Joint Regulatory Technical Standards specifying elements related to threat led penetration tests

  • Status: Final draft RTS/ITS adopted by the EBA and submitted to the European Commission

These Regulatory Technical Standards  (RTS) specify further:

  • the criteria used for identifying financial entities required to perform threat-led penetration testing (TLPT),
  • the requirements and standards governing the use of internal testers,
  • the requirements in relation to scope, testing methodology and approach for each phase of the testing, results, closure and remediation stages, and
  • the type of supervisory and other relevant cooperation needed for the implementation of TLPT and for the facilitation of mutual recognition.

Summary of document history

Previous versions Current version Ongoing versions

Consultation on Joint draft RTS specifying elements related to threat led penetration tests

  • Status: Closed
  • Deadline: 4 MARCH 2024
Documents
Consultation paper on Joint draft RTS specifying elements related to threat led penetration tests

(685.8 KB - PDF)

Responses to public consultations on DORA (2nd batch)

(858.87 KB - Excel Spreadsheet)

Links

Responses

The form is now closed.

Press contacts

Franca Rosa Congiu