Regulation (EU) 2022/2554 mandates the Lead Overseerthe European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation to carry out a comprehensive assessment of the ICT risksany reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment that ICT third party service providers pose to financial entitiesas defined in Article 2, points (a) to (t). In order to carry out this assessment, Regulation (EU) 2022/2554 equips the Lead Overseerthe European Supervisory Authority appointed in accordance with Article 31(1), point (b) of this Regulation with power to request information covering areas directly or indirectly related to the ICT servicesdigital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services the critical ICT third-party service providersan ICT third-party service provider designated as critical in accordance with Article 31 provide to the financial entitiesas defined in Article 2, points (a) to (t).