Joint Regulatory Technical Standards specifying elements related to threat led penetration tests

  • Status: Final draft RTS/ITS adopted by the EBA and submitted to the European Commission

These Regulatory Technical Standards  (RTS) specify further:

  • the criteria used for identifying financial entities required to perform threat-led penetration testing (TLPT),
  • the requirements and standards governing the use of internal testers,
  • the requirements in relation to scope, testing methodology and approach for each phase of the testing, results, closure and remediation stages, and
  • the type of supervisory and other relevant cooperation needed for the implementation of TLPT and for the facilitation of mutual recognition.

Summary of document history

Previous versions Current version Ongoing versions

Joint draft Regulatory Technical Standards specifying elements related to threat led penetration tests

  • Status: Not yet applicable
  • Application date:
  • Compliance deadline:
Documents
Joint Regulatory Technical Standards specifying elements related to threat led penetration tests

(2.81 MB - PDF)

Press contacts

Franca Rosa Congiu