1. As part of their supervision of financial entities, competent authorities shall assess the impact of the measures taken by critical ICT third-party service providers based on the recommendations of the Lead Overseer. This assessment shall reflect a risk-based approach and the principle of proportionality.
2. When conducting the assessment referred to in paragraph 1, competent authorities shall take into account all of the following:
a. the adequacy and the coherence of the remediation measures implemented by the financial entities under their remit to mitigate those risks, if any;
b. the assessment made by the Lead Overseer of the compliance with the measures and actions included in the remediation plan by the critical ICT third-party service provider where it has impacts on the exposure of the financial entities under their remit to the risks identified in the recommendations;
c. the view of competent authorities designated or established in accordance with Directive (EU) 2022/2555
…