Article 30(2)(a) of Regulation (EU) 2022/2554 requires financial entities to include in contractual arrangements on the use of ICT services a clear and complete description of all functions and ICT services to be provided by the ICT third-party service provider, indicating whether subcontracting of an ICT service supporting critical or important functions, or material parts thereof, is permitted and, when that is the case, the conditions applying to such subcontracting. The ESAs are mandated to develop jointly draft regulatory technical standards to further specify the elements which a financial entity needs to determine and assess when subcontracting ICT services supporting critical or important functions.
In accordance with Regulation (EU) 2022/2554, this draft RTS sets out requirements when the use of subcontracted ICT services supporting critical or important functions or material parts thereof by ICT third-party service providers is permitted by financial entities and set out the
…