2025-06-13

Commission Delegated Regulation (EU) 2025/1190 supplementing Regulation (EU) 2022/2554 on Threat-Led Penetration Testing (TLPT) criteria and standards

The European Commission issues Delegated Regulation (EU) 2025/1190 to establish detailed regulatory technical standards for implementing Threat-Led Penetration Testing (TLPT) under the Digital Operational Resilience Act. The regulation defines the criteria for determining which financial entities must undergo TLPT, mandates the use of the TIBER-EU framework, and sets strict requirements for the roles, skills, and confidentiality of testing teams. It further standardizes the testing methodology, scope selection, and supervisory cooperation to ensure mutual recognition and enhanced digital operational resilience across the EU financial sector.

Croatia

Croatian Financial Services Supervisory Agency

Show thumbnailShow full textSourceAdd to collection

Show thumbnail