THE GOVERNING COUNCIL OF THE EUROPEAN CENTRAL BANK,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 127(6) and Article 132 thereof,

Having regard to the Statute of the European System of Central Banks and of the European Central Bank, and in particular Article 34 thereof,

Having regard to Council Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions(1), and in particular Article 6(1) in conjunction with Article 6(7) thereof,

Having regard to the proposal from the Supervisory Board and in consultation with the national competent authorities,

Whereas:

(1) For the performance of the specific tasks concerning policies relating to the prudential supervision of credit institutions, as conferred on the European Central Bank (ECB) by Regulation (EU) No 1024/2013, the ECB uses the European System of Central Banks (ESCB) and Eurosystem electronic applications, systems, platforms and services, as well as the new electronic applications, systems, platforms and services specific for carrying out the tasks entrusted to the ECB pursuant to Regulation (EU) No 1024/2013 on the basis of Article 127(6) of the Treaty and Article 25.2 of the Statute of the European System of Central Banks and of the European Central Bank.

(2) It is necessary for the smooth, effective and consistent functioning of the Single Supervisory Mechanism (SSM) that practical arrangements for the cooperation between the ECB and the national competent authorities (NCAs) within the SSM include arrangements for the use of such electronic applications, systems, platforms and services that are necessary for the fulfilment of their responsibilities under Regulation (EU) No 1024/2013.

(3) The public key infrastructure for the European System of Central Banks (hereinafter the ‘ESCB-PKI’) was established in Decision ECB/2013/1(2). Pursuant to Article 3(1) of Decision ECB/2013/1, ESCB and Eurosystem electronic applications, systems, platforms and services with medium or above medium criticality should only be accessed and used if a user has been authenticated by means of an electronic certificate issued and managed by a certification authority accepted by the ESCB in accordance with the ESCB/SSM certificate acceptance framework, or by the ESCB-PKI certification authority or by certification authorities accepted by the ESCB for TARGET2 and TARGET2 Securities for those two applications.

(4) The Governing Council has identified a need for advanced information security services, such as strong authentication, electronic signatures and encryption, through the use of electronic certificates for the electronic applications, systems, platforms and services that are necessary for the fulfilment of the ECB's and NCAs' responsibilities, as competent authorities within the SSM, under Regulation (EU) No 1024/2013. Hence, certificates issued by the ESCB-PKI may be used to access and use electronic applications, systems, platforms and services used for the functioning of the SSM.

(5) The ECB and the NCAs of the SSM may decide to use certificates and services provided by the ESCB-PKI to access and use SSM electronic applications, systems, platforms and services,

HAS ADOPTED THIS DECISION: