Article 6 Material changes to subcontracting arrangements of ICT service supporting critical or important functions

In case of any material changes to the subcontracting arrangements regarding ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; supporting critical or important functions means a function, the disruption of which would materially impair the financial performance of a financial entity, or the soundness or continuity of its services and activities, or the discontinued, defective or failed performance of that function would materially impair the continuing compliance of a financial entity with the conditions and obligations of its authorisation, or with its other obligations under applicable financial services law; or material parts thereof, the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; shall ensure, through the ICT contractual arrangement with its ICT third-party service provider means an undertaking providing ICT services;, that it is informed with a notice period sufficient to assess the impact on the risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; it is or might be exposed to, as well as whether such changes might affect the ability of the ICT third-party service provider means an undertaking providing ICT services; to meet its obligations under the contractual agreement as referred to under Article 4, and with regard to changes considering the elements of increased or reduced complexity listed in Article 1.

The financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; shall require that the ICT third-party service provider means an undertaking providing ICT services; implements the material changes only after the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; has either approved or not objected to the changes by the end of the notice period.

If the risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; assessment referred to in paragraph 1) finds that the planned subcontracting or changes to subcontracting by the ICT third-party service provider means an undertaking providing ICT services; exceeds the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;’s risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; tolerance, the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; shall, before the end of the notice period: