English EN

All Tools

Updated 01/07/2025

Metadata

Coming into force on 08/07/2025

Initial Legal Act

References (6)

EBA webpage on this legal act

eba.europa.eu/joint-regulatory-technical-standards-specifying-elements-related-threat-led-penetration-tests

Timeline

18/06/2025

Delegated Regulation 2025/1190 published in OJ

17/07/2024

Final Draft published

17/07/2024

Final Draft published

17/07/2024

Final Draft published

27/11/2023

Consultation published

27/11/2023

Consultation published

27/11/2023

Consultation published

Search within this legal act

Synchronised with EUR-Lex on 01/07/2025

DORA Tool Delegated Regulation 2025/1190

Delegated Regulation 2025/1190

Commission Delegated Regulation (EU) 2025/1190 of 13 February 2025 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the criteria used for identifying financial entities required to perform threat-led penetration testing, the requirements and standards governing the use of internal testers, the requirements in relation to the scope, testing methodology and approach for each phase of the testing, results, closure and remediation stages and the type of supervisory and other relevant cooperation needed for the implementation of TLPT and for the facilitation of mutual recognition

Recitals Article 1 - Definitions Article 2 - Identification of financial entities required to perform TLPT Article 3 - TCT and TLPT Test Managers Article 4 - Organisational arrangements for financial entities Article 5 - Risk management for TLPT Article 6 - Risk management for pooled or joint TLPTs Article 7 - Selection of TLPT providers Article 8 - Specificities for pooled or joint TLPTs Article 9 - Preparation phase Article 10 - Testing phase: threat intelligence Article 11 - Testing phase: red team test Article 12 - Closure phase Article 13 - Remediation plan Article 14 - Attestation Article 15 - Use of internal testers Article 16 - Cooperation and mutual recognition Article 17 - Entry into force ANNEX I - Content of the project charter (Article 9(2)(a))ANNEX II - Content of the scope specification document (Article 9(6))ANNEX III - Content of the targeted threat intelligence report (Article 10(5))ANNEX IV - Content of the red team test plan (Article 11(1))ANNEX V - Content of the red team test report (Article 12(2))ANNEX VI - Content of the blue team test report (Article 12(4))ANNEX VII - Details of the report summarizing the relevant findings of the TLPT referred to in Article 26(6) of Regulation (EU) 2022/2554 ANNEX VIII - Details of the attestation of the TLPT referred to in Article 26(7) of Regulation (EU) 2022/2554

contact@judict.eu

© All rights reserved. Made with

❤️

in Berlin.

About FAQ Give Feedback Privacy Notice Legal Notice

Subscribe to our newsletter

*Subscribe to our newsletter to receive updates,
offers, product information and custom content.