General requirements for maintaining and updating the register of information


  1. Financial entitiesas defined in Article 2, points (a) to (t) that maintain and update the register of information shall ensure that:

    1. the register of information includes the required information in relation to all the ICT servicesdigital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services provided by direct ICT third-party providers; and

    2. the register of information includes information on all subcontractors that effectively underpin ICT servicesdigital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services supporting critical or important functionsa function the disruption of which would materially impair the financial performance of a financial entity, or the soundness or continuity of its services and activities, or the discontinued, defective or failed performance of that function would materially impair the continuing compliance of a financial entity with the conditions and obligations of its authorisation, or with its other obligations under applicable financial services law or material part thereof.

  2. Financial entitiesas defined in Article 2, points (a) to (t) shall ensure that the information contained in the register of information is accurate and consistent. To this end, financial entitiesas defined in Article 2, points (a) to (t) shall review the information contained in the register of information on a regular basis. Financial entitiesas defined in Article 2, points (a) to (t) shall promptly correct any errors or discrepancies detected. In case of groupsa group as defined in Article 2, point (11), of Directive 2013/34/EU, financial entitiesas defined in Article 2, points (a) to (t) responsible for maintaining and updating the register of information at sub- consolidated and consolidated level shall ensure that information in relation to entity level within the scope of consolidation is correct and consistent with the information at the sub-consolidated and consolidated level.

  3. Financial entitiesas defined in Article 2, points (a) to (t) shall maintain the information in the register of information in relation to contractual arrangements that are terminated for at least 5 years after the termination of the provision of the ICT servicesdigital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services. This requirement shall apply to the contractual arrangements in force from the date of application of Regulation (EU) 2022/2554.

  4. Financial entitiesas defined in Article 2, points (a) to (t) shall ensure that the information contained in the register adhere to the principles of data quality, i.e., accuracy, completeness, consistency, integrity, uniqueness, and validity.

  5. Financial entitiesas defined in Article 2, points (a) to (t) shall use a valid and active legal entity identifier (LEI) to identify all of their ICT third-party service providersan undertaking providing ICT services that are legal persons, except for individuals acting in a business capacity who chose not to obtain an LEI.

  6. When an ICT service provided by a direct ICT third-party service provideran undertaking providing ICT services is supporting a critical or important functiona function the disruption of which would materially impair the financial performance of a financial entity, or the soundness or continuity of its services and activities, or the discontinued, defective or failed performance of that function would materially impair the continuing compliance of a financial entity with the conditions and obligations of its authorisation, or with its other obligations under applicable financial services law of the financial entitiesas defined in Article 2, points (a) to (t), financial entitiesas defined in Article 2, points (a) to (t) shall ensure through the direct ICT third-party service provideran undertaking providing ICT services, that all the subcontractors included in the register of information according to paragraph (1) point b. of this Article, obtain and maintain a valid and active LEI except if these are individuals acting in a business capacity who chose not to obtain an LEI.