Regulation (EU) No 600/2014 is amended as follows:
(1) Article 27g is amended as follows:
(a) paragraph 4 is replaced by the following:
'4. An APA shall comply with the requirements concerning the security of network and information systems set out in Regulation (EU) 2022/2554 of the European Parliament and of the Council [Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (OJ L 333, 27.12.2022, p. 1).].';
(b) in paragraph 8, point (c) is replaced by the following:
'(c) the concrete organisational requirements laid down in paragraphs 3 and 5.';
(2) Article 27h is amended as follows:
(a) paragraph 5 is replaced by the following:
'5. A CTP shall comply with the requirements concerning the security of network and information systems set out in Regulation (EU) 2022/2554.'.
…