1.   The business continuity policy referred to in Article 68(7) of Regulation (EU) 2023/1114 shall be comprised of plans, procedures and measures.

2.   The management body of crypto-asset service providers, in the exercise of its functions referred to in Article 68(6) of Regulation (EU) 2023/1114, shall establish and endorse the plans, procedures, and measures that comprise the business continuity policy. The crypto-asset service provider’s management body shall be responsible for the implementation of the business continuity policy, and for reviewing its effectiveness at least on an annual basis.

3.   Crypto-asset service providers shall ensure that any modifications to the business continuity policy are transmitted to all relevant internal staff through effective communication channels.