Source: EC-adopted draft
EN
RTS on threat-led penetration testing
Commission Delegated Regulation (EU) 2025/nnn
of 13 February 2025
supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council
with regard to regulatory technical standards specifying the criteria used for identifying financial entities required to perform threat-led penetration testing, the requirements and standards governing the use of internal testers, the requirements in relation to the scope, testing methodology and approach for each phase of the testing, results, closure and remediation stages and the type of supervisory and other relevant cooperation needed for the implementation of TLPT and for the facilitation of mutual recognition
Table of contents
Preamble
1 – 29Recitals- Chapter IGeneral provisions
- Chapter IICriteria to identify financial entities required to perform TLPT
- Chapter IIIRequirements regarding test scope, testing methodology and results of TLPT
- Section ITesting methodology
- Section IITesting process
- Chapter IVRequirements and standards governing the use of internal testers
- Chapter VCooperation and mutual recognition and final provisions