ANNEX III - Type of ICT services

Info

When referring to a type of ICT services in the templates of the register of information, only the identifier (from S01 to S19) of the relevant type of ICT services shall be reported.

Identifier

Type of ICT services

Description

S01

1.

ICT project management Provision of services related to Project Management Officer (PMO).

S02

2.

ICT Development Provision of services related to: business analysis, software design and development, testing.

S03

3.

ICT help desk and first level support Provision of services related to: helpdesk support and first level support on ICT incident

S04

4.

ICT security management services Provision of services related to: ICT security (protection, detection, response and recovering), including security incident handling and forensics.

S05

5.

Provision of data Subscription to the services of data providers. (digital data service)

S06

6.

Data analysis Provision of services related to the support for data analysis. (digital data service)

S07

7.

ICT, facilities and hosting services (excluding Cloud services) Provision of ICT infrastructure, facilities and hosting services, including the provision of utilities (energy, heat management etc.), telecom access and physical security (excluding cloud services), payment-processing activities, or operating payment infrastructures

S08

8.

Computation Provision of digital processing capabilities (including data computation), excluding the computation services performed in the context of a cloud environment.

S09

9.

Non-Cloud Data storage Provision of data storage platform (excluding cloud services).

S10

10.

Telecom carrier Operations for telecommunication systems and flow management. Traditional analogue telephone services are explicitly excluded pursuant to 2554

S11

11.

Network infrastructure Provision of network infrastructure

S12

12.

Hardware and physical devices Provision of workstations, phones, servers, data storage devices, appliances, etc. in a form of a service

S13

13.

Software licencing (excluding SaaS) Provision of software run on premises.

S14

14.

ICT operation management (including maintenance) Provision of services related to: infrastructure (systems and hardware except network) configuration, maintenance, installing, capacity management, business continuity management, etc.

Including Managed Service Providers (MSP)

S15

15.

ICT Consulting Provision of intellectual / ICT expertise services.

S16

16.

ICT Risk management Verification of compliance with ICT risk management requirements in accordance with Article 6(10) of Regulation (EU) 2022/2554

S17

17.

Cloud services: IaaS Infrastructure-as-a-Service

S18

18.

Cloud services: PaaS Platform-as-a-Service

S19

19.

Cloud services: SaaS Software-as-a-Service# Table 1 in anx_I

Template CodeTemplate NameShort Description
B_01.01Entity maintaining the register of informationThis template identifies the entity maintaining and updating the register of information at entity, sub-consolidated and consolidated level, respectively.
B_01.02List of entities within the scope of consolidationThis template identifies all the entities belonging to the group. Where the financial entity responsible for maintaining and updating the register of information does not belong to a group, only that financial entity shall be reported in this template.
B_01.03List of branchesThis template identifies the branches of the financial entities referred to in template B_01.02.
B_02.01Contractual arrangements – general informationThis template lists all contractual arrangements with direct ICT third-party service providers.For each contractual arrangement with a direct ICT third-party service provider, the financial entity maintaining the register of information shall assign a unique ‘contractual arrangement reference number’ to identify unambiguously the contractual arrangement itself.
B_02.02Contractual arrangements – specific informationThis template provides details in relation to each contractual arrangement listed in template B_02.01 with regard to:(a)  the ICT services included in the scope of the contractual arrangement;(b)  the functions of the financial entities supported by those ICT services;(c)  other important information in relation to the specific ICT services provided (e.g. notice period, law governing the arrangement, etc.).
B_02.03List of intra-group contractual arrangementsThis template identifies the links between intra-group contractual arrangements and contractual arrangements with ICT third-party service providers which are not part of the group using the contractual reference numbers when part of the ICT service supply chain.
B_03.01Entities signing the contractual arrangements for receiving ICT service(s) or on behalf of the entities making use of the ICT service(s)This template provides information on the entity signing the contractual arrangements with the direct ICT third-party service provider for the entity making use of the ICT services.Where the register of information is maintained and updated at entity level, the entity signing the contractual arrangement and the entity making use of the ICT services is the financial entity maintaining and updating the register of information.In the context of sub-consolidation and consolidation, the financial entity making use of the ICT services provided is not necessarily the entity signing the contractual arrangement with the ICT third-party service providers.
B_03.02ICT third-party service providers signing the contractual arrangements for providing ICT service(s)This template identifies all the ICT third-party service providers referred to in template B_05.01 signing the contractual arrangements referred to in template B_02.01 for providing the ICT services.
B_03.03Entities signing the contractual arrangements for providing ICT service(s) to other entities within the scope of consolidationThis template identifies all the entities referred to in template B_01.02 signing the contractual arrangements referred to in template B_02.01 for providing the ICT services to other entities in the consolidation.
B_04.01Entities making use of the ICT servicesThis template identifies all entities making uses of the ICT services provided by ICT third-party service providers and registered in the register of information.The entities making use of the ICT services shall be either the financial entities in scope, or the ICT intra-group service providers.Where the register of information is maintained and updated at entity level, the entity signing the contractual arrangement and the entity making use of the ICT services are the financial entity maintaining the register.
B_05.01ICT third-party service providersThis template lists and provides general information to identify:(a)  the direct ICT third-party service providers;(b)  the ICT intra-group service providers;(c)  all subcontractors included in template B_05.02 on ICT service supply chain;(d)  the ultimate parent undertaking of the ICT third-party service providers listed in points (a), (b) and (c).
B_05.02ICT service supply chainThis template identifies and links the ICT third-party service providers that are part of the same ICT service supply chain.Financial entities shall identify and rank the ICT third-party service providers for each ICT service included in each contractual arrangement.Example:a financial entity has a contractual arrangement with an ICT third-party service provider (‘ICT third-party service provider X’) to receive 2 specific ICT services (‘ICT service A’ and ‘ICT service B’) and the service provider makes use of a subcontractor (‘ICT third-party service provider Y’) to provide one of those services (‘ICT service B’).— In relation to ICT service A, the ICT service supply chain is composed of one ICT third-party service provider, ICT third-party service provider X, which will be ranked as number 1 in the template. ICT third-party service provider X is the direct ICT third-party service provider.— In relation to ICT service B, the ICT service supply chain is composed of two ICT third-party service providers:—(a)  ICT third-party service provider X, which will be ranked number 1 in the template. ICT third-party service provider X is the direct ICT third-party service provider.(b)  ICT third-party service provider Y, which will be ranked number 2 in the template. ICT third-party service provider Y is a subcontractor.— All ICT third-party service providers belonging to the same ICT service supply chain share the same ‘contractual arrangement reference number’ as referred to in template B_02.01 and the same type of ICT services
B_06.01Functions identificationThis template identifies and provides information on the functions of the financial entity making use of the ICT services.In the information to be provided in this template, financial entities shall include a unique identifier, the ‘function identifier’ for each combination of a financial entity’s LEI, licenced activity and function.Example:a financial entity (LEI: 21USLEIC20231109J3Z8) which operates under two licensed activities (‘activity A’ and ‘activity B’) will be given two unique ‘function identifiers’ for the same function X (e.g. sales) performed for activity A and activity B, respectively. The function identifier will be:F1 for the combination of “21USLEIC20231109J3Z8”“Activity A” and ‘Function X”F2 for the combination of “21USLEIC20231109J3Z8”“Activity B” and ‘Function X”
B_07.01Assessments of the ICT servicesThis template captures information in relation to the risk assessment of the ICT services (e.g. substitutability, date of last audit, etc.) when those ICT services are supporting a critical or important function or material part thereof.
B_99.01Definitions from entities making use of the ICT ServicesThis template captures entity-internal explanations, meanings, and definitions of the closed set of indicators used by the financial entity in the register of information.Example: In template B_07.01 the financial entity shall provide an indication of the impact of discontinuation of the ICT services by using a closed set of options (low, medium, high). In template B_99.01 the financial entity shall specify the meaning of those options.

