Source: OJ L, 2025/295, 13.2.2025
ENRecital 8 Risk assessments by competent authorities
To allow for an efficient and effective sharing of information, the competent authoritiesas defined in Article 46 should assess, as part of their supervisory activities, the extent to which the financial entitiesas defined in Article 2, points (a) to (t) supervised by them are exposed to the risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; identified in the recommendations. This assessment should be carried out in a proportionate and risk-based manner. The Lead Overseer means the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; should request the competent authoritiesas defined in Article 46 to share the results of this assessment in the specific cases when the risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; associated with the recommendations are severe and shared among a large number of financial entitiesas defined in Article 2, points (a) to (t) in multiple Member States. To make the best use of the resources of the competent authoritiesas defined in Article 46, when asking to provide the results of this assessment, the Lead Overseer means the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; should always take into account that the objective of these requests is to evaluate the implementation of actions and remedies of the critical ICT third-party service providers means an ICT third-party service provider designated as critical in accordance with Article 31;.