2025R1190 - Summary
COMMISSION DELEGATED REGULATION (EU) 2025/1190 of 13 February 2025 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the criteria used for identifying financial entities required to perform threat-led penetration testing, the requirements and standards governing the use of internal testers, the requirements in relation to the scope, testing methodology and approach for each phase of the testing, results, closure and remediation stages and the type of supervisory and other relevant cooperation needed for the implementation of TLPT and for the facilitation of mutual recognition (Text with EEA relevance)
Info
🔗 Back to Summary. 🇫🇷 French Version: 2025R1190_FR.0. Back to Summary of LVL1. Direct link to EUR-LEX.
Article 1 - Definitions
Article 2 - Identification of financial entities required to perform TLPT
Article 3 - TCT and TLPT Test Managers
Article 4 - Organisational arrangements for financial entities
Article 5 - Risk management for TLPT
Article 6 - Risk management for pooled or joint TLPTs
Article 7 - Selection of TLPT providers
Article 8 - Specificities for pooled or joint TLPTs
Article 9 - Preparation phase
Article 10 - Testing phase: threat intelligence
Article 11 - Testing phase: red team test
Article 12 - Closure phase
Article 13 - Remediation plan
Article 14 - Attestation
Article 15 - Use of internal testers
Article 16 - Cooperation and mutual recognition
Article 17 - Entry into force
Annex I
Annex II
Annex III
Annex IIII
Annex V
Annex VI
Annex VII
Annex VIII