Table 2 in anx_I

Column CodeColumn NameTypeFill-in InstructionFill-in Option
B_01.01.0010LEI of the financial entity maintaining the register of informationAlphanumericalIdentify the financial entity maintaining and updating the register of information using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standardMandatory
B_01.01.0020Name of the financial entityAlphanumericalLegal name of the financial entity maintaining and updating the register of informationMandatory
B_01.01.0030Country of the financial entityCountryIdentify the ISO 3166–1 alpha–2 code of the country where the license or the registration of the entity reported in the register of information has been issued.Mandatory
B_01.01.0040Type of financial entityClosed set of optionsIdentify the type of financial entity using one of the options in the following closed list:1.  credit institutions;2.  payment institutions, including payment institutions exempted pursuant to Directive (EU) 2015/2366 of the European Parliament and of the Council(1);3.  account information service providers;4.  electronic money institutions, including electronic money institutions exempted pursuant to Directive 2009/110/EC of the European Parliament and of the Council(2);5.  investment firms;6.  crypto-asset service providers authorised under Regulation (EU) 2023/1114 of the European Parliament and of the Council(3)7.  issuers of asset-referenced tokens authorised under Regulation (EU) 2023/1114;8.  central securities depositories;9.  central counterparties;10.  trading venues;11.  trade repositories;12.  managers of alternative investment funds;13.  management companies;14.  data reporting service providers;15.  insurance and reinsurance undertakings;16.  insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries;17.  institutions for occupational retirement provision;18.  credit rating agencies;19.  administrators of critical benchmarks;20.  crowdfunding service providers;21.  securitisation repositories.22.  other financial entity;Where the register of information is maintained at the group level by the parent undertaking, which is not itself subject to the obligation to maintain such register, i.e. it does not fall under the definition of financial entities set out in Article 2 of the Regulation (EU) 2022/2554 (e.g., financial holding company, mixed financial holding company or mixed-activity holding company) ‘Other financial entity’ option shall be chosen.Mandatory
B_01.01.0050Competent authorityAlphanumericalIdentify the competent authority referred to in Article 46 of Regulation (EU) 2022/2554 to which the register of information is reported.Mandatory in case of reporting
B_01.01.0060Date of the reportingDateIdentify the date using ISO 8601 (yyyy–mm–dd) code of the date of reportingMandatory in case of reporting
(1)Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, p. 35, ELI: http://data.europa.eu/eli/dir/2015/2366/oj).(2)Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7, ELI: http://data.europa.eu/eli/dir/2009/110/oj).(3)Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (OJ L 150, 9.6.2023, p. 40, ELI: http://data.europa.eu/eli/reg/2023/1114/oj).

Table 3 in anx_I

Column CodeColumn NameTypeFill-in InstructionFill-in Option
B_01.02.0010LEI of the financial entityAlphanumericalIdentify the financial entity reported in the register of information using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standardMandatory
B_01.02.0020Name of the financial entityAlphanumericalLegal name of the financial entity reported in the register of informationMandatory
B_01.02.0030Country of the financial entityCountryIdentify the ISO 3166–1 alpha–2 code of the country where the license or the registration of the financial entity reported in the register of information has been issued.Mandatory
B_01.02.0040Type of financial entityClosed set of optionsIdentify the type of financial entity using one of the options in the following closed list:1.  credit institutions;2.  payment institutions, including payment institutions exempted pursuant to Directive (EU) 2015/2366;3.  account information service providers;4.  electronic money institutions, including electronic money institutions exempted pursuant to Directive 2009/110/EC;5.  investment firms;6.  crypto-asset service providers authorised under Regulation (EU) 2023/1114;7.  issuers of asset-referenced tokens authorised under Regulation (EU) 2023/1114;8.  central securities depositories;9.  central counterparties;10.  trading venues;11.  trade repositories;12.  managers of alternative investment funds;13.  management companies;14.  data reporting service providers;15.  insurance and reinsurance undertakings;16.  insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries;17.  institutions for occupational retirement provision;18.  credit rating agencies;19.  administrators of critical benchmarks;20.  crowdfunding service providers;21.  securitisation repositories;22.  other financial entity;23.  non-financial entity: ICT intra-group service provider;24.  non-financial entity: other.Mandatory
B_01.02.0050Hierarchy of the financial entity within the group (where applicable)Closed set of optionsDetermine the hierarchy of the financial entity in the consolidation using one of the options in the following closed list:1.  The financial entity is the ultimate parent undertaking in the consolidation;2.  The financial entity is the parent undertaking of a sub-consolidated part in the consolidation;3.  The financial entity is a subsidiary in the consolidation and is not a parent undertaking of a sub-consolidated part;4.  The financial entity is not part of a group;5.  The financial entity is a service provider to which the financial entity (or the third-party service provider acting on its behalf) is outsourcing all its operational activities.Where an entity fulfils more than one options from the closed list above, the higher-level option applicable to this entity shall be selected.Mandatory
B_01.02.0060LEI of the direct parent undertaking of the financial entityAlphanumericalIdentify the direct parent undertaking of the financial entity reported in the register of information using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standardMandatory
B_01.02.0070Date of last updateDateIdentify the date using ISO 8601 (yyyy–mm–dd) code of the date of the last update or modification made in the register of information in relation to the financial entity.Mandatory
B_01.02.0080Date of integration in the register of informationDateIdentify the date using ISO 8601 (yyyy–mm–dd) code of the date of integration of the financial entity into the register of informationMandatory
B_01.02.0090Date of deletion in the register of informationDateIdentify the date using ISO 8601 (yyyy–mm–dd) code of the date of deletion of the financial entity from the register of information.Where the financial entity has not been deleted, ‘9999-12-31’ shall be reported.Mandatory
B_01.02.0100CurrencyCurrencyIdentify the ISO 4217 alphabetic code of the currency used for the preparation of the financial entity’s financial statements.The currency reported shall be the same currency used by the financial entity for the preparation of the financial statements at entity, sub-consolidated or consolidated level, as applicable.Mandatory only if B_01.02.0110 is reported
B_01.02.0110Value of total assets of the financial entityMonetaryMonetary value of total assets of the financial entity as reported in the financial entity’s annual financial statement of the year before the date of the last update of the register of information. Monetary value shall be reported in units.Refer to Annex IV for the filling in this column.Mandatory if the entity is a financial entity

Table 4 in anx_I

Column CodeColumn NameTypeFill-in InstructionFill-in Option
B_01.03.0010Identification code of the branchAlphanumericalIdentify a branch of a financial entity located outside its home country using a unique code for each branch. One of the options in the following closed list shall be used:(a)  LEI of the branch if unique for this branch and different from B_01.03.0020;(b)  other identification code used by the financial entity to identify the branch (where the LEI of the branch is equivalent to the one in template B_01.03.0020 or equivalent to the LEI of another branch).Mandatory
B_01.03.0020LEI of the financial entity head office of the branchAlphanumericalAs reported in B_01.02.0010Identify the financial entity head office of the branch, using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standardMandatory
B_01.03.0030Name of the branchAlphanumericalIdentify the name of the branchMandatory
B_01.03.0040Country of the branchCountryIdentify the ISO 3166–1 alpha–2 code of the country where the branch is located.Mandatory

Table 5 in anx_I

Column CodeColumn NameTypeFill -in InstructionFill-in Option
B_02.01.0010Contractual arrangement reference numberAlphanumericalIdentify the contractual arrangement between the financial entity or, in case of a group, the group subsidiary and the direct ICT third-party service provider.The contractual arrangement reference number is the internal reference number of the contractual arrangement assigned by the financial entity.The contractual arrangement reference number shall be unique and consistent over time at entity, sub-consolidated and consolidated level, where applicable.The contractual arrangement reference number shall be used consistently across all templates of the register of information when referring to the same contractual arrangement.For the case where an entity is acting on behalf of a financial entity for all the activities of the financial entity including the ICT services (refer to recital 7) the contractual arrangement reference number can be the contractual arrangement between the entity and its direct ICT third-party service provider.Mandatory
B_02.01.0020Type of contractual arrangementClosed set of optionsIdentify the type of contractual arrangement by using one of the options in the following closed list:1.  standalone arrangement;2.  overarching / master contractual arrangement;3.  subsequent or associated arrangement.Mandatory
B_02.01.0030Overarching contractual arrangement reference numberAlphanumericalNot applicable if the contractual arrangement is the ‘overarching contractual arrangement’ or a ‘standalone arrangement’. In the other cases, report the contractual arrangement reference number of the overarching arrangement, which shall be equal to the value as reported in column B_02.01.0010 when reporting the overarching contractual arrangement.Mandatory
B_02.01.0040Currency of the amount reported in B_02.01.0050CurrencyIdentify the ISO 4217 alphabetic code of the currency used to express the amount in B_02.01.0050.Mandatory
B_02.01.0050Annual expense or estimated cost of the contractual arrangement for the past yearMonetaryAnnual expenses or estimated costs (or intragroup transfer) of the ICT services contractual arrangement for the past year. Monetary value shall be reported in units.The annual expense or estimated cost shall be expressed in the currency reported in B_01.02.0040.In case of an overarching arrangement with subsequent or associated arrangements, the sum of the annual expenses or estimated costs reported for the overarching arrangement and the subsequent or associated arrangements shall be equal to the total expenses or estimated costs for the overall contractual arrangement. There shall be no repetition or duplication of annual expenses or estimated costs. The following cases should be reflected:(a)  where the annual expenses or estimate costs are not determined at the level of the overarching arrangement (i.e. they are 0), the annual expenses or estimated costs shall be reported at the level of each subsequent or associated arrangements.(b)  where the annual expenses or estimated costs cannot be reported for each of the subsequent or associated arrangements, the total annual expenses or estimated costs shall be reported at the level of the overarching arrangement.(c)  where there are annual expenses or estimated costs related to each level of the arrangement, i.e. overarching and subsequent or associated, and that information is available, the annual expenses or estimated costs shall be reported without duplication at each level of the contractual arrangement.Mandatory

Table 6 in anx_I

Column CodeColumn NameTypeFill-in InstructionFill-in Option
B_02.02.0010Contractual arrangement reference numberAlphanumericalAs reported in B_02.01.0010Mandatory
B_02.02.0020LEI of the financial entity making use of the ICT service(s)AlphanumericalAs reported in B_04.01.0020Identify the financial entity making use of the ICT service(s) using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standardMandatory
B_02.02.0030Identification code of the ICT third-party service providerAlphanumericalAs reported in B_05.01.0010Code to identify the ICT third-party service provider as reported in B_05.01.0010 for that provider.Mandatory
B_02.02.0040Type of code to identify the ICT third-party service providerPatternAs reported in B_05.01.0020Type of code to identify the ICT third-party service provider in B_02.02.0030 as reported in B_05.01.0020 for that provider.Mandatory
B_02.02.0050Function identifierPatternAs defined by the financial entity in B_06.01.0010Mandatory
B_02.02.0060Type of ICT servicesClosed set of optionsOne of the types of ICT services referred to in Annex IIIMandatory
B_02.02.0070Start date of the contractual arrangementDateIdentify the date of entry into force of the contractual arrangement as stipulated in the contractual arrangement using the ISO 8601 (yyyy–mm–dd) codeMandatory
B_02.02.0080End date of the contractual arrangementDateIdentify the end date as stipulated in the contractual arrangement using the ISO 8601 (yyyy–mm–dd) code. Where the contractual arrangement is indefinite, it shall be filled in with ‘9999-12-31’. Where the contractual arrangement has been terminated on a date different than the end date, this shall be filled in with the termination date.Where the contractual arrangement foresees a renewal, this shall be filled in with the date of the contract renewal as stipulated in the contractual arrangement.Mandatory
B_02.02.0090Reason of the termination or ending of the contractual arrangementClosed set of optionsWhere the contractual arrangement has been terminated or ended, identify the reason of the termination or ending of the contractual arrangements using one of the options in the following closed list:1.  Termination not for cause: The contractual arrangement has expired/ended and has not been renewed by any of the parties;2.  Termination for cause: The contractual arrangement has been terminated, the ICT third-party service provider being in a breach of applicable law, regulations or contractual provisions;3.  Termination for cause: The contractual arrangement has been terminated, due to the fact that impediments of the ICT third-party service provider capable of altering the supported function have been identified;4.  Termination for cause: The contractual arrangement has been terminated due to weaknesses of the ICT third-party service provider regarding the management and security of sensitive data or information of any of the counterparties;5.  Termination following a request by a competent authority: The contractual arrangement has been terminated following a request by a competent Authority.6.  Other: The contractual arrangement has been terminated by any of the parties for any other reason than the reasons referred to in points 1 to 5.Mandatory if the contractual arrangement is terminated
B_02.02.0100Notice period for the financial entity making use of the ICT service(s)Natural numberIdentify the notice period for terminating the contractual arrangement by the financial entity in a business-as-usual case. The notice period shall be expressed as number of calendar days from the counterparty’s receipt of the request to terminate the ICT service.Mandatory if the ICT service is supporting a critical or important function
B_02.02.0110Notice period for the ICT third-party service providerNatural numberIdentify the notice period for terminating the contractual arrangement by the direct ICT third-party service provider in a business-as-usual case. The notice period shall be expressed as number of calendar days from the counterparty’s receipt of the request to terminate the ICT service.Mandatory if the ICT service is supporting a critical or important function
B_02.02.0120Country of the governing law of the contractual arrangementCountryIdentify the country of the governing law of the contractual arrangement using the ISO 3166–1 alpha–2 code.Mandatory if the ICT service is supporting a critical or important function
B_02.02.0130Country of provision of the ICT servicesCountryIdentify the country from where the ICT services are provided using the ISO 3166–1 alpha–2 code.Mandatory if the ICT service is supporting a critical or important function
B_02.02.0140Storage of data[Yes/No]Is the ICT service related to (or does it foresee) storage of data (even temporarily)?One of the options provided in the following closed list:1.  Yes;2.  No.Mandatory if the ICT service is supporting a critical or important function
B_02.02.0150Location of the data at rest (storage)CountryIdentify the country of location of the data at rest (storage) using the ISO 3166–1 alpha–2 code.If there are several countries of location, additional row(s) shall be used for each country.Mandatory if ’Yes’ is reported in B_02.02.0140
B_02.02.0160Location of management of the data (processing)CountryIdentify the country of location of the management of the data (processing) using the ISO 3166–1 alpha–2 code.If there are several countries of location, additional row(s) shall be used for each country.Mandatory if the ICT service is based on or foresees data processing
B_02.02.0170Sensitiveness of the data stored by the ICT third-party service providerClosed set of optionsIdentify the level of sensitiveness of the data stored or processed by the ICT third-party service provider using one of the options provided in the following closed list:1.  Low2.  Medium;3.  High.The most sensitive data take precedence: e.g. if both ‘Medium’ and ‘High’ apply, then ‘High’ shall be selected.Mandatory if the ICT third-party service provider stores data and if the ICT service is supporting a critical or important function or material part thereof
B_02.02.0180Level of reliance on the ICT service supporting the critical or important function.Closed set of optionsOne of the options in the following closed list shall be used:1.  Not significant;2.  Low reliance: in case of disruption of the services, the supported functions would not be significantly impacted (no interruption, no important damage) or disruption can be resolved quickly and with minimal impact on the functions supported;3.  Material reliance: in case of disruption of the services, the supported functions would be significantly impacted if the disruption lasts more than a few minutes/few hours, and the disruption may cause damages, but is still manageable;4.  Full reliance: in case of disruption of the services, the supported functions would be immediately and severely interrupted/damaged, for a long period.Mandatory if the ICT service is supporting a critical or important function or material part thereof

Table 7 in anx_I

Column CodeColumn NameTypeFill-in InstructionFill-in Option
B_02.03.0010Contractual arrangement reference numberAlphanumericalReference number of the contractual arrangement between the entity making use of the ICT service(s) provided and the ICT intra-group service provider.The contractual arrangement reference number shall be unique and consistent over time and across all the group.Mandatory
B_02.03.0020Contractual arrangement linked to the contractual arrangement referred in B_02.03.0010AlphanumericalContractual arrangement reference number of the contractual arrangement between the ICT intra-group service provider of the contractual arrangement in B_02.03.0010 and its direct ICT third-party service provider.Mandatory

Table 8 in anx_I

Column CodeColumn NameTypeFill-in InstructionFill-in Option
B_03.01.0010Contractual arrangement reference numberAlphanumericalAs reported in B_02.02.0010Identify the contractual arrangement reference number signed by the undertakingMandatory
B_03.01.0020LEI of the entity signing the contractual arrangementAlphanumericalIdentify the undertaking signing the contractual arrangement using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standard or the EUID.Mandatory

Table 9 in anx_I

Column CodeColumn NameTypeFill-in InstructionFill-in Option
B_03.02.0010Contractual arrangement reference numberAlphanumericalAs reported in B_02.02.0010Identify the contractual arrangement reference number signed by the ICT third-party service providerMandatory
B_03.02.0020Identification code of ICT third-party service providerAlphanumericalAs reported in B_05.01.0010Code to identify the ICT third-party service provider as reported in B_05.01.0020 for that provider.Mandatory
B_03.02.0030Type of code to identify the ICT third-party service providerPatternAs reported in B_05.01.0020Type of code to identify the ICT third-party service provider in B_03.02.0020 as reported in B_05.01.0020 for that provider.Mandatory

Table 10 in anx_I

Column CodeColumn NameTypeFill-in InstructionFill-in Option
B_03.03.0010Contractual arrangement reference numberAlphanumericalAs reported in B_02.02.0010Identify the reference number of the contractual arrangement signed by the entity for providing ICT service(s)Mandatory
B_03.03.0020LEI of the financial entity providing ICT servicesAlphanumericalAs reported in B_01.02.0010Identify the entity providing ICT services using LEI, 20-character, alpha-numeric code based on the ISO 17442 standard.Mandatory

Table 11 in anx_I

Column CodeColumn NameTypeFill-in InstructionFill-in Option
B_04.01.0010Contractual arrangement reference numberAlphanumericalAs reported in B_02.01.0010Identify the reference number of the contractual arrangement in relation to the financial entity making use of the ICT services providedMandatory
B_04.01.0020LEI of the financial entity making use of the ICT service(s)AlphanumericalIdentify the financial entity making use of the ICT service(s) using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standardMandatory
B_04.01.0030Nature of the financial entity making use of the ICT service(s)Closed set of optionsOne of the options in the following closed list shall be used:1.  The financial entity making use of the ICT service(s) is a branch of a financial entity2.  The financial entity making use of the ICT service(s) is not a branchMandatory
B_04.01.0040Identification code of the branchAlphanumericalIdentification code of the branch as reported in B_01.03.0010Mandatory if the financial entity making use of the ICT service(s) is a branch of a financial entity (B_04.01.0030)

