icon-grid
Better Regulation logo
Table of Contents

Table of Contents

Expand all headings Collapse all headings Expand side bar Collapse side bar
Page Overview
Related
Tools
Set a date to view the document
Text comparison options
Full text - Date 1 vs Date 2 
Amendments requiring commencement - Current text vs Text requiring commencement
Draft proposed changes - Current text vs Text proposed by drafting documents
Recently generated comparisons
None generated
Print / Export options
Current page
Whole document
Selected pages
Consolidated PDF of the entire document as of 18th April 2026
Export
Export line by line
Export provision to provision
Report template
Create report template
Alert me to changes
Manage alerts
Bookmarks
This page
This document
Manage bookmarks
Search within this document
View previous searches
Share
Get page link
Share via email application

AI Summary of Article 3 Definitions

The Regulation defines critical concepts essential for enhancing digital operational resilience within financial entities. Key terms include 'digital operational resilience', signifying the capacity to maintain operational integrity, and 'ICT risk', highlighting identifiable circumstances that could compromise network security.

Moreover, the Regulation outlines various incident classifications such as 'major ICT-related incident', affecting critical functions, and designates providers, including 'ICT third-party service providers' and 'critical ICT third-party service providers', which are vital to operational continuity. This framework aims to fortify financial services against cyber threats, thus safeguarding the integrity of the financial system.

PreviousNext
Version status: Applicable | Document consolidation status: No known changes
Version date: 17 January 2025 - onwards
Version 3 of 3

Article 3 Definitions

For the purposes of this Regulation, the following definitions shall apply:

(1) "digital operational resilience" means the ability of a financial entity to build, assure and review its operational integrity and reliability by ensuring, either directly or indirectly through the use of services provided by ICT third-party service providers, the full range of ICT-related capabilities needed to address the security of the network and information systems which a financial entity uses, and which support the continued provision of financial services and their quality, including throughout disruptions;

(2) "network and information system" means a network and information system as defined in Article 6, point 1, of Directive (EU) 2022/2555;

(3) "legacy ICT system" means an ICT system that has reached the end of its lifecycle (end-of-life), that is not suitable for upgrades or fixes, for technological or commercial reasons, or is no longer supported by its supplier or by an ICT third-party service provider, but that is still in use and supports the functions of the financial entity;

PreviousNext