Source: OJ L, 2024/1502, 30.5.2024
ENRecital 1 Designation procedure
To assess whether an ICT third-party service provider means an undertaking providing ICT services; is critical for financial entitiesas defined in Article 2, points (a) to (t), and taking into account the criteria set out in Article 31(2) of Regulation (EU) 2022/2554, the European Supervisory Authorities (ESAsEuropean Supervisory Authority) should use sub-criteria in a two-step approach assessment. Considering the important number of ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; and the diversity and number of financial institutions using those services, such a two-step approach should be undertaken to filter the population of ICT third-party service providers means an undertaking providing ICT services; and identify the most critical ICT third-party service providers means an ICT third-party service provider designated as critical in accordance with Article 31;. The quantitative sub-criteria that are to be considered as part of the first step of the assessment are necessary to carry out a first selection of the population of ICT third-party service providers means an undertaking providing ICT services; for which it is relevant to carry out a further in-depth analysis in light of the qualitative sub-criteria that are to be considered as part of the second step of the assessment.