Table 12 in anx_I

Column CodeColumn NameTypeFill-in InstructionFill-in Option
B_05.01.0010Identification code of ICT third-party service providerAlphanumericalCode to identify the ICT third-party service provider.Where LEI is used, it shall be provided as a 20-character, alpha-numeric code based on the ISO 17442 standard.Where EUID is used, it shall be provided as specified in Article 9 of the Commission Implementing Regulation (EU) 2021/1042.Mandatory
B_05.01.0020Type of code to identify the ICT third-party service providerPattern►C1Type of code to identify the ICT third-party service provider reported in B_05.01.00101.  ‘LEI’ for LEI2.  ‘EUID’ for EUID3.  ‘CRN’ for Corporate registration number4.  ‘VAT’ for VAT number5.  ‘PNR’ for Passport Number6.  ‘NIN’ for National Identity NumberOnly LEI or EUID shall be used for legal persons, as identified in B_05.01.0070, whereas alternative code may be used only for an individual acting in a business capacity.Only LEI shall be used for legal persons that are not established in the Union.◄Mandatory
B_05.01.0030Additional identification code of ICT third-party service providerAlphanumericalAdditional code to identify the ICT third-party service provider, where available.Optional
B_05.01.0040Type of additional identification code to identify the ICT third-party service providerPatternThe type of additional code to identify the ICT third-party service provider reported in B_05.01.0030:1.  ‘LEI’ for LEI2.  ‘EUID’ for EUID3.  CRN for Corporate registration number4.  VAT for VAT number5.  PNR for Passport Number6.  NIN for National Identity NumberLEI or EUID shall be used for legal persons, as identified in B_05.01.0070, whereas alternative code may be used only for an individual acting in a business capacity.Only LEI shall be used for legal persons that are not established in the Union.Mandatory, if B_05.01.0030 is reported
B_05.01.0050Legal name of the ICT third-party service providerAlphanumericalLegal name of the ICT third-party service provider as registered in business register in Latin, Cyrillic or Greek alphabets.Mandatory
B_05.01.0060Name of the ICT third-party service provider in Latin alphabetAlphanumericalName of the ICT third-party service provider in Latin alphabet.Where the name of the ICT third-party service provider reported in B_05.01.0050 is in Latin alphabet, it shall be repeated also in this data field.Mandatory
B_05.01.0070Type of person of the ICT third-party service providerClosed set of optionsOne of the options in the following closed list shall be used:1.  Legal person, excluding individuals acting in business capacity2.  Individual acting in a business capacityMandatory
B_05.01.0080Country of the ICT third-party service provider’s headquartersCountryIdentify the ISO 3166–1 alpha–2 code of the country in which the global operating headquarters of ICT third-party service provider are located (usually, this country is the country of tax residence).Mandatory
B_05.01.0090►C1Currency of the amount reported in B_05.01.0100◄CurrencyIdentify the ISO 4217 alphabetic code of the currency used to express the amount in B_05.01.0100.The currency reported shall be the same currency used by the financial entity for the preparation of the financial statements at entity, sub-consolidated or consolidated level, as applicable.Mandatory if B_05.01.0100 is reported
B_05.01.0100Total annual expense or estimated cost of the ICT third-party service providerMonetaryAnnual expense or estimated cost for using the ICT services provided by the ICT third-party service provider to the entities making use of the ICT services. Monetary value shall be reported in units.Mandatory if the ICT third-party service provider is a direct ICT third-party service provider
B_05.01.0110Identification code of the ICT third-party service provider’s ultimate parent undertakingAlphanumericalCode to identify the ICT third-party service provider’s ultimate parent undertaking.The code used to identify ultimate parent undertaking in this field shall match the identification code provided in B_05.01.0010 for that ultimate parent undertaking.Where the ICT third-party service provider is not part of a group, the identification code used to identify that ICT third-party service provider in B_05.01.0010 shall be repeated also in this data field.Mandatory if the ICT third-party service provider is not the ultimate parent undertaking
B_05.01.0120Type of code to identify the ICT third-party service provider’s ultimate parent undertakingPatternType of code to identify the ICT third-party service provider’s ultimate parent undertaking in B_05.01.0110.The type of the code used to identify ultimate parent undertaking in this field shall match the identification code provided in B_05.01.0020 for that ultimate parent undertaking.Where the ICT third-party service provider is not part of a group, the type of the identification code used to identify that ICT third-party service provider in B_05.01.0020 shall be repeated also in this data field.Mandatory if the ICT third-party service provider is not the ultimate parent undertaking

Table 13 in anx_I

Column CodeColumn NameTypeFill-in InstructionFill-in Option
B_05.02.0010Contractual arrangement reference numberAlphanumericalAs reported in B_02.01.0010Mandatory
B_05.02.0020Type of ICT servicesClosed set of optionsOne of the types of ICT services referred to in Annex IIIMandatory
B_05.02.0030Identification code of the ICT third-party service providerAlphanumericalAs reported in B_05.01.0010 for that ICT third-party service provider.Examples:— The identification code of the direct ICT third-party service provider providing ICT service to the financial entity making use of it;— The identification code of the subcontractor at rank 2 providing service to the direct ICT third-party service provider.Mandatory
B_05.02.0040Type of code to identify the ICT third-party service providerPatternAs reported in B_05.01.0020 for that ICT third-party service provider.Mandatory
B_05.02.0050RankNatural numberWhere the ICT third-party service provider is signing the contractual arrangement with the financial entity, it is considered as a direct ICT third-party service provider and the ‘rank’ to be reported shall be 1;Where the ICT third-party service provider is signing the contract with the direct ICT third-party service provider, it is considered as a subcontractor and the ‘rank’ to be reported shall be 2;The same logic apply to all the following subcontractors by incrementing the ‘rank’.Where multiple ICT third-party service providers have the same ‘rank’ in the ICT service supply chain, financial entities shall report the same ‘rank’ for all those ICT third-party service providers.Mandatory
B_05.02.0060Identification code of the recipient of sub-contracted ICT servicesAlphanumericalTo be left blank if the ICT third-party service provider (template B_05.02.0030) is a direct ICT third-party service provider i.e. at ‘rank’ r = 1 (template B_05.02.0050);Where the ICT third-party service provider is at ‘rank’ r = n where n>1, indicate the ‘Identification code of the recipient of the sub-contracted services’ at ‘rank’ r=n-1 that subcontracted the ICT service (even partially) to the ICT third-party service provider at ‘rank’ r=n.Examples:— The identification code of the direct ICT third-party service provider receiving the service from the subcontractor at rank 2;— The identification code of the subcontractor at rank 2 receiving the service from the subcontractor at rank 3.The code used to identify the recipient of sub-contracted ICT services shall match the identification code provided in B_05.01.0010 for that provider.Mandatory Not applicable for rank 1
B_05.02.0070Type of code to identify the recipient of sub-contracted ICT servicesPatternTo be left blank where the ICT third-party service provider template B_05.02.0030) is at rank r = 1 (template B_05.02.0050);Where the ICT third-party service provider is at ‘rank’ r = n where n>1, indicate the ‘Type of code to identify the recipient of the sub-contracted service’ at ‘rank’ r=n-1 that subcontracted the ICT service (even partially) to the ICT third-party service provider at ‘rank’ r=n.1.  ‘LEI’ for LEI2.  ‘EUID’ for EUID3.  CRN for Corporate registration number4.  VAT for VAT number5.  PNR for Passport Number6.  NIN for National Identity NumberThe type of code used to identify the recipient of sub-contracted ICT services shall match the identification code provided in B_05.01.0020 for that provider.Mandatory Not applicable for rank 1

