Article 3 Members of the joint examination team

---

The Lead Overseer means the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation; shall determine the number of members of the joint examination team and its composition in agreement with the Joint Oversight Network referred to in Article 34(1) of Regulation (EU) 2022/2554 and in consultation with the Oversight Foruma sub-committee of the Joint Committee for the purposes of supporting the work of the Joint Committee and of the Lead Overseer in the area of ICT third-party risk across financial sectors referred to in Article 32(1) of that Regulation.

1. the tasks included in the individual annual oversight plans drafted for each critical ICT third-party service provider means an ICT third-party service provider designated as critical in accordance with Article 31; overseen by the joint examination team;

2. the strategic objectives of the multi-annual oversight plan drafted for all critical ICT third-party service providers means an ICT third-party service provider designated as critical in accordance with Article 31; overseen by all the joint examination teams.

1. the envisaged level of intensity of oversight activities to be performed in relation to all critical ICT third-party service providers means an ICT third-party service provider designated as critical in accordance with Article 31;;

2. the size and complexity of the ICT third-party service provider means an undertaking providing ICT services; overseen by the joint examination team and by the ESAsEuropean Supervisory Authority as Lead Overseers means the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation;;

3. the specific individual oversight needs related to the specific critical ICT third-party service provider means an ICT third-party service provider designated as critical in accordance with Article 31;, as assessed by the Lead Overseer means the European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation;;

4. the stability of the composition of the joint examination team, ensuring a proper knowledge retention;

5. the necessary skills required for the execution of the tasks by the joint examination team, considering the technical and non-technical ICT knowledge requirements;

6. the Member States in which the critical ICT third-party service provider means an ICT third-party service provider designated as critical in accordance with Article 31; provides ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; supporting critical or important functions means a function, the disruption of which would materially impair the financial performance of a financial entity, or the soundness or continuity of its services and activities, or the discontinued, defective or failed performance of that function would materially impair the continuing compliance of a financial entity with the conditions and obligations of its authorisation, or with its other obligations under applicable financial services law; of the financial entitiesas defined in Article 2, points (a) to (t), and the competent authoritiesas defined in Article 46 which supervise the financial entitiesas defined in Article 2, points (a) to (t) making use of those services;

7. the different types, sizes, and numbers of financial entitiesas defined in Article 2, points (a) to (t) to which the critical ICT third-party service provider means an ICT third-party service provider designated as critical in accordance with Article 31; provides ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; supporting critical or important functions means a function, the disruption of which would materially impair the financial performance of a financial entity, or the soundness or continuity of its services and activities, or the discontinued, defective or failed performance of that function would materially impair the continuing compliance of a financial entity with the conditions and obligations of its authorisation, or with its other obligations under applicable financial services law;;

8. the competent authoritiesas defined in Article 46 which supervise the financial entitiesas defined in Article 2, points (a) to (t) that are the most dependent on the ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; provided by the critical ICT third-party service providers means an ICT third-party service provider designated as critical in accordance with Article 31;;

9. a proportionate cross-sectoral representation of the nominating authorities of the joint examination team.

When nominating members of the joint examination team, the authorities referred to in Article 40(2) of Regulation (EU) 2022/2554 shall consider at least points (c), (d), (e), (g) and (h) of paragraph 3.