Source: OJ L, 2025/1190, 18.6.2025
EN- Digital operational resilience in the financial sector
Digital operational resilience testing
- RTS on threat-led penetration testing
Article 14 Attestation
The attestation referred to in Article 26(7) of Regulation (EU) 2022/2554 shall contain the information set out in Annex VIII.
Where several TLPT authorities means any of the following: the single public authority in the financial sector designated in accordance with Article 26(9) of Regulation (EU) 2022/2554; the authority in the financial sector to which the exercise of some or all of the tasks in relation to TLPT is delegated in accordance with Article 26(10) of Regulation (EU) 2022/2554; any of the competent authorities referred to in Article 46 of Regulation (EU) 2022/2554; have been involved in a TLPT(threat-led penetration testing) a framework that mimics the tactics, techniques and procedures of real-life threat actors perceived as posing a genuine cyber threat, that delivers a controlled, bespoke, intelligence-led (red team) test of the financial entity’s critical live production systems, the lead TLPT authority means any of the following: the single public authority in the financial sector designated in accordance with Article 26(9) of Regulation (EU) 2022/2554; the authority in the financial sector to which the exercise of some or all of the tasks in relation to TLPT is delegated in accordance with Article 26(10) of Regulation (EU) 2022/2554; any of the competent authorities referred to in Article 46 of Regulation (EU) 2022/2554; shall provide the attestation referred to in Article 26(7) of Regulation (EU) 2022/2554 to the tested financial entitiesas defined in Article 2, points (a) to (t).
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.