Beta

Source: OJ L, 2025/299, 13.2.2025

Current language: EN

Article 5 Periodic testing of the business continuity plans

    1. Crypto-asset service providersmeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; shall test the operation of the business continuity plans referred to in Article 4 on the basis of realistic scenarios. Such testing shall verify the capability of the crypto-asset service providermeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; to recover from disruptive incidents and to resume services in accordance with Article 4(2), point (b).

    1. Crypto-asset service providersmeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; shall test the business continuity plans annually taking into account:

      1. the results of the tests referred to in paragraph 1;

      2. the most recent threat intelligence;

      3. lessons derived from previous events;

      4. where relevant, any changes in the recovery objectives, including recovery time objectives and recovery point objectives as referred to in Article 4(2), point (b);

      5. changes in the business functions.

    1. Crypto-asset service providersmeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; shall document the results of the testing activity in writing, and submit them to their management bodymeans the body or bodies of an issuer, offeror or person seeking admission to trading, or of a crypto-asset service provider, which are appointed in accordance with national law, which are empowered to set the entity’s strategy, objectives and overall direction, and which oversee and monitor management decision-making in the entity and include the persons who effectively direct the business of the entity; and to the operating units involved in the business continuity plans.

    1. Crypto-asset service providersmeans a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59; shall ensure that the testing of the business continuity plans does not interfere with normal conduct of their services.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod