Beta

Source: OJ L 333, 27.12.2022, p. 1–79

EN

Recital 63 Wide range of ICT third-party service providers

To address the complexity of the various sources of ICT risk means any reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment;, while taking into account the multitude and diversity of providers of technological solutions which enable a smooth provision of financial services, this Regulation should cover a wide range of ICT third-party service providers means an undertaking providing ICT services;, including providers of cloud computing services means a digital service that enables on-demand administration and broad remote access to a scalable and elastic pool of shareable computing resources, including where such resources are distributed across several locations;, software means the part of an electronic information system which consists of computer code;, data analytics services and providers of data centre services means a service that encompasses structures, or groups of structures, dedicated to the centralised accommodation, interconnection and operation of IT and network equipment providing data storage, processing and transport services together with all the facilities and infrastructures for power distribution and environmental control;. Similarly, since financial entitiesas defined in Article 2, points (a) to (t) should effectively and coherently identify and manage all types of risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident;, including in the context of ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; procured within a financial group means a group as defined in Article 2, point (11), of Directive 2013/34/EU;, it should be clarified that undertakings which are part of a financial group means a group as defined in Article 2, point (11), of Directive 2013/34/EU; and provide ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; predominantly to their parent undertaking means a parent undertaking within the meaning of Article 2, point (9), and Article 22 of Directive 2013/34/EU;, or to subsidiaries means a subsidiary undertaking within the meaning of Article 2, point (10), and Article 22 of Directive 2013/34/EU; or branches of their parent undertaking means a parent undertaking within the meaning of Article 2, point (9), and Article 22 of Directive 2013/34/EU;, as well as financial entitiesas defined in Article 2, points (a) to (t) providing ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; to other financial entitiesas defined in Article 2, points (a) to (t), should also be considered as ICT third-party service providers means an undertaking providing ICT services; under this Regulation. Lastly, in light of the evolving payment services market becoming increasingly dependent on complex technical solutions, and in view of emerging types of payment services and payment-related solutions, participants in the payment services ecosystem, providing payment-processing activities, or operating payment infrastructures, should also be considered to be ICT third-party service providers means an undertaking providing ICT services; under this Regulation, with the exception of central banks when operating payment or securities settlement systems, and public authorities means any government or other public administration entity, including national central banks. when providing ICT related services in the context of fulfilling State functions.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod