No, because typically the (IT) service providers in this sector are not in the legal, economic and actual position to crucially influence the nature and operation of a system or parts thereof.
However, by considering the critical service in an insurance holding company and the system necessary for its provision as a whole, it can be argued via BSIKRITIS Regulation Annex 6 (1) No.6 (c) that a system under joint management exists:
…The concept of joint management does not refer to physical control or routing facilities, but ensures that two systems are only considered to be a joint system if they are under the control of one operator (principle of operator identity). The prerequisite is easy to meet if the system is operated by a (natural or legal) person. A joint management that runs both systems thus speaks in favour of joint management within the meaning of the Regulation. However, the prerequisite is also fulfilled if several systems can be attributed to different legal entities, but these are in a dependent relationship to each other under group law...
This means that -- instead of via the (IT) service provider -- registration can then take place via the holding company, specifying for which insurance company or companies of the holding company the registration is to apply. This can lead to insurance companies (as subsidiaries of an insurance holding company), which are below the thresholds of the BSI KRITIS Regulation on their own, indirectly belonging to a critical infrastructure via the joint system of the same type (composite or life insurance or private health insurance).
It should be noted that the prerequisites for the assumption of a joint system according to Annex 6 Part 1 Number 6 of the BSI KRITIS regulation must be cumulatively present.
