Regulatory Alerts2024-07-17
Final Report on draft RTS specifying elements related to threat led penetration tests
The European Supervisory Authorities issued this final report on draft Regulatory Technical Standards to implement Article 26(11) of the Digital Operational Resilience Act regarding threat-led penetration tests. The standards specify criteria for identifying financial entities required to perform these tests, define requirements for testers and threat intelligence providers, and establish methodologies for testing phases and supervisory cooperation. Key revisions in response to public consultation include more predictable selection criteria for insurance undertakings, clarified processes for pooled and joint tests, and increased flexibility for tester qualifications.
Share