Regulation (EU) No 600/2014 is amended as follows:
- Article 27g is amended as follows:
- paragraph 4 is replaced by the following:
‘4. An APA shall comply with the requirements concerning the security of network and information systems set out in Regulation (EU) 2022/2554 of the European Parliament and of the Council (*4). - in paragraph 8, point (c) is replaced by the following:
‘(c) the concrete organisational requirements laid down in paragraphs 3 and 5.’;
- paragraph 4 is replaced by the following:
- Article 27h is amended as follows:
- paragraph 5 is replaced by the following:
‘5. A CTP shall comply with the requirements concerning the security of network and information systems set out in Regulation (EU) 2022/2554.’. - in paragraph 8, point (e) is replaced by the following:
‘(e) the concrete organisational requirements laid down in paragraph 4.’;
- paragraph 5 is replaced by the following:
- Article 27i is amended as follows:
- paragraph 3 is replaced by the following:
‘3. An ARM shall comply with the requirements concerning the security of network and information systems set out in Regulation (EU) 2022/2554.’; - in paragraph 5, point (b) is replaced by the following:
‘(b) the concrete organisational requirements laid down in paragraphs 2 and 4.’.
- paragraph 3 is replaced by the following: