10 Amendments of Ondřej KOVAŘÍK related to 2020/0266(COD)
Amendment 158 #
Proposal for a regulation
Recital 2
Recital 2
(2) The use of ICT has in the last decades gained a pivotal role in finance, assuming today critical relevance in the operation of typical daily functions of all financial entities. Digitalisation covers, for instance, payments, which have increasingly moved from cash and paper- based methods to the use of digital solutions, as well as securities clearing and settlement, electronic and algorithmic trading, lending and funding operations, peer-to-peer finance, credit rating, insurance underwriting, claim management and back-office operations. The insurance sector has also been transformed by the use of ICT technology, from the emergence of digital insurance intermediaries operating with InsurTech to digital insurance underwriting and contract distributions. Finance has not only become largely digital throughout the whole sector, but digitalisation has also deepened interconnections and dependencies within the financial sector and with third-party infrastructure and service providers.
Amendment 170 #
Proposal for a regulation
Recital 17 – point 1
Recital 17 – point 1
ESAs and national competent authorities, respectively should be able to participate in the strategic policy discussions and the technical workings of the NIS Cooperation Group, respectively, exchanges information and further cooperate with the single points of contact designated under Directive (EU) 2016/1148. The competent authorities under this Regulation should also consult and cooperate with the national CSIRTs designated in accordance with Article 9 of Directive (EU) 2016/1148, in particular when finalising the Oversight plan for, or recommendations addressed to, critical ICT third-party service providers, in order to ensure that there are no inconsistencies or duplications with critical ICT third- party service providers' obligations under Directive (EU) 2016/1148.
Amendment 507 #
Proposal for a regulation
Article 17 – paragraph 3 – point a
Article 17 – paragraph 3 – point a
(a) an initial notification, without delay, but no later than the end of the business day, or, in case of a major24 hours after the ICT- related incident that took place later than 2 hours before the end of the business day, not later than 4 hours from the beginning of the next business dais classified as major by the financial entity, or, where reporting channels are not available, as soon as they become available;
Amendment 512 #
Proposal for a regulation
Article 17 – paragraph 3 – point c
Article 17 – paragraph 3 – point c
(c) a final report, when the root cause analysis has been completed, regardless of whether or not mitigation measures have already been implemented, and when the actual impact figures are available to replace estimates, but not later than one month from the moment of sending the initial reportday of sending the initial report. In duly justified cases, and following agreement with the competent authority, financial entities may deviate from the deadline laid down in this point.
Amendment 595 #
Proposal for a regulation
Article 25 – paragraph 1 – point 8 – introductory part
Article 25 – paragraph 1 – point 8 – introductory part
8. Financial entities shall ensure that contractual arrangements on the use of ICT services are terminallow the financial entity to terminate the arrangement under applicable law, after all other remedies have been exhausted, at least under the following circumstances:
Amendment 693 #
Proposal for a regulation
Article 30 – paragraph 3 a (new)
Article 30 – paragraph 3 a (new)
3 a. When preparing the Oversight plan, the Joint Oversight Executive body shall consult all relevant competent authorities and single points of contact referred to in Article 8 of Directive (EU) 2016/1148 to ensure that there are no inconsistencies or duplications with the critical ICT third-party service provider's obligations under Directive (EU) 2016/1148.
Amendment 700 #
Proposal for a regulation
Article 31 – paragraph 1 – subparagraph 1 (new)
Article 31 – paragraph 1 – subparagraph 1 (new)
The powers referred to in the first subparagraph shall primarily be used in respect of the critical or important services provided by the critical ICT third- party service provider to financial entities, but may also be used in respect of other services provided to financial entities when necessary.
Amendment 704 #
Proposal for a regulation
Article 31 – paragraph 2 a (new)
Article 31 – paragraph 2 a (new)
2 a. When preparing the recommendations, the Joint Oversight Executive body shall consult all relevant competent authorities and single points of contact referred to in Article 8 of Directive (EU) 2016/1148 to ensure there are no inconsistencies or duplications with the critical ICT third-party service provider's obligations under Directive (EU) 2016/1148
Amendment 727 #
Proposal for a regulation
Article 37 – paragraph 1
Article 37 – paragraph 1
1. Within 30 calendar days after the receipt of the recommendations issued by Lead Overseersthe Joint Oversight Executive Body pursuant to point (d) of Article 31(1), critical ICT third-party service providers shall notify the LeadJoint Overseeright Executive Body whether they intend to follow those recommendations. Lead OverseersThe Joint Oversight Executive Body shall immediately transmit this information to competent authorities.
Amendment 737 #
Proposal for a regulation
Article 37 – paragraph 4 – introductory part
Article 37 – paragraph 4 – introductory part
4. When tmaking those drecisions referred to in paragraph 3, competent authoritiesommendations, the Joint Oversight Executive Body shall take into account the type and magnitude of risk that is not addressed by the critical ICT third-party service provider, as well as the seriousness of the non-compliance, having regard to the following criteria: