Beta

Source: OJ L, 2024/2956, 2.12.2024

EN

Article 5 Content of the register of information

    1. Financial entitiesas defined in Article 2, points (a) to (t) shall include in the register of information, in accordance with the instructions set out in Annex I, the following information:

      1. general information on the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; maintaining and updating the register of information at entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;, sub-consolidated and consolidated level, respectively, as specified in template B_01.01 of Annex I;

      2. general information on the entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; in the consolidation as specified in template B_01.02 of Annex I;

      3. identification of the branches of financial entitiesas defined in Article 2, points (a) to (t) located outside the home country listed in template B_01.02, where applicable, as specified in template B_01.03 of Annex I;

      4. general information on the contractual arrangements as specified in template B_02.01 of Annex I;

      5. specific information on the contractual arrangements as specified in template B_02.02 of Annex I;

      6. information on the links between intra-group contractual arrangements and contractual arrangements with ICT third-party service providers means an undertaking providing ICT services; which are not part of the group means a group as defined in Article 2, point (11), of Directive 2013/34/EU; using the contractual reference numbers when part of the ICT service supply chain means a sequence of contractual arrangements connected with the ICT service being provided by the direct ICT third-party service provider to the financial entity, starting with the direct ICT third-party service provider which has one or multiple other ICT third-party service providers as counterparties (subcontractors); is intra-group as specified in template B_02.03 of Annex I;

      7. information on the entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; signing the contractual arrangements with the direct ICT third-party service providers means an ICT third-party service provider or ICT intra-group service provider that signed a contractual arrangement with: a financial entity to provide its ICT services directly to that financial entity; a financial or a non-financial entity to provide its services to other financial entities within the same group; for receiving ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; or on behalf of the entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; using the ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; as specified in template B_03.01 of Annex I;

      8. identification of the ICT third-party service providers means an undertaking providing ICT services; signing the contractual arrangements for providing ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; as specified in template B_03.02 of Annex I;

      9. identification of the entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; signing the contractual arrangements for providing ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; to other entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; in the consolidation as specified in template B_03.03 of Annex I;

      10. information on the entities means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; making use of the ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; provided by the ICT third-party service providers means an undertaking providing ICT services; as specified in template B_04.01 of Annex I;

      11. information on the direct ICT third-party service providers means an ICT third-party service provider or ICT intra-group service provider that signed a contractual arrangement with: a financial entity to provide its ICT services directly to that financial entity; a financial or a non-financial entity to provide its services to other financial entities within the same group; and subcontractors, as specified in template B_05.01 of Annex I;

      12. information on the ICT service supply chain means a sequence of contractual arrangements connected with the ICT service being provided by the direct ICT third-party service provider to the financial entity, starting with the direct ICT third-party service provider which has one or multiple other ICT third-party service providers as counterparties (subcontractors);, as specified in template B_05.02 of Annex I;

      13. information on the identification of functions as specified in template B_06.01 of Annex I;

      14. information on the assessment of the ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; provided by ICT third-party service providers means an undertaking providing ICT services; supporting a critical or important function means a function, the disruption of which would materially impair the financial performance of a financial entity, or the soundness or continuity of its services and activities, or the discontinued, defective or failed performance of that function would materially impair the continuing compliance of a financial entity with the conditions and obligations of its authorisation, or with its other obligations under applicable financial services law; or material parts thereof as specified in template B_07.01 of Annex I;

      15. information on the terminology used by financial entitiesas defined in Article 2, points (a) to (t) and the terms included in the closed lists and classification systems used when filling in the templates as specified in template B_99.01 of Annex I.

    1. Where relevant for their risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; management or contract management purposes, financial entitiesas defined in Article 2, points (a) to (t) may include into the register of information additional information in the format that is most appropriate for the purposes of such additional information.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod