For the purposes of this Decision:
‘national competent authority’ (NCA) means a national competent authority designated by a participating Member State in accordance with Article 2(2) of Regulation (EU) No 1024/2013. This meaning is without prejudice to arrangements under national law that assign certain supervisory tasks to a national central bank (NCB) that is not designated as an NCA. With regard to such arrangements, a reference to an NCA in this Decision shall also refer to the NCB in respect of the supervisory tasks assigned to it by national law;
‘competent authority’ means either an NCA or the ECB;
‘ESCB and Eurosystem electronic applications, systems, platforms and services’, ‘certificate’ or ‘electronic certificate’, ‘ESCB-PKI certification authority’, ‘registration authority’, ‘user’, ‘Eurosystem central bank’, and ‘relying party’ have the meanings defined in Article 1 of Decision ECB/2013/1;
‘SSM electronic applications, systems, platforms and services’ means electronic applications, systems, platforms and services that are used for the fulfilment of the ECB's and NCAs' responsibilities under Regulation (EU) No 1024/2013;
‘ESCB/SSM certificate acceptance framework’ means the criteria established by the ESCB Information Technology Committee to identify the certification authorities, both internal and external to the ESCB, which can be trusted in relation to ESCB and Eurosystem electronic applications, systems, platforms and services and in relation to SSM electronic applications, systems, platforms and services.
1.SSM electronic applications, systems, platforms and services with medium or above medium criticality shall only be accessed and used if a user has been authenticated by means of an electronic certificate issued and managed by a certification authority accepted in accordance with the ESCB/SSM certificate acceptance framework, including by the ESCB-PKI certification authority.
2.The ESCB-PKI certification authority shall issue electronic certificates and provide other certification services to the competent authorities participating in the ESCB-PKI pursuant to Article 3 for their certificate subscribers and for the certificate subscribers of third parties working with them to enable them to securely access and use SSM electronic applications, systems, platforms and services.
3.A relying party may rely upon such certificates under the conditions laid down in Article 8 of Decision ECB/2013/1.
1.A competent authority may decide to use ESCB-PKI services in order to access and use SSM electronic applications, systems, platforms and services and/or may act for that purpose as registration authority for its internal users as well as for third party users, under the same conditions as those applying to Eurosystem central banks.
2.The participating competent authority shall be subject to the obligations set out in Articles 6, 7 and 12 of Decision ECB/2013/1 and shall submit a declaration to the Governing Council by which it confirms its participation and compliance with the obligations laid down in the Level 2 — Level 3 Agreement referred to in Article 4(2) of that Decision.
This Decision shall enter into force on the third day following that of its publication in the Official Journal of the European Union.
Done at Frankfurt am Main, 11 December 2015.
The President of the ECB
Mario Draghi