1.   Member States may permit or require IORPs registered or authorised in their territories to entrust any activities including key functions and the management of those IORPs, in whole or in part, to service providers operating on behalf of those IORPs.

2.   Member States shall ensure that IORPs remain fully responsible for compliance with their obligations under this Directive when they outsource key functions or any other activities.

3.   Outsourcing of key functions or any other activities shall not be undertaken in such a way as to lead to any of the following:

4.   IORPs shall ensure the proper functioning of the outsourced activities through the process of selecting a service provider and the ongoing monitoring of the activities of that service provider.

5.   Member States shall ensure that IORPs outsourcing key functions, the management of those IORPs, or other activities covered by this Directive enter into a written agreement with the service provider. Such agreement shall be legally enforceable and shall clearly define the rights and obligations of the IORP and the service provider.

6.   Member States shall ensure that IORPs notify competent authorities in a timely manner of any outsourcing of the activities covered by this Directive. Where the outsourcing relates to the key functions or management of IORPs, this shall be notified to competent authorities before the agreement in respect of any such outsourcing enters into force. Member States shall also ensure that IORPs notify competent authorities of any subsequent important developments with respect to any outsourced activities.

7.   Member States shall ensure that competent authorities have the power to request information from IORPs and from service providers about outsourced key functions or any other activities at any time.