Source: OJ L, 2025/1190, 18.6.2025Current language: EN
- Digital operational resilience in the financial sector
Digital operational resilience testing
- RTS on threat-led penetration testing
Article 8 Specificities for pooled or joint TLPTs
Unless otherwise decided by the lead TLPT authority, where several financial entities, identified in accordance with Article 16(2) or (4), are involved in a pooled or joint TLPT, each financial entity shall follow each of the steps set out in Articles 9 to 15.
Unless otherwise provided in this Regulation, where several TLPT authorities are involved in a joint TLPT or in a pooled TLPT, as referred to in Article 16(3) or 16(5), references in Articles 9 to 15 to the ‘TLPT authority’ shall be understood as a reference to the lead TLPT authority for such pooled or joint TLPT.
Relevant recitals
Recital 14 Multiple financial entities and TLPT authorities
Where several financial entities and several TLPT authorities are involved in a TLPT, the roles of all parties in the TLPT process should be specified to conduct the most efficient and safe test. For the purposes of pooled testing, specific requirements are necessary to specify the role of the designated financial entity, namely that it should be in charge of providing all necessary documentation to the lead TLPT authority and of monitoring the test process. The designated financial entity should also be in charge of the common aspects of the risk management assessment. Notwithstanding the role of the designated financial entity, the obligations of each financial entity participating to the pooled TLPT process should remain unaffected during the pooled test. The same principle should apply for joint TLPTs.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
- the single public authority in the financial sector designated in accordance with Article 26(9) of Regulation (EU) 2022/2554;
- the authority in the financial sector to which the exercise of some or all of the tasks in relation to TLPT is delegated in accordance with Article 26(10) of Regulation (EU) 2022/2554;
- any of the competent authorities referred to in Article 46 of Regulation (EU) 2022/2554;