Table 14 in anx_I

Column CodeColumn NameTypeInstructionFill-in Option
B_06.01.0010Function IdentifierPatternThe function identifier shall be composed by the letter F (capital letter) followed by a natural number (e.g. “F1” for the 1stfunction identifier and “Fn” for the nthfunction identifier with “n” being a natural number).Each combination between ‘LEI of the financial entity making use of the ICT service(s)’ (B_06.01.0040), ‘Function name’ (B_06.01.0030) and ‘Licenced activity’ (B_06.01.0020) shall have a unique function identifier.Example:a financial entity which operates under two licensed activities (‘activity A’ and ‘activity B’) will be given two unique ‘function identifiers’ for the same function X (e.g. Sales) performed for activity A and activity B.Mandatory
B_06.01.0020Licenced activityClosed set of optionsOne of the licenced activities referred to in the underlying legal acts listed in Annex II for the different types of financial entities.Where the function is not linked to a registered or licenced activity, ‘support functions’ shall be reported.Mandatory
B_06.01.0030Function nameAlphanumericalFunction name according to the financial entity’s internal organisation.Mandatory
B_06.01.0040LEI of the financial entityAlphanumericalAs reported in B_04.01.0020Identify the financial entity using the LEI, 20-character, alpha-numeric code based on the ISO 17442 standardMandatory
►C1B_06.01.0050◄Criticality or importance assessmentClosed set of optionsUse this column to indicate whether the function is critical or important according to the financial entity’s assessment. One of the options in the following closed list shall be used:1.  Yes;2.  No;3.  Assessment not performed.Mandatory
►C1B_06.01.0060◄Reasons for criticality or importanceAlphanumericalBrief explanation on the reasons for classifying the function as critical or important (300 characters maximum)Optional
►C1B_06.01.0070◄Date of the last assessment of criticality or importanceDateIdentify the date using ISO 8601 (yyyy–mm–dd) code of the date of the last assessment of criticality or importance in case the function is supported by ICT services provided by ICT third-party service providers.Where the assessment of the function’s criticality or importance is not performed, it shall be filled in with ‘9999-12-31’Mandatory
►C1B_06.01.0080◄Recovery time objective of the functionNatural numberIn number of hours. Where the recovery time objective is less than 1 hour, ‘1’ shall be reported. Where the recovery time objective of the function is not defined, ‘0’ shall be reported.Mandatory
►C1B_06.01.0090◄Recovery point objective of the functionNatural numberIn number of hours. Where the recovery point objective is less than 1 hour, ‘1’ shall be reported. Where the recovery point objective of the function is not defined, ‘0’ shall be reported.Mandatory
►C1B_06.01.0100◄Impact of discontinuing the functionClosed set of optionsUse this column to indicate the impact of discontinuing the function according to the financial entity’s assessment. One of the options in the following closed list shall be used:1.  Low2.  Medium;3.  High;4.  Assessment not performed.Mandatory

Table 15 in anx_I

Column CodeColumn NameTypeFill-in InstructionFill-in Option
B_07.01.0010Contractual arrangement reference numberAlphanumericalAs reported in B_02.01.0010Mandatory
B_07.01.0020Identification code of the ICT third-party service providerAlphanumericalAs reported in B_05.01.0010Mandatory
B_07.01.0030Type of code to identify the ICT third-party service providerPatternAs reported in B_05.01.0020Mandatory
B_07.01.0040Type of ICT servicesClosed set of optionsOne of the types of ICT services referred to in Annex IIIMandatory
B_07.01.0050Substitutability of the ICT third-party service providerClosed set of optionsUse this column to provide the results of the financial entity’s assessment in relation to the degree of substitutability of the ICT third-party service provider to perform the specific ICT services supporting a critical or important function.One of the options in the following closed list shall be used:1.  Not substitutable;2.  Highly complex substitutability;3.  Medium complexity in terms of substitutability;4.  Easily substitutable.Mandatory
B_07.01.0060Reason where the ICT third-party service provider is considered not substitutable or difficult to be substitutableClosed set of optionsOne of the options in the following closed list shall be used:1.  The lack of real alternatives, even partial, due to the limited number of ICT third-party service providers active on a specific market, or the market share of the relevant ICT third-party service provider, or the technical complexity or sophistication involved, including in relation to any proprietary technology, or the specific features of the ICT third-party service provider’s organisation or activity;2.  Difficulties in relation to a partial or full migration of the relevant data and workloads from the relevant ICT third- party service provider to another ICT third-party service provider or by reintegrating them in the financial entity’s operations, due either to significant financial costs, time or other resources that the migration process may entail, or to an increased ICT risk or other operational risks to which the financial entity might be exposed;3.  Both reasons referred to in points 1 and 2.Mandatory in case “not substitutable” or “highly complex substitutability” is selected in B_07.01.0041
B_07.01.0070Date of the last audit on the ICT third-party service providerDateUse this column to provide the date of the last audit on the specific ICT services provided by the ICT third-party service provider.This column relates to audits conducted by any of the following:(a)  the internal audit department or any other additional qualified personnel of the financial entity;(b)  a joint team together with other clients of the same ICT third-party service provider (‘pooled audit’);(c)  a third party appointed by the supervised entity to audit the service provider.This column does not relate to the reception or reference date of third-party certifications or internal audit reports of the ICT third-party service provider, the annual monitoring date of the arrangement by the financial entity or the date of review of the risk assessment performed by the financial entity.This column shall be used to report all types of audits performed by any of the subjects referred to in points (a), (b) and (c) concerning fully or partially the ICT services provided by the ICT third-party service provider.To report the date, the ISO 8601 (yyyy–mm–dd) code shall be used.Where no audit has been performed, it shall be filled in with ‘9999-12-31’.Mandatory
B_07.01.0080Existence of an exit plan[Yes/No]Use this column to report the existence of an exit plan from the ICT third-party service provider in relation to the specific ICT service provided.One of the options in the following closed list shall be used:1.  Yes;2.  No.Mandatory
B_07.01.0090Possibility of reintegration of the contracted ICT serviceClosed set of optionsOne of the options in the following closed list shall be used:1.  Easy;2.  Difficult;3.  Highly complex.Use this column where the ICT service is provided by an ICT third-party service provider that is not an ICT intra-group service providerMandatory
B_07.01.0100Impact of discontinuing the ICT servicesClosed set of optionsUse this column to provide the impact for the financial entity of discontinuing the ICT services provided by the ICT third-party service provider according to the financial entity’s assessment.One of the options in the following closed list shall be used:1.  Low2.  Medium;3.  High;4.  Assessment not performed.Mandatory
B_07.01.0110Are there alternative ICT third-party service providers identified?Closed set of optionsOne of the options in the following closed list shall be used:1.  Yes;2.  No;►C13.  Assessment not performed.◄For each ICT third-party service provider supporting a critical or important function, the assessment to identify an alternative service provider shall be performed.Mandatory
B_07.01.0120Identification of alternative ICT TPPAlphanumericalIf ‘Yes’ is reported inB_07.01.0110,additional information may be provided in this columnOptional

Table 16 in anx_I

B_99.01.C0010B_99.01.C0020B_99.01.C0030B_99.01.C0040
Column CodeColumn NameOptionDescription/Internal definition of the option
B_99.01.R0010B_02.01.0020Type of contractual arrangement1.  Standalone arrangement
B_99.01.R00202.  Overarching arrangement
B_99.01.R00303.  Subsequent or associated arrangement
B_99.01.R0040B_02.02.0170Sensitiveness of the data stored by the ICT third-party service provider1.  Low
B_99.01.R00502.  Medium
B_99.01.R00603.  High
B_99.01.R0070B_06.01.0110Impact of discontinuing the function1.  Low
B_99.01.R00802.  Medium
B_99.01.R00903.  High
B_99.01.R0100B_07.01.0050Substitutability of the ICT third-party service provider1.  Not substitutable
B_99.01.R01102.  Highly complex substitutability
B_99.01.R01203.  Medium complexity in terms of substitutability
B_99.01.R01304.  Easily substitutable
B_99.01.R0140B_07.01.0090Possibility of reintegration of the contracted ICT service1.  Easy
B_99.01.R01502.  Difficult
B_99.01.R01603.  Highly complex
B_99.01.R0170B_07.01.0100Impact of discontinuing the ICT services1.  Low
B_99.01.R01802.  Medium
B_99.01.R01903.  High

