Beta

Source: OJ L, 2024/2956, 2.12.2024

EN

Recital 7 Direct ICT third-party service providers

A register of information should be maintained and updated by financial entitiesas defined in Article 2, points (a) to (t) including where a financial entity outsources all its activities to another entity, as the maintenance of the register of information contributes to the operational resilience of that financial entity. Therefore, where an entity is acting on behalf of a financial entity for all the activities of the financial entity (including the ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services;), the direct ICT third-party service providers means an undertaking providing ICT services; to that entity should be recorded in the relevant templates of the register of information of the financial entity. In such case, the entity is only registered as an entity maintaining the register.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod