Both Articles 28(6) and 30(3)(e)(i) rules access, inspection, and audit rights. However, the latter is referred to ICT third party service providers supporting COI functions, while the former generally refers to ICT third party service providers, without any further specification. It appears that the main difference between the two rules is that Article 30(3)(e)(i) requires "unrestricted" rights of access, inspection and audit. Does this mean that financial entities should obtain such access, inspection and audit rights in respect of all providers, ensuring that when the relevant services supports essential or important functions, these rights are "unrestricted"?

This question has been rejected because it is seeking confirmation of a requirement already clearly set out in the Regulation (Art. 28(6) and Art. 30(3)(i)).