Beta

Source: OJ L, 2025/1190, 18.6.2025

EN

Recital 2 Exclusions from the scope

Considering the complexity of the TLPT and the risks relating to it, its use should be restricted to those financial entities for which it is justified. Hence, authorities responsible for TLPT matters (TLPT authoritiesmeans any of the following:the single public authority in the financial sector designated in accordance with Article 26(9) of Regulation (EU) 2022/2554;the authority in the financial sector to which the exercise of some or all of the tasks in relation to TLPT is delegated in accordance with Article 26(10) of Regulation (EU) 2022/2554;any of the competent authorities referred to in Article 46 of Regulation (EU) 2022/2554;, either at Union or national level) should exclude from the scope of TLPT those financial entities that operate in core financial services subsectors for which a TLPT is not justified. That means that credit institutionsmeans a credit institution as defined in Article 4(1), point (1), of Regulation (EU) No 575/2013 of the European Parliament and of the Council(^32^);Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and amending Regulation (EU) No 648/2012 (OJ L 176, 27.6.2013, p. 1)., payment and electronic money institutionsmeans an electronic money institution as defined in Article 2, point (1), of Directive 2009/110/EC of the European Parliament and of the Council;, central security depositories, central counterpartiesmeans a central counterparty as defined in Article 2, point (1), of Regulation (EU) No 648/2012;, trading venuesmeans a trading venue as defined in Article 4(1), point (24), of Directive 2014/65/EU;, insurance and reinsurance undertakingsmeans a reinsurance undertaking as defined in Article 13, point (4), of Directive 2009/138/EC;, even though they meet the quantitative criteria, could be released from the requirement of TLPT in light of an overall assessment of their ICT riskmeans any reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment; profile and maturity, impact on the financial sector, and related financial stability concerns.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod