Guideline 5: Information for the criticality assessment to be submitted by competent authorities to the Oversight Forum

5.1 For the purposes of designating the ICT third-party service providers that are critical for financial entities in accordance with Article 31(1)(a) [Article 31(1)(a): The ESAs, through the Joint Committee and upon recommendation from the Oversight Forum established pursuant to Article 32(1), shall designate the ICT third-party service providers that are critical for financial entities, following an assessment that takes into account the criteria specified in paragraph 2.], without undue delay following the receipt of the register of information referred to in Article 28(3), competent authorities should transmit the full register of information [Article 28(3): As part of their ICT risk management framework, financial entities shall maintain and update at entity level, and at sub-consolidated and consolidated levels, a register of information in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers… Article 31(10): For the

…