Beta

Source: OJ L, 2025/295, 13.2.2025

EN

Recital 7 Information sharing after issuing recommendations

Once the recommendations to a critical ICT third-party service provider means an ICT third-party service provider designated as critical in accordance with Article 31; are issued by the Lead Overseer means the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation;, and competent authoritiesas defined in Article 46 have informed the relevant financial entitiesas defined in Article 2, points (a) to (t) of the risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; identified in that recommendations, the Lead Overseer means the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; should monitor and assess the implementation by the critical ICT third-party service provider means an ICT third-party service provider designated as critical in accordance with Article 31; of the actions and remedies to comply with the recommendations. Competent authoritiesas defined in Article 46 should monitor and assess the extent to which the financial entitiesas defined in Article 2, points (a) to (t) are exposed to the risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; identified in these recommendations. With a view to maintain a level playing field while carrying out their respective tasks, particularly when the risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; identified in the recommendations are severe and shared among a large number of financial entitiesas defined in Article 2, points (a) to (t) in multiple Member States, both the competent authoritiesas defined in Article 46 and the Lead Overseer means the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; should share among each other any relevant findings which are necessary for them to carry out their respective tasks. The objective of the information sharing is to ensure that the feedback of the Lead Overseer means the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; to the critical ICT third-party service provider means an ICT third-party service provider designated as critical in accordance with Article 31; in relation to the actions and remedies the latter is implementing takes into account the impact on the risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; of the financial entitiesas defined in Article 2, points (a) to (t), and that the supervisory activities performed by the competent authoritiesas defined in Article 46 are informed by the assessment carried out by the Lead Overseer means the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation;.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod