Recitals | RTS on continuity and regularity

Articles 11 and 12 of Regulation (EU) 2022/2554 of the European Parliament and of the Council(²)Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (OJ L 333, 27.12.2022, p. 1, ELI: http://data.europa.eu/eli/reg/2022/2554/oj). provide for requirements relating to response and recovery, backup policies and procedures, restoration and recovery procedures and methods concerning the ICT systems of financial entities, including crypto-asset services providersmeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59;. Commission Delegated Regulation (EU) 2024/1774(³)Commission Delegated Regulation (EU) 2024/1774 of 13 March 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework (OJ L, 2024/1774, 25.6.2024, ELI: http://data.europa.eu/eli/reg_del/2024/1774/oj). further specifies components of the ICT business continuity policy, the testing of ICT business continuity plans, the components of the ICT response and recovery plans of financial entities, including crypto-asset service providersmeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59;. This Regulation complements those provisions of Regulation (EU) 2022/2554 and of Delegated Regulation (EU) 2024/1774 with respect to continuity and regularity in the performance of the crypto-asset servicesmeans any of the following services and activities relating to any crypto-asset:providing custody and administration of crypto-assets on behalf of clients;operation of a trading platform for crypto-assets;exchange of crypto-assets for funds;exchange of crypto-assets for other crypto-assets;execution of orders for crypto-assets on behalf of clients;placing of crypto-assets;reception and transmission of orders for crypto-assets on behalf of clients;providing advice on crypto-assets;providing portfolio management on crypto-assets;providing transfer services for crypto-assets on behalf of clients;.

In providing their services, crypto-asset service providersmeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; may use a distributed ledgermeans an information repository that keeps records of transactions and that is shared across, and synchronised between, a set of DLT network nodes using a consensus mechanism; over which they have no control, including a permissionless distributed ledgermeans a specific type of distributed ledger in which no entity controls the distributed ledger and DLT network nodes can be set up by any person complying with the technical requirements and the protocols of that distributed ledger.. In that case, they may not be capable of ensuring the regularity and continuity of their services when disruptions are caused by problems that are inherent to the operation of such distributed ledgersmeans an information repository that keeps records of transactions and that is shared across, and synchronised between, a set of DLT network nodes using a consensus mechanism;. To mitigate market volatility that may have an adverse impact on clientsmeans any natural or legal person to whom a crypto-asset service provider provides crypto-asset services; affected by such disruptions, crypto-asset service providersmeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; should include in their business continuity policy measures for timely communication with clientsmeans any natural or legal person to whom a crypto-asset service provider provides crypto-asset services; and other external stakeholders. Such communication should include essential and timely information for clientsmeans any natural or legal person to whom a crypto-asset service provider provides crypto-asset services; on such disruptions, including ongoing status updates, until the disruption is resolved and services are resumed. Where information on the status of the permissionless distributed ledgermeans a specific type of distributed ledger in which no entity controls the distributed ledger and DLT network nodes can be set up by any person complying with the technical requirements and the protocols of that distributed ledger. responsible for a service disruption is not readily available to the crypto-asset service providermeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59;, that crypto-asset service providermeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; should communicate updates to clientsmeans any natural or legal person to whom a crypto-asset service provider provides crypto-asset services; and other stakeholders, including competent authoritiesmeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens;, on a best effort basis to ensure that clientsmeans any natural or legal person to whom a crypto-asset service provider provides crypto-asset services; and stakeholders have as comprehensive information as possible on such disruptions.

To avoid disproportionate administrative burden for small and medium-enterprises and start-ups, crypto-asset service providersmeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; should consider in their business continuity policy the scale, nature, and range of the services they provide. That means that crypto-asset service providersmeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; should determine their specific business continuity requirements on the basis of a robust self-assessment, based on a number of criteria that would enable them to implement a business continuity policy that is commensurate with the market impact of their services. The self-assessment should also take into account other circumstances beyond those listed in the Annex that may have an impact on the crypto-asset service providermeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59;.

This Regulation is based on the draft regulatory technical standards submitted to the Commission by the European Securities and Markets Authority.

The European Securities and Markets Authority has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the advice of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council(⁴)Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84, ELI: http://data.europa.eu/eli/reg/2010/1095/oj).,