Table 1 in anx_II

Type of entityList of activities and services
(a)  credit institutionsActivities listed in Annex I to Directive 2013/36/EU and activities listed in Section A and B of Annex I to Directive 2014/65/EU
(b)  payment institutions, including payment institutions exempted pursuant to Directive (EU) 2015/2366Activities listed in Annex I to Directive (EU) 2015/2366
(c)  account information service providersAccount information services as referred to in point (8) of Annex I to Directive (EU) 2015/2366
(d)  electronic money institutions, including electronic money institutions exempted pursuant to Directive 2009/110/ECIssuing electronic money in accordance with Directive 2009/110/EC and the activities listed in Annex I to Directive (EU) 2015/2366
(e)  investment firmsInvestment services and activities listed in Section A and B of Annex I to Directive 2014/65/EU
(f)  crypto-asset service providers authorised under Regulation (EU) 2023/1114Services and activities listed in Article 3, point (16), of Regulation (EU) 2023/1114
(g)  issuers of asset-referenced tokens authorised under Regulation (EU) 2023/1114Activities referred to in Article 16(1) of Regulation (EU) 2023/1114
(h)  central securities depositoriesActivities listed in Annex to Regulation (EU) No 909/2014 of the European Parliament and of the Council(1)
(i)  central counterpartiesActivity of central counterparties as defined in Article 2, point (1), of Regulation (EU) No 648/2012
(j)  trading venuesActivity of trading venues as defined in Article 4(21-24), of Directive 2014/65/EU
(k)  trade repositoriesActivities of trade repositories as defined in Article 2, point (2), of Regulation (EU) No 648/2012 and in Article 3, point (1), of Regulation (EU) No 2015/2365 of the European Parliament and of the Council(2)
(l)  managers of alternative investment fundsActivities listed in Article 6(4) and in Annex I to Directive 2011/61/EU of the European Parliament and of the Council(3)
(m)  management companiesActivities listed in Article 6(3) and in Annex II to Directive 2009/65/EC of the European Parliament and of the Council(4)
(n)  data reporting service providersServices referred to in Article 2(1), points (34), (35) and (36), of Regulation (EU) No 600/2014 of the European Parliament and of the Council(5)
(o)  insurance and reinsurance undertakingsActivities authorised for (i) the classes of non-life insurance as referred to in Section B of Annex I to Directive 2009/138/EC of the European Parliament and of the Council(6): (ii) classes of life insurance as referred to in Annex II to that Directive: (iii) non-life reinsurance activities and (iv) life reinsurance activities as referred to in article 15(5) of that Directive.
(p)  insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediariesActivities of insurance and reinsurance distribution as defined in Article 2(1), points (1) and (2), of Directive (EU) 2016/97 of the European Parliament and of the Council(7)
(q)  institutions for occupational retirement provisionActivities of institutions for occupational retirement provision as referred to in Article 7 of Directive (EU) 2016/2341 of the European Parliament and of the Council(8)
(r)  credit rating agenciesActivities of credit rating agencies as referred to in Article 3(1), points (a) and (b), of Regulation (EC) No 1060/2009 of the European Parliament and of the Council(9)
(s)  administrators of critical benchmarksProvision of benchmarks by administrators as defined in Article 3(1)(5) and 3(1)(6) of Regulation (EU) 2016/1011 of the European Parliament and of the Council, referring to critical benchmarks defined in Article 3(1), point (25), of that Regulation.
(t)  crowdfunding service providersProvision of crowdfunding services in accordance with Article 3 of Regulation (EU) 2020/1503 of the European Parliament and of the Council(10)
(u)  securitisation repositoriesActivity of securitisation repositories as defined in Article 2, point (23), of Regulation (EU) 2017/2402 of the European Parliament and of the Council(11)and Article 1(4-5) of Commission Delegated Regulation (EU) 2020/1230(12)
Non-financial entity: ICT intra-group service providerNot applicable
Non-financial entity: Other intra-group entityNot applicable
Non-financial entity: ICT third-party service providerNot applicable
(1)Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 (OJ L 257, 28.8.2014, p. 1, ELI: http://data.europa.eu/eli/reg/2014/909/oj).(2)Regulation (EU) 2015/2365 of the European Parliament and of the Council of 25 November 2015 on transparency of securities financing transactions and of reuse and amending Regulation (EU) No 648/2012 (OJ L 337, 23.12.2015, p. 1, ELI: http://data.europa.eu/eli/reg/2015/2365/oj).(3)Directive 2011/61/EU of the European Parliament and of the Council of 8 June 2011 on Alternative Investment Fund Managers and amending Directives 2003/41/EC and 2009/65/EC and Regulations (EC) No 1060/2009 and (EU) No 1095/2010 (OJ L 174, 1.7.2011, p. 1, ELI: http://data.europa.eu/eli/dir/2011/61/oj).(4)Directive 2009/65/EC of the European Parliament and of the Council of 13 July 2009 on the coordination of laws, regulations and administrative provisions relating to undertakings for collective investment in transferable securities (UCITS) (OJ L 302, 17.11.2009, p. 32, ELI: http://data.europa.eu/eli/dir/2009/65/oj).(5)Regulation (EU) No 600/2014 of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Regulation (EU) No 648/2012 (OJ L 173, 12.6.2014, p. 84, ELI: http://data.europa.eu/eli/reg/2014/600/oj).(6)Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009, p. 1, ELI: http://data.europa.eu/eli/dir/2009/138/oj).(7)Directive (EU) 2016/97 of the European Parliament and of the Council of 20 January 2016 on insurance distribution (OJ L 26, 2.2.2016, p. 19, ELI: http://data.europa.eu/eli/dir/2016/97/oj).(8)Directive (EU) 2016/2341 of the European Parliament and of the Council of 14 December 2016 on the activities and supervision of institutions for occupational retirement provision (IORPs) (OJ L 354, 23.12.2016, p. 37, ELI: http://data.europa.eu/eli/dir/2016/2341/oj).(9)Regulation (EC) No 1060/2009 of the European Parliament and of the Council of 16 September 2009 on credit rating agencies (OJ L 302, 17.11.2009, p. 1, ELI: http://data.europa.eu/eli/reg/2009/1060/oj).(10)Regulation (EU) 2020/1503 of the European Parliament and of the Council of 7 October 2020 on European crowdfunding service providers for business, and amending Regulation (EU) 2017/1129 and Directive (EU) 2019/1937 (OJ L 347, 20.10.2020, p. 1, ELI: http://data.europa.eu/eli/reg/2020/1503/oj).(11)Regulation (EU) 2017/2402 of the European Parliament and of the Council of 12 December 2017 laying down a general framework for securitisation and creating a specific framework for simple, transparent and standardised securitisation, and amending Directives 2009/65/EC, 2009/138/EC and 2011/61/EU and Regulations (EC) No 1060/2009 and (EU) No 648/2012 (OJ L 347, 28.12.2017, p. 35, ELI: http://data.europa.eu/eli/reg/2017/2402/oj).(12)Commission Delegated Regulation (EU) 202/1230 of 29 November 2019 supplementing Regulation (EU) 2017/2402 of the European Parliament and of the Council with regard to regulatory technical standards specifying the details of the application for registration of a securitisation repository and the details of the simplified application for an extension of registration of a trade repository (OJ L 289, 03.09.2020 p. 345) ELI: http://data.europa.eu/eli/reg/2020/1230/oj).

