oversight Network referred to in Article 34(1) of Regulation (EU) 2022/2554 and in consultation with the Oversight Forum referred to in Article 32(1) of that Regulation.

    1. The Lead Overseer shall determine that number as part of the process of the establishment of the joint examination team, and as required over time, taking into account:

      1. the tasks included in the individual annual oversight plans drafted for each critical ICT third-party service provider overseen by the joint examination team;

      2. the strategic objectives of the multi-annual oversight plan drafted for all critical ICT third-party service providers overseen by all the joint examination teams.

    1. To determine the number and the composition of members in the joint examination team, the Lead Overseer shall consider at least all of the following:

      1. the envisaged level of intensity of oversight activities to be performed in relation to all critical ICT third-party service providers;

      2. the size and complexity of the ICT third-party service provider overseen by the joint examination team and by the ESAs as Lead Overseers;

      3. the specific individual oversight needs related to the specific critical ICT third-party service provider, as assessed by the Lead Overseer;

      4. the stability of the composition of the joint examination team, ensuring a proper knowledge retention;

      5. the necessary skills required for the execution of the tasks by the joint examination team, considering the technical and non-technical ICT knowledge requirements;

      6. the Member States in which the critical ICT third-party service provider provides ICT services supporting critical or important functions of the financial entities, and the competent authorities which supervise the financial entities making use of those services;

      7. the different types, sizes, and numbers of financial entities to which the critical ICT third-party service provider provides ICT services supporting critical or important functions;

      8. the competent authorities which supervise the financial entities that are the most dependent on the ICT services provided by the critical ICT third-party service providers;

      9. a proportionate cross-sectoral representation of the nominating authorities of the joint examination team.

    1. When nominating members of the joint examination team, the authorities referred to in Article 40(2) of Regulation (EU) 2022/2554 shall consider at least points (c), (d), (e), (g) and (h) of paragraph 3.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod