Regulation (EU) No 600/2014 is amended as follows:
| (1) | Article 27g is amended as follows:(a)paragraph 4 is replaced by the following:‘4.An APA shall comply with the requirements concerning the security of network and information systems set out in Regulation (EU) 2022/2554 of the European Parliament and of the Council (*4).(*4) Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (OJ L 333, 27.12.2022, p. 1).’;“(b)in paragraph 8, point (c) is replaced by the following:‘(c)the concrete organisational requirements laid down in paragraphs 3 and 5.’; |
| (2) | Article 27h is amended as follows:(a)paragraph 5 is replaced by the following:‘5. A CTP shall comply with the requirements concerning the security of network and information systems set out in Regulation (EU) 2022/2554.’.(b)in paragraph 8, point (e) is replaced by the following:‘(e)the concrete organisational requirements laid down in paragraph 4.’; |
| (3) | Article 27i is amended as follows:(a)paragraph 3 is replaced by the following:‘3. An ARM shall comply with the requirements concerning the security of network and information systems set out in Regulation (EU) 2022/2554.’;(b)in paragraph 5, point (b) is replaced by the following:‘(b)the concrete organisational requirements laid down in paragraphs 2 and 4.’. |