Artikel 14 Bescheinigung

Summary What does Article 14 of the RTS on threat-led penetration testing say?

This short article deals with the formal attestation that concludes a TLPT, as required under Article 26(7) of DORA.

It specifies what that attestation must contain by directing readers to Annex VIII, and it clarifies who is responsible for issuing it in scenarios where multiple TLPT authorities have been involved in the same test — a situation that arises in joint or pooled TLPTs governed by Article 16 of this regulation.

Important points:

The attestation issued at the end of a TLPT must contain the information set out in Annex VIII.
Where multiple TLPT authorities have been involved in a TLPT, the lead TLPT authority is responsible for issuing the attestation to the tested financial entities.
This article directly connects to DORA Article 26(7), which is the legal basis requiring the attestation in the first place.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

1. Die in Artikel 26 Absatz 7 der Verordnung (EU) 2022/2554 genannte Bescheinigung muss die in Anhang VIII aufgeführten Angaben enthalten.
1. Wenn mehrere TLPT-Behörden an einem TLPT beteiligt waren, stellt die federführende TLPT-Behörde den getesteten Finanzunternehmen die in Artikel 26 Absatz 7 der Verordnung (EU) 2022/2554 genannte Bescheinigung aus.

Table of contents

Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.