Beta

Source: OJ L 333, 27.12.2022, p. 1–79

EN

Recital 10 Gaps and overlaps in ICT risk provisions

To date, due to the ICT risk means any reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment; related provisions being only partially addressed at Union level, there are gaps or overlaps in important areas, such as ICT-related incident means a single event or a series of linked events unplanned by the financial entity that compromises the security of the network and information systems, and have an adverse impact on the availability, authenticity, integrity or confidentiality of data, or on the services provided by the financial entity; reporting and digital operational resilience testingas defined in Article 24, and inconsistencies as a result of emerging divergent national rules or cost-ineffective application of overlapping rules. This is particularly detrimental for an ICT-intensive user such as the financial sector since technology risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; have no borders and the financial sector deploys its services on a wide cross-border basis within and outside the Union. Individual financial entitiesas defined in Article 2, points (a) to (t) operating on a cross-border basis or holding several authorisations (e.g. one financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; can have a banking, an investment firm means an investment firm as defined in Article 4(1), point (1), of Directive 2014/65/EU;, and a payment institution means a payment institution as defined in Article 4, point (4), of Directive (EU) 2015/2366; licence, each issued by a different competent authorityas defined in Article 46 in one or several Member States) face operational challenges in addressing ICT risk means any reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment; and mitigating adverse impacts of ICT incidents means an incident as defined in Article 6, point (6), of Directive (EU) 2022/2555; on their own and in a coherent cost-effective way.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod