Designation of a public authority for TLPT


To draw on the expertise already acquired by certain competent authoritiesas defined in Article 46, in particular with regard to implementing the TIBER-EU framework, this Regulation should allow Member States to designate a single public authorityany government or other public administration entity, including national central banks as responsible in the financial sector, at national level, for all TLPT(threat-led penetration testing) a framework that mimics the tactics, techniques and procedures of real-life threat actors perceived as posing a genuine cyber threat, that delivers a controlled, bespoke, intelligence-led (red team) test of the financial entity’s critical live production systems matters, or competent authoritiesas defined in Article 46, to delegate, in the absence of such designation, the exercise of TLPT(threat-led penetration testing) a framework that mimics the tactics, techniques and procedures of real-life threat actors perceived as posing a genuine cyber threat, that delivers a controlled, bespoke, intelligence-led (red team) test of the financial entity’s critical live production systems related tasks to another national financial competent authorityas defined in Article 46.