Europejski Urząd Nadzoru Bankowego, Europejski Urząd Nadzoru Giełd i Papierów Wartościowych (European Securities and Markets Authority - ESMA), Europejski Urząd Nadzoru Ubezpieczeń i Pracowniczych Programów Emerytalnych (European Insurance and Occupational Pensions Authority - EIOPA), Ostateczne sprawozdanie projektu technicznych standardów regulacyjnych określających elementy związane z testami penetrującymi opartymi na zagrożeniach zgodnie z artykułem 26 ust. 11 Rozporządzenia (UE) 2022/2554

JC 2024 29

17 July 2024

Final Report Draft Regulatory Technical Standards specifying elements related to threat led penetration tests under Article 26(11) of Regulation (EU) 2022/2554

1. Executive Summary

Reasons for publication

1. Regulation (EU) 2022/2554of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (hereinafter ‘DORA’) under its Article 26(11), tasks the ESAs, ‘in agreement with the ECB’ to develop draft regulatory technical standards (‘RTS’) ‘in accordance with the TIBER-EU framework’ to specify further the criteria used for identifying financial entities required to perform threat-led penetration testing (TLPT), the requirements and standards governing the use of internal testers, the requirements in relation to scope, testing methodology and approach for each phase of the testing, results,...