DORA Compliance

English

Deutsch

English

Deutsch

Appearance

RTS (EU) 2025/1190 – TLPT

PropertyValue
NumberDelegated Regulation (EU) 2025/1190
DORA ArticleArt. 26(11)
PillarP3 – Resilience Testing
Entry into force08.07.2025

Content

Specifies the requirements for Threat Led Penetration Tests (TLPT):

  • Criteria for determining entities subject to TLPT
  • Scope of tests (critical functions, live production systems)
  • Methodology based on TIBER-EU (8 phases)
  • Red/blue/white team requirements
  • Provider qualification for TLPT testers
  • Timeline typically 9–14 months
  • Budget typically EUR 150,000–500,000

Deadline: First TLPT before 17.01.2028 for systemically important financial entities. Frequency: Every 3 years.

BAUER GROUP Relevance

BAUER GROUP is not subject to TLPT obligations, but must participate in and cooperate with TLPT tests of clients (Art. 26(4)). A TLPT cooperation clause is included in all contracts with systemically important financial entities.

→ Details: P3: Resilience Testing

Documentation licensed under CC BY-NC 4.0 · Code licensed under MIT

© 2026 BAUER GROUP. Commercial use of the documentation is not permitted.

Documentation licensed under CC BY-NC 4.0 · Code licensed under MIT

© 2026 BAUER GROUP. Commercial use of the documentation is not permitted.