{"component": "definition", "props": {"groups": [{"snippet": "means any reasonably identifiable circumstance in relation to the use of network and information systems, - including a malfunction, capacity overrun, failure, disruption, impairment, misuse, loss or other type of malicious or non- malicious event - which, if materialised, may compromise the security of the network and information systems, of any technology-dependant tool or process, of the operation and process\u2019 running, or of the provision of services, thereby compromising the integrity or availability of data, software or any other component of ICT services and infrastructures, or causing a breach of confidentiality, a damage to physical ICT infrastructure or other adverse effects;", "size": 18, "samples": [{"hash": "14vxKz1WMU9", "uri": "https://www.franceinvest.eu/wp-content/uploads/2023/06/DORA-COM-PROPOSAL.pdf", "label": "www.franceinvest.eu", "score": 15.516559708, "published": false}, {"hash": "fbhSrhCcVVM", "uri": "https://service.betterregulation.com/sites/default/files/upload/2022-12/COM-2020-595-F1-EN-MAIN-PART-1.PDF", "label": "service.betterregulation.com", "score": 15.5108776407, "published": false}, {"hash": "aYidsaRYX7G", "uri": "https://www.europarl.europa.eu/doceo/document/ECON-AM-693603_EN.pdf", "label": "www.europarl.europa.eu", "score": 10.7070499658, "published": false}], "snippet_links": [{"key": "in-relation-to", "type": "clause", "offset": [47, 61]}, {"key": "use-of-network", "type": "clause", "offset": [66, 80]}, {"key": "information-systems", "type": "clause", "offset": [85, 104]}, {"key": "capacity-overrun", "type": "definition", "offset": [133, 149]}, {"key": "type-of", "type": "definition", "offset": [206, 213]}, {"key": "the-network", "type": "clause", "offset": [305, 316]}, {"key": "the-operation", "type": "clause", "offset": [390, 403]}, {"key": "the-provision-of-services", "type": "clause", "offset": [432, 457]}, {"key": "availability-of-data", "type": "clause", "offset": [497, 517]}, {"key": "other-component", "type": "definition", "offset": [535, 550]}, {"key": "services-and", "type": "clause", "offset": [558, 570]}, {"key": "breach-of-confidentiality", "type": "clause", "offset": [601, 626]}, {"key": "ict-infrastructure", "type": "definition", "offset": [649, 667]}, {"key": "adverse-effects", "type": "clause", "offset": [677, 692]}], "hash": "8b0fb1eb61764903799d1ec3f3bca015", "id": 1}, {"snippet": "means any reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment;", "size": 18, "samples": [{"hash": "eFC11JsACqw", "uri": "https://www.ivass.it/normativa/internazionale/internazionale-ue/regolamenti-europei/re-2022-2554/Regulation_EU_2022_2554_of_14_december_2022.pdf?language_id=3", "label": "www.ivass.it", "score": 17.8276771825, "published": false}, {"hash": "axlBUTG7NIG", "uri": "https://assets.contentstack.io/v3/assets/blt3de4d56151f717f2/bltfd4e9e6f3d96246d/634ecba5be627424e775b196/Regulation_of_the_European_parliament_and_of_the_council_on_digital_operational_resilience_for_.pdf", "label": "assets.contentstack.io", "score": 11.3969883641, "published": false}, {"hash": "7Q3kzrt2M46", "uri": "https://service.betterregulation.com/sites/default/files/CONSIL%20PE_41_2022_REV_1%20EN%20TXT.pdf", "label": "service.betterregulation.com", "score": 10.476386037, "published": false}], "snippet_links": [{"key": "in-relation-to", "type": "clause", "offset": [47, 61]}, {"key": "use-of-network", "type": "clause", "offset": [66, 80]}, {"key": "information-systems", "type": "clause", "offset": [85, 104]}, {"key": "the-network", "type": "clause", "offset": [160, 171]}, {"key": "technology-dependent", "type": "definition", "offset": [204, 224]}, {"key": "of-operations", "type": "clause", "offset": [242, 255]}, {"key": "the-provision-of-services", "type": "clause", "offset": [277, 302]}, {"key": "adverse-effects", "type": "clause", "offset": [316, 331]}, {"key": "physical-environment", "type": "clause", "offset": [350, 370]}], "hash": "a6169f3df85d3ed2dda410b53a034607", "id": 2}, {"snippet": "means the risk of losses or potential losses related to the use of network information systems or communication