Source: OJ L 333, 27.12.2022, p. 80–152
Recital 91 Identification of critical supply chains
The coordinated security riskmeans the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; assessments of critical supply chains, in light of the features of the sector concerned, should take into account both technical and, where relevant, non-technical factors including those defined in Recommendation (EU) 2019/534, in the EU coordinated riskmeans the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; assessment of the cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; of 5G networks and in the EU Toolbox on 5G cybersecuritymeans cybersecurity as defined in Article 2, point (1), of Regulation (EU) 2019/881; agreed by the Cooperation Group. To identify the supply chains that should be subject to a coordinated security riskmeans the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; assessment, the following criteria should be taken into account: (i) the extent to which essential and important entitiesmeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; use and rely on specific critical ICT servicesmeans an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881;, ICT systems or ICT productsmeans an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881;; (ii) the relevance of specific critical ICT servicesmeans an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881;, ICT systems or ICT productsmeans an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; for performing critical or sensitive functions, including the processing of personal data; (iii) the availability of alternative ICT servicesmeans an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881;, ICT systems or ICT productsmeans an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881;; (iv) the resilience of the overall supply chain of ICT servicesmeans an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881;, ICT systems or ICT productsmeans an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; throughout their lifecycle against disruptive events; and (v) for emerging ICT servicesmeans an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881;, ICT systems or ICT productsmeans an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881;, their potential future significance for the entitiesmeans a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;’ activities. Furthermore, particular emphasis should be placed on ICT servicesmeans an ICT service as defined in Article 2, point (13), of Regulation (EU) 2019/881;, ICT systems or ICT productsmeans an ICT product as defined in Article 2, point (12), of Regulation (EU) 2019/881; that are subject to specific requirements stemming from third countries.