EDPS Formal comments on criteria identifying financial entities required to perform threat-led penetration testing, requirements & standards governing use of internal testers, requirements around implementation of TLPT & facilitation of mutual recognition

EDPS Formal comments on the draft Commission Delegated Regulation supplementing Regulation (EU) 2022/2554 with regard to RTS specifying the criteria used for identifying financial entities required to perform threat-led penetration testing, the requirements and standards governing the use of internal testers, the requirements in relation to scope, testing methodology and approach for each phase of the testing, results, closure and remediation stages and the type of supervisory and other relevant cooperation needed for the implementation of TLPT and for the facilitation of mutual recognition.