9.1 Within 10 working days following the adoption of the request for information to the critical ICT third-party service provider, the Lead Overseer should make available to the Joint Oversight Network and the competent authorities of the financial entities using ICT services provided by a critical ICT third-party service provider, the relevant scope of the request for information submitted to the critical ICT third-party service provider according to Articles 36(1) and 37(1) of the DORA.
9.2 The Lead Overseer should inform competent authorities of the financial entities using ICT services provided by a critical ICT third-party service provider of any:
- major incidents with direct or indirect impact on financial entities within the Union when reported by the critical ICT third-party service provider, including relevant details to determine the significance of the incident on financial entities and assess possible cross-border impacts; [See Article 3(2), letter l of Draft regulatory te
…