Table 1 in anx_III

IdentifierType of ICT servicesDescription
S011.  ICT project managementProvision of services related to Project Management Officer (PMO).
S022.  ICT DevelopmentProvision of services related to: business analysis, software design and development, testing.
S033.  ICT help desk and first level supportProvision of services related to: helpdesk support and first level support on ICT incident
S044.  ICT security management servicesProvision of services related to: ICT security (protection, detection, response and recovering), including security incident handling and forensics.
S055.  Provision of dataSubscription to the services of data providers. (digital data service)
S066.  Data analysisProvision of services related to the support for data analysis. (digital data service)
S077.  ICT, facilities and hosting services (excluding Cloud services)Provision of ICT infrastructure, facilities and hosting services, including the provision of utilities (energy, heat management etc.), telecom access and physical security (excluding cloud services), payment-processing activities, or operating payment infrastructures
S088.  ComputationProvision of digital processing capabilities (including data computation), excluding the computation services performed in the context of a cloud environment.
S099.  Non-Cloud Data storageProvision of data storage platform (excluding cloud services).
S1010.  Telecom carrierOperations for telecommunication systems and flow management. Traditional analogue telephone services are explicitly excluded pursuant to Article 3, point (21), of Regulation (EU) 2022/2554
S1111.  Network infrastructureProvision of network infrastructure
S1212.  Hardware and physical devicesProvision of workstations, phones, servers, data storage devices, appliances, etc. in a form of a service
S1313.  Software licencing (excluding SaaS)Provision of software run on premises.
S1414.  ICT operation management (including maintenance)Provision of services related to: infrastructure (systems and hardware except network) configuration, maintenance, installing, capacity management, business continuity management, etc.Including Managed Service Providers (MSP)
S1515.  ICT ConsultingProvision of intellectual / ICT expertise services.
S1616.  ICT Risk managementVerification of compliance with ICT risk management requirements in accordance with Article 6(10) of Regulation (EU) 2022/2554
S1717.  Cloud services: IaaSInfrastructure-as-a-Service
S1818.  Cloud services: PaaSPlatform-as-a-Service
S1919.  Cloud services: SaaSSoftware-as-a-Service

Table 1 in anx_IV

Type of entityInstruction to report value of total assets in column B_01.02.0110
(a)  credit institutionsInformation as specified in Template C40.00, Row 0410, Column 0010 of Annex X to Commission Implementing Regulation (EU) 2021/451(1)
(b)  payment institutions, including payment institutions exempted pursuant to Directive (EU) 2015/2366Value of the total assets in the statutory accounts
(c)  account information service providersValue of the total assets in the statutory accounts
(d)  electronic money institutions, including electronic money institutions exempted pursuant to Directive 2009/110/ECValue of the total assets in the statutory accounts
(e)  investment firmsInformation as specified in template Z01.00, column 0090 of Annex I to Commission Implementing Regulation (EU) 2018/1624(2)
(f)  crypto-asset service providers authorised under Regulation (EU) 2023/1114Value of the total assets in the statutory accounts
(g)  issuers of asset-referenced tokens authorised under Regulation (EU) 2023/1114Value of the total assets in the statutory accounts
(h)  central securities depositoriesValue of the total assets in the audited financial statements reported to competent authorities pursuant to Article 41, point (a), of Commission Delegated Regulation (EU) 2017/392(3)
(i)  central counterpartiesInformation as reported in “Public quantitative disclosure standards for central counterparties” of BIS/IOSCO, field 15.2
(j)  trading venuesValue of the total assets in the statutory accounts
(k)  trade repositoriesValue of the total assets in the statutory accounts
(l)  managers of alternative investment fundsValue of the total assets in the statutory accounts
(m)  management companiesValue of the total assets in the statutory accounts
(n)  data reporting service providersValue of the total assets in the statutory accounts
(o)  insurance and reinsurance undertakingsInformation as specified in Annex II and Template S02.01, Row 0500, Column 0010, of Annex III to Commission Implementing Regulation (EU) 2023/894(4)
(p)  insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediariesValue of the total assets in the statutory accounts
(q)  institutions for occupational retirement provisionTotal assets must equal the sum of all items separately identified on the assets side of the balance sheet and must also equal total liabilities
(r)  credit rating agenciesValue of the total assets in the statutory accounts
(s)  administrators of critical benchmarksValue of the total assets in the statutory accounts
(t)  crowdfunding service providersValue of the total assets in the statutory accounts
(u)  securitisation repositoriesValue of the total assets in the statutory accounts
Non-financial entity: ICT intra-group service providerNot applicable
Non-financial entity: Other intra-group entityNot applicable
Non-financial entity: ICT third-party service providerNot applicable
(1)Commission Implementing Regulation (EU) 2021/451 of 17 December 2020 laying down implementing technical standards for the application of Regulation (EU) No 575/2013 of the European Parliament and of the Council with regard to supervisory reporting of institutions and repealing Implementing Regulation (EU) No 680/2014 (OJ L 97, 19.3.2021, p. 1, ELI: http://data.europa.eu/eli/reg_impl/2021/451/oj).(2)Commission Implementing Regulation (EU) 2018/1624 of 23 October 2018 laying down implementing technical standards with regard to procedures and standard forms and templates for the provision of information for the purposes of resolution plans for credit institutions and investment firms pursuant to Directive 2014/59/EU of the European Parliament and of the Council, and repealing Commission Implementing Regulation (EU) 2016/1066 (OJ L 277, 7.11.2018, p. 1, ELI: http://data.europa.eu/eli/reg_impl/2018/1624/oj).(3)Commission Delegated Regulation (EU) 2017/392 of 11 November 2016 supplementing Regulation (EU) No 909/2014 of the European Parliament and of the Council with regard to regulatory technical standards on authorisation, supervisory and operational requirements for central securities depositories (OJ L 65, 10.3.2017, p. 48, ELI: http://data.europa.eu/eli/reg_del/2017/392/oj).(4)Commission Implementing Regulation (EU) 2023/894 of 4 April 2023 laying down implementing technical standards for the application of Directive 2009/138/EC of the European Parliament and the Council with regard to the templates for the submission by insurance and reinsurance undertakings to their supervisory authorities of information necessary for their supervision and repealing Implementing Regulation (EU) 2015/2450 (OJ L 120, 5.5.2023, p. 1, ELI: http://data.europa.eu/eli/reg_impl/2023/894/oj).