Source: OJ L, 2025/532, 2.7.2025
ENRecital 9
To identify risks means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; that could arise before a financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; enters into an arrangement with an ICT subcontractor, ICT third-party service providers means an undertaking providing ICT services; should assess, in appropriate and proportional way, the suitability of potential subcontractors on the basis of the ICT contractual arrangements that the ICT third-party service provider means an undertaking providing ICT services; concluded with the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations;. Those ICT contractual arrangements should therefore require the ICT third-party service provider means an undertaking providing ICT services;, or the financial entity means a natural or legal person created and recognised as such under the national law of its place of establishment, which may, acting under its own name, exercise rights and be subject to obligations; directly, as appropriate, assesses the resources of the potential subcontractor, including its expertise and whether it has the proper financial, human and technical resources, its information security, and its organisational structure, including the risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; management and internal controls that the subcontractor should have in place.