Beta

Source: OJ L 333, 27.12.2022, p. 1–79

EN

Recital 57 Harmonised TLPT requirements for cross-border financial entities

Financial entitiesas defined in Article 2, points (a) to (t) involved in cross-border activities and exercising the freedoms of establishment, or of provision of services within the Union, should comply with a single set of advanced testing requirements (i.e. TLPT(threat-led penetration testing) a framework that mimics the tactics, techniques and procedures of real-life threat actors perceived as posing a genuine cyber threat, that delivers a controlled, bespoke, intelligence-led (red team) test of the financial entity’s critical live production systems) in their home Member State, which should include the ICT infrastructures in all jurisdictions where the cross-border financial group means a group as defined in Article 2, point (11), of Directive 2013/34/EU; operates within the Union, thus allowing such cross-border financial groups means a group as defined in Article 2, point (11), of Directive 2013/34/EU; to incur related ICT testing costs in one jurisdiction only.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

dora@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod