Recital 100

Implementing technical standards


To facilitate the comparability of reports on major ICT-related incidentsan ICT-related incident that has a high adverse impact on the network and information systems that support critical or important functions of the financial entity and major operational or security payment-related incidentsa single event or a series of linked events unplanned by the financial entities referred to in Article 2(1), points (a) to (d), whether ICT-related or not, that has an adverse impact on the availability, authenticity, integrity or confidentiality of payment-related data, or on the payment-related services provided by the financial entity, as well as to ensure transparency regarding contractual arrangements for the use of ICT servicesdigital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services provided by ICT third-party service providersan undertaking providing ICT services, the ESAsEuropean Supervisory Authority should develop draft implementing technical standards establishing standardised templates, forms and procedures for financial entitiesas defined in Article 2, points (a) to (t) to report a major ICT-related incidentan ICT-related incident that has a high adverse impact on the network and information systems that support critical or important functions of the financial entity and a major operational or security payment-related incidenta single event or a series of linked events unplanned by the financial entities referred to in Article 2(1), points (a) to (d), whether ICT-related or not, that has an adverse impact on the availability, authenticity, integrity or confidentiality of payment-related data, or on the payment-related services provided by the financial entity, as well as standardised templates for the register of information. When developing those standards, the ESAsEuropean Supervisory Authority should take into account the size and the overall risk profile of the financial entity, and the nature, scale and complexity of its services, activities and operations. The Commission should be empowered to adopt those implementing technical standards by means of implementing acts pursuant to Article 291 TFEU and in accordance with Article 15 of Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010.