Beta

Source: OJ L, 2025/532, 2.7.2025

EN

Recital 9

To identify risks that could arise before a financial entity enters into an arrangement with an ICT subcontractor, ICT third-party service providers means an undertaking providing ICT services; should assess, in appropriate and proportional way, the suitability of potential subcontractors on the basis of the ICT contractual arrangements that the ICT third-party service provider means an undertaking providing ICT services; concluded with the financial entity. Those ICT contractual arrangements should therefore require the ICT third-party service provider means an undertaking providing ICT services;, or the financial entity directly, as appropriate, assesses the resources of the potential subcontractor, including its expertise and whether it has the proper financial, human and technical resources, its information security, and its organisational structure, including the risk management and internal controls that the subcontractor should have in place.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod