Critical ICT third-party service providersan ICT third-party service provider designated as critical in accordance with Article 31 should be able to provide ICT servicesdigital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services from anywhere in the world, not necessarily or not only from premises located in the Union. Oversight activities should be first conducted on premises located in the Union and by interacting with entities located in the Union, including the subsidiariesa subsidiary undertaking within the meaning of Article 2, point (10), and Article 22 of Directive 2013/34/EU established by critical ICT third-party service providersan ICT third-party service provider designated as critical in accordance with Article 31 pursuant to this Regulation. However, such actions within the Union might be insufficient to allow the Lead Overseerthe European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation to fully and effectively perform its duties under this Regulation. The Lead Overseerthe European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation should therefore also be able to exercise its relevant oversight powers in third countries. Exercising those powers in third countries should allow the Lead Overseerthe European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation to examine the facilities from which the ICT servicesdigital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services or the technical support services are actually provided or managed by the critical ICT third-party service provideran ICT third-party service provider designated as critical in accordance with Article 31, and should give the Lead Overseerthe European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation a comprehensive and operational understanding of the ICT riskany reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment management of the critical ICT third-party service provideran ICT third-party service provider designated as critical in accordance with Article 31. The possibility for the Lead Overseerthe European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation, as a Union agency, to exercise powers outside the territory of the Union should be duly framed by relevant conditions, in particular the consent of the critical ICT third-party service provideran ICT third-party service provider designated as critical in accordance with Article 31 concerned. Similarly, the relevant authorities of the third country should be informed of, and not have objected to, the exercise on their own territory of the activities of the Lead Overseerthe European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation. However, in order to ensure efficient implementation, and without prejudice to the respective competences of the Union institutions and the Member States, such powers also need to be fully anchored in the conclusion of administrative cooperation arrangements with the relevant authorities of the third country concerned. This Regulation should therefore enable the ESAsEuropean Supervisory Authority to conclude administrative cooperation arrangements with the relevant authorities of third countries, which should not otherwise create legal obligations in respect of the Union and its Member States.