1.   Crypto-asset service providers shall test the operation of the business continuity plans referred to in Article 4 on the basis of realistic scenarios. Such testing shall verify the capability of the crypto-asset service provider to recover from disruptive incidents and to resume services in accordance with Article 4(2), point (b).

2.   Crypto-asset service providers shall test the business continuity plans annually taking into account:

(a)	the results of the tests referred to in paragraph 1;

(b)	the most recent threat intelligence;

(c)	lessons derived from previous events;

(d)	where relevant, any changes in the recovery objectives, including recovery time objectives and recovery point objectives as referred to in Article 4(2), point (b);

(e)	changes in the business functions.

3.   Crypto-asset service providers shall document the results of the testing activity in writing, and submit them to their management body and to the operating units involved in the business continuity plans.

4.   Crypto-asset service providers shall ensure that the testing of the business continuity plans does not interfere with normal conduct of their services.