technology, including breach of confidentiality, failure of systems, unavailability or lack of integrity of data and systems, and cyber risk;", "size": 10, "samples": [{"hash": "aG31Ajz5o0V", "uri": "https://www.pfandbrief.de/wp-content/uploads/2025/01/CRR_III_Gesetzgebungsvorschlag.pdf", "label": "www.pfandbrief.de", "score": 14.7122695224, "published": false}, {"hash": "gjWxhXDbjx5", "uri": "https://www.europarl.europa.eu/doceo/document/ECON-AM-734262_EN.pdf", "label": "www.europarl.europa.eu", "score": 11.3107460643, "published": false}, {"hash": "jLdAUSXjoeY", "uri": "https://opac.oireachtas.ie/Data/Library3/Documents%20Laid/2021/pdf/RE9GZG9jc2xhaWQyMzExMjFhXzIzMTEyMV8xNDMzNDM=.pdf", "label": "opac.oireachtas.ie", "score": 10.9466119097, "published": false}], "snippet_links": [{"key": "risk-of-losses", "type": "clause", "offset": [10, 24]}, {"key": "related-to", "type": "clause", "offset": [45, 55]}, {"key": "information-systems", "type": "clause", "offset": [75, 94]}, {"key": "communication-technology", "type": "definition", "offset": [98, 122]}, {"key": "breach-of-confidentiality", "type": "clause", "offset": [134, 159]}, {"key": "lack-of", "type": "clause", "offset": [199, 206]}, {"key": "data-and-systems", "type": "clause", "offset": [220, 236]}, {"key": "cyber-risk", "type": "clause", "offset": [242, 252]}], "hash": "0aaf81d1bdced408ed6c58877fb3ea1f", "id": 3}, {"snippet": "means the risk of losses \u258crelated to any reasonable identifiable circumstances in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, \u258cof operations and processes, or \u258cof the provision of services by producing adverse effects in the digital or physical environment;", "size": 3, "samples": [{"hash": "jPb8PThJQIE", "uri": "/contracts/jPb8PThJQIE#ict-risk", "label": "Regulation", "score": 34.9316929185, "published": true}, {"hash": "1NSAPogCg4w", "uri": "https://data.consilium.europa.eu/doc/document/ST-15883-2023-INIT/en/pdf", "label": "data.consilium.europa.eu", "score": 10.9637234771, "published": false}], "snippet_links": [{"key": "risk-of-losses", "type": "clause", "offset": [10, 24]}, {"key": "related-to", "type": "clause", "offset": [26, 36]}, {"key": "in-relation-to", "type": "clause", "offset": [79, 93]}, {"key": "use-of-network", "type": "clause", "offset": [98, 112]}, {"key": "information-systems", "type": "clause", "offset": [117, 136]}, {"key": "the-network", "type": "clause", "offset": [192, 203]}, {"key": "technology-dependent", "type": "definition", "offset": [236, 256]}, {"key": "of-operations", "type": "clause", "offset": [275, 288]}, {"key": "the-provision-of-services", "type": "clause", "offset": [311, 336]}, {"key": "adverse-effects", "type": "clause", "offset": [350, 365]}, {"key": "physical-environment", "type": "clause", "offset": [384, 404]}], "hash": "5c67b4ecfd37fc54ca9a0926fc0621ff", "id": 4}, {"snippet": "means any reasonably identifiable circumstance in relation to the use of network and information systems \u258c which, if materialised, may compromise the security of the network and information systems, of any ICT-dependent tool or process, of the operation and process\u2019 running, or of the provision of services\u258c;", "size": 2, "samples": [{"hash": "e5JnjxGtApT", "uri": "https://www.europarl.europa.eu/doceo/document/A-9-2021-0341_EN.pdf", "label": "www.europarl.europa.eu", "score": 10.9657768652, "published": false}, {"hash": "17BMkusE6DC", "uri": "https://www.europarl.europa.eu/doceo/document/A-9-2021-0341_EN.docx", "label": "www.europarl.europa.eu", "score": 10.9657768652, "published": false}], "snippet_links": [{"key": "in-relation-to", "type": "clause", "offset": [47, 61]}, {"key": "use-of-network", "type": "clause", "offset": [66, 80]}, {"key": "information-systems", "type": "clause", "offset": [85, 104]}, {"key": "the-network", "type": "clause", "offset": [162, 173]}, {"key": "the-operation", "type": "clause", "offset": [240, 253]}, {"key": "the-provision-of-services", "type": "clause", "offset": [282, 307]}], "hash": "a95fdbc99e0d6d5705fa083705839bab", "id": 5}, {"snippet": "means the risk of loss \u258crelated to any reasonably identifiable circumstances related to the use of network and information systems which, if materialised, might compromise the security of the network and information systems, of any technology-dependent tool or process,", "size": 2, "samples": [{"hash": "fmU442oyn0U", "uri": "https://www.europarl.europa.eu/doceo/document/A-9-2023-0030-AM-002-002_EN.pdf", "label": "Amendment", "score": 22.8992879292, "published": false}, {"hash": "5KB6ZmEmzBh", "uri": "https://www.europarl.europa.eu/doceo/document/TA-9-2024-0363_EN.pdf", "label": "www.europarl.europa.eu", "score": 18.8858507122, "published": false}], "snippet_links": [{"key": "risk-of-loss", "type": "definition", "offset": [10, 22]}, {"key": "related-to", "type": "clause", "offset": [24, 34]}, {"key": "use-of-network", "type": "clause", "offset": [92, 106]}, {"key": "information-systems", "type": "clause", "offset": [111, 130]}, {"key": "the-network", "type": "clause", "offset": [188, 199]}], "hash": "af9c3bb677bd0e33b0beff41f3ae3b80", "id": 6}, {"snippet": "means any circumstance which, if materialised, may compromise the security of or adversely affect the network and information systems, any technology-dependant tool or process, the operation and process\u2019 running, or the provision of services;", "size": 2, "samples": [{"hash": "ecm6wWYx5P7", "uri": "https://www.europarl.europa.eu/meetdocs/2014_2019/plmrep/COMMITTEES/ECON/PR/2021/06-14/1226860EN.pdf", "label": "www.europarl.europa.eu", "score": 10.6194387406, "published": false}, {"hash": "fm9f5pnHjAU", "uri": "https://www.europarl.europa.eu/doceo/document/ECON-PR-689801_EN.pdf", "label": "www.europarl.europa.eu", "score": 10.6043805613, "published": false}], "snippet_links": [{"key": "security-of", "type": "clause", "offset": [66, 77]}, {"key": "adversely-affect", "type": "definition", "offset": [81, 97]}, {"key": "the-network", "type": "clause", "offset": [98, 109]}, {"key": "information-systems", "type": "clause", "offset": [114, 133]}, {"key": "the-operation", "type": "clause", "offset": [177, 190]}, {"key": "the-provision-of-services", "type": "clause", "offset": [216, 241]}], "hash": "d39ca377129eae8506b0068dede6b18f", "id": 7}, {"snippet": "means any reasonably identifiable circumstance derived from the", "size": 1, "samples": [{"hash": "aYidsaRYX7G", "uri": "https://www.europarl.europa.eu/doceo/document/ECON-AM-693603_EN.pdf", "label": "www.europarl.europa.eu", "score": 10.7070499658, "published": false}], "snippet_links": [], "hash": "4f3ef97db27bd8ee4302d301d9e24dfc", "id": 8}, {"snippet": "means the risk of losses or potential losses related to the use of information technology and communication systems, including, but not limited to, breach of confidentiality, failure", "size": 1, "samples": [{"hash": "6G6fg1Xjq5u", "uri": "https://www.europarl.europa.eu/doceo/document/ECON-PR-731818_EN.pdf", "label": "www.europarl.europa.eu", "score": 11.2067077344, "published": false}], "snippet_links": [{"key": "risk-of-losses", "type": "clause", "offset": [10, 24]}, {"key": "related-to", "type": "clause", "offset": [45, 55]}, {"key": "use-of-information-technology", "type": "clause", "offset": [60, 89]}, {"key": "communication-systems", "type": "definition", "offset": [94, 115]}, {"key": "not-limited", "type": "clause", "offset": [132, 143]}, {"key": "breach-of-confidentiality", "type": "clause", "offset": [148, 173]}], "hash": "33173a8eb2955c90377a798b74ecca84", "id": 9}, {"snippet": "means any reasonably identifiable circumstance or event having a potential adverse effect on the network and information systems, - including a malfunction, capacity overrun, failure, disruption, impairment, misuse, loss or other type of malicious or non-malicious event", "size": 1, "samples": [{"hash": "jYJVBLhU1Tj", "uri": "https://www.consilium.europa.eu/media/53107/st14068-en21.pdf", "label": "www.consilium.europa.eu", "score": 9.947980835, "published": false}], "snippet_links": [{"key": "having-a", "type": "definition", "offset": [56, 64]}, {"key": "the-network", "type": "clause", "offset": [93, 104]}, {"key": "information-systems", "type": "clause", "offset": [109, 128]}, {"key": "capacity-overrun", "type": "definition", "offset": [157, 173]}, {"key": "type-of", "type": "definition", "offset": [230, 237]}], "hash": "485f19c92041a73caacb6524001c9037", "id": 10}], "next_curs": "ClUST2oVc35sYXdpbnNpZGVyY29udHJhY3RzcjELEhpEZWZpbml0aW9uU25pcHBldEdyb3VwX3Y1NiIRaWN0LXJpc2sjMDAwMDAwMGEMogECZW4YACAA", "definition": {"title": "ICT risk", "snippet": "means any reasonably identifiable circumstance in relation to the use of network and information systems, - including a malfunction, capacity overrun, failure, disruption, impairment, misuse, loss or other type of malicious or non- malicious event - which, if materialised, may compromise the security of the network and information systems, of any technology-dependant tool or process, of the operation and process\u2019 running, or of the provision of services, thereby compromising the integrity or availability of data, software or any other component of ICT services and infrastructures, or causing a breach of confidentiality, a damage to physical ICT infrastructure or other adverse effects;", "size": 55, "id": "ict-risk", "examples": ["As part of the <strong>ICT risk</strong> management framework referred to in Article 5(1) and based on the identification requirements set out in Article 7, financial entities shall put in place comprehensive ICT Business Continuity Policy, which may be adopted as a dedicated specific policy forming an integral part of the overall business continuity policy of the financial entity.", "The management body of the financial entity shall define, approve, oversee and be accountable for the implementation of all arrangements related to the <strong>ICT risk</strong> management framework referred to in Article 5(1).", "As part of the <strong>ICT risk</strong> management framework referred to in Article 5(1), financial entities shall identify, classify and adequately document all ICT supported business functions, roles and responsibilities, the information assets and ICT assets supporting these functions, and their roles and dependencies with <strong>ICT risk</strong>.", "As part of the <strong>ICT risk</strong> management framework referred to in Article 5(1), financial entities shall implement communication policies for staff and for external stakeholders.", "They shall map the evolution of <strong>ICT risks</strong> over time, analyse the frequency, types, magnitude and evolution of ICT-related incidents, in particular cyber-attacks and their patterns, with a view to understand the level of <strong>ICT risk</strong> exposure, notably in relation to critical or important functions, and enhance the cyber maturity and preparedness of the financial entity.", "These findings shall translate into appropriate reviews of relevant components of the <strong>ICT risk</strong> management framework referred to in Article 5(1).", "Communication policies for staff shall take into account the need to differentiate between staff involved in the <strong>ICT risk</strong> management, in particular response and recovery, and staff that needs to be informed.", "As part of the <strong>ICT risk</strong> management framework referred to in Article 5(1), financial entities shall have in place communication plans enabling a responsible disclosure of, at least, major ICT-related incidents or vulnerabilities to clients and counterparts as well as to the public, as appropriate.", "Financial entities other than microenterprises shall on a regular basis, and at least yearly, conduct a specific <strong>ICT risk</strong> assessment on all legacy ICT systems.", "Financial entities shall on a continuous basis identify all sources of <strong>ICT risk</strong>, in particular the risk exposure to and from other financial entities, and assess cyber threats and ICT vulnerabilities relevant to their ICT supported business functions, information assets and ICT assets."], "related": [["at-risk", "At risk", "At risk"], ["minimal-risk", "Minimal risk", "Minimal risk"], ["low-risk", "Low risk", "Low risk"], ["market-risk", "market risk", "market risk"], ["fall-risk", "fall risk", "fall risk"]], "related_snippets": [], "updated": "2025-07-06T21:58:36+00:00"}, "json": true, "cursor": ""}}