Source: OJ L, 2025/299, 13.2.2025Current language: EN
- Markets in crypto-assets
Crypto-asset service provider
- RTS on continuity and regularity
Article 3 Business continuity policy
The business continuity policy referred to in Article 68(7) of Regulation (EU) 2023/1114 shall ensure that crypto-asset service providers properly address disruptive incidents or performance issues relating to the systems critical to the operation of their business functions and it shall be laid down in a durable medium.
Crypto-asset service providers shall include in the business continuity policy all of the following:
a specification of the scope of the business continuity policy, including its limitations and exclusions, to be covered by the business continuity plans, procedures, and measures;
a description of the criteria to activate the business continuity plans, including escalation procedures up to the level of the management body;
provisions on the governance and organisation of the crypto-asset service provider, including, the roles and responsibilities of the staff, ensuring that sufficient resources are available for the effective implementation of the policy;
provisions that ensure consistency between the business continuity plans and the ICT-business continuity plans, and ICT response and recovery plans referred to in Articles 24 and 26 of Delegated Regulation (EU) 2024/1774.
Relevant recitals
Recital 1 Complementary to DORA's requirements
Articles 11 and 12 of Regulation (EU) 2022/2554 of the European Parliament and of the Council(2)Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (OJ L 333, 27.12.2022, p. 1, ELI: http://data.europa.eu/eli/reg/2022/2554/oj). provide for requirements relating to response and recovery, backup policies and procedures, restoration and recovery procedures and methods concerning the ICT systems of financial entities, including crypto-asset services providers. Commission Delegated Regulation (EU) 2024/1774(3)Commission Delegated Regulation (EU) 2024/1774 of 13 March 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework (OJ L, 2024/1774, 25.6.2024, ELI: http://data.europa.eu/eli/reg_del/2024/1774/oj). further specifies components of the ICT business continuity policy, the testing of ICT business continuity plans, the components of the ICT response and recovery plans of financial entities, including crypto-asset service providers. This Regulation complements those provisions of Regulation (EU) 2022/2554 and of Delegated Regulation (EU) 2024/1774 with respect to continuity and regularity in the performance of the crypto-asset services.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
- providing custody and administration of crypto-assets on behalf of clients;
- operation of a trading platform for crypto-assets;
- exchange of crypto-assets for funds;
- exchange of crypto-assets for other crypto-assets;
- execution of orders for crypto-assets on behalf of clients;
- placing of crypto-assets;
- reception and transmission of orders for crypto-assets on behalf of clients;
- providing advice on crypto-assets;
- providing portfolio management on crypto-assets;
- providing transfer services for crypto-assets on behalf of clients;