Source: OJ L, 2025/532, 2.7.2025
ENRecital 11
To enable financial entitiesas defined in Article 2, points (a) to (t) to assess the risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; associated with subcontracting arrangements or material changes thereto, ICT third-party service providers means an undertaking providing ICT services; should inform the financial entitiesas defined in Article 2, points (a) to (t) to which they provide ICT services means digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; of all such new arrangements or changes well before such arrangements or changes start to apply. For the same reason, financial entitiesas defined in Article 2, points (a) to (t) should have the right to terminate the contract with the ICT third-party service provider means an undertaking providing ICT services; where the outcome of their risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; assessment shows that the new arrangements or material changes carry a level of risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; that exceed their risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; tolerance.