1. A third-party provider, to whom reporting obligations have been outsourced, may aggregate the information about a major ICT-related incident impacting multiple financial entities in one single notification or report, and submit it to the competent authority for all impacted financial entities, provided that all of the following conditions are met:
a) the major incidents to be reported originate from or is being caused by a third-party provider;
b) this third-party provider provides the relevant ICT service to more than one financial entity, or to a group, in the Member State;
c) the incident is classified as major individually by each financial entity covered in the aggregated report,
d) the incident affects financial entities within a single Member State and the aggregated report relates to financial entities which are supervised by the same competent authority;
e) the financial entities affected by the incident have outsourced reporting obligations to a third-party provider in acc
…