This document is an excerpt from the EUR-Lex website
Document 22026D0633
Decision of the EEA Joint Committee No 299/2025 of 5 December 2025 amending Annex IX (Financial services) to the EEA Agreement [2026/633]
Decision of the EEA Joint Committee No 299/2025 of 5 December 2025 amending Annex IX (Financial services) to the EEA Agreement [2026/633]
Decision of the EEA Joint Committee No 299/2025 of 5 December 2025 amending Annex IX (Financial services) to the EEA Agreement [2026/633]
OJ L, 2026/633, 16.4.2026, ELI: http://data.europa.eu/eli/dec/2026/633/oj (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
In force
|
Official Journal |
EN L series |
|
2026/633 |
16.4.2026 |
DECISION OF THE EEA JOINT COMMITTEE No 299/2025
of 5 December 2025
amending Annex IX (Financial services) to the EEA Agreement [2026/633]
THE EEA JOINT COMMITTEE,
Having regard to the Agreement on the European Economic Area (“the EEA Agreement”), and in particular Article 98 thereof,
Whereas:
|
(1) |
Commission Delegated Regulation (EU) 2025/420 of 16 December 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards to specify the criteria for determining the composition of the joint examination team ensuring a balanced participation of staff members from the ESAs and from the relevant competent authorities, their designation, tasks and working arrangements (1) is to be incorporated into the EEA Agreement. |
|
(2) |
Commission Delegated Regulation (EU) 2025/532 of 24 March 2025 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the elements that a financial entity has to determine and assess when subcontracting ICT services supporting critical or important functions (2) is to be incorporated into the EEA Agreement. |
|
(3) |
Commission Delegated Regulation (EU) 2025/1190 of 13 February 2025 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the criteria used for identifying financial entities required to perform threat-led penetration testing, the requirements and standards governing the use of internal testers, the requirements in relation to the scope, testing methodology and approach for each phase of the testing, results, closure and remediation stages and the type of supervisory and other relevant cooperation needed for the implementation of TLPT and for the facilitation of mutual recognition (3) is to be incorporated into the EEA Agreement. |
|
(4) |
Annex IX to the EEA Agreement should therefore be amended accordingly, |
HAS ADOPTED THIS DECISION:
Article 1
The following is inserted after point 31qh (Commission Delegated Regulation (EU) 2025/301) of Annex IX to the EEA Agreement:
|
‘31qi. |
32025 R 0420: Commission Delegated Regulation (EU) 2025/420 of 16 December 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards to specify the criteria for determining the composition of the joint examination team ensuring a balanced participation of staff members from the ESAs and from the relevant competent authorities, their designation, tasks and working arrangements (OJ L, 2025/420, 24.3.2025). The provisions of the Delegated Regulation shall, for the purposes of this Agreement, be read with the following adaptation: In Article 3(3)(b), the words “or, as the case may be, the EFTA Surveillance Authority” shall be inserted after the word “ESAs”. |
|
31qj. |
32025 R 0532: Commission Delegated Regulation (EU) 2025/532 of 24 March 2025 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the elements that a financial entity has to determine and assess when subcontracting ICT services supporting critical or important functions (OJ L, 2025/532, 2.7.2025). |
|
31qk. |
32025 R 1190: Commission Delegated Regulation (EU) 2025/1190 of 13 February 2025 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the criteria used for identifying financial entities required to perform threat-led penetration testing, the requirements and standards governing the use of internal testers, the requirements in relation to the scope, testing methodology and approach for each phase of the testing, results, closure and remediation stages and the type of supervisory and other relevant cooperation needed for the implementation of TLPT and for the facilitation of mutual recognition (OJ L, 2025/1190, 18.6.2025).’ |
Article 2
The texts of Delegated Regulations (EU) 2025/420, (EU) 2025/532 and (EU) 2025/1190 in the Icelandic and Norwegian languages, to be published in the EEA Supplement to the Official Journal of the European Union, shall be authentic.
Article 3
This Decision shall enter into force on 6 December 2025, provided that all the notifications under Article 103(1) of the EEA Agreement have been made (*1).
Article 4
This Decision shall be published in the EEA Section of, and in the EEA Supplement to, the Official Journal of the European Union.
Done at Brussels, 5 December 2025.
For the EEA Joint Committee
The President
Stefán Haukur JÓHANNESSON
(1) OJ L, 2025/420, 24.3.2025, ELI: http://data.europa.eu/eli/reg_del/2025/420/oj.
(2) OJ L, 2025/532, 2.7.2025, ELI: http://data.europa.eu/eli/reg_del/2025/532/oj.
(3) OJ L, 2025/1190, 18.6.2025, ELI: http://data.europa.eu/eli/reg_del/2025/1190/oj.
(*1) No constitutional requirements indicated.
ELI: http://data.europa.eu/eli/dec/2026/633/oj
ISSN 1977-0677 (electronic edition)