1. The EBA shall develop draft regulatory technical standards which shall specify:
(a) the requirements of strong customer authentication as referred to in Article 85;
(b) the exemptions from the application of Article 85(1), (8) and (9), based on the criteria laid down in Article 85(11);
(c) the requirements with which security measures have to comply, in accordance with Article 85(10) in order to protect the confidentiality and the integrity of the payment service users' personalised security credentials;
(d) the requirements applicable, in accordance with Article 87, to the outsourcing agreements between the payers’ payments service providers and technical service providers concerning the provision and verification of the elements of strong customer authentication by technical service providers; When doing so, the EBA shall take into account its existing guidelines on outsourcing arrangements.
(e) the requirements under Title III, Chapter 3 for common and secure open standards of
…