Artikel 14 Intyg

Summary What does Article 14 of the RTS on threat-led penetration testing say?

This short article deals with the formal attestation that concludes a TLPT, as required under Article 26(7) of DORA.

It specifies what that attestation must contain by directing readers to Annex VIII, and it clarifies who is responsible for issuing it in scenarios where multiple TLPT authorities have been involved in the same test — a situation that arises in joint or pooled TLPTs governed by Article 16 of this regulation.

Important points:

The attestation issued at the end of a TLPT must contain the information set out in Annex VIII.
Where multiple TLPT authorities have been involved in a TLPT, the lead TLPT authority is responsible for issuing the attestation to the tested financial entities.
This article directly connects to DORA Article 26(7), which is the legal basis requiring the attestation in the first place.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

1. Det intyg som avses i artikel 26.7 i förordning (EU) 2022/2554 ska innehålla de uppgifter som anges i bilaga VIII.
1. Om flera myndigheter med ansvar för hotbildsstyrd penetrationstestning har deltagit i en testning är det den ledande myndigheten med ansvar för hotbildsstyrd penetrationstestning som ska tillhandahålla det intyg som avses i artikel 26.7 i förordning (EU) 2022/2554 till de finansiella entiteter som testats.

Table of contents

Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.