Artikel 8 Särskilda specifikationer för gemensam eller samlad hotbildsstyrd penetrationstestning

This article serves as a bridging provision that connects the general TLPT procedural steps (laid out in Articles 9 to 15) to the specific scenarios where multiple financial entities are involved in a joint or pooled TLPT.

It establishes two default rules: first, that each participating financial entity must individually follow the full procedural sequence, and second, that where multiple TLPT authorities are involved, any reference to "the TLPT authority" throughout Articles 9 to 15 should be read as referring to the lead TLPT authority.

Both rules can be displaced — the first by a decision of the lead TLPT authority, and the second by other provisions within the regulation itself.

Important points:

• Follow each procedural step in Articles 9 to 15 individually, even when participating in a joint or pooled TLPT, unless the lead TLPT authority decides otherwise.
• In joint or pooled TLPTs involving multiple TLPT authorities, the lead TLPT authority assumes the role of "the TLPT authority" for the purposes of Articles 9 to 15.
• This article directly links to Article 16, which governs how joint and pooled TLPTs are organised and how a lead TLPT authority is determined.