As only those financial entitiesas defined in Article 2, points (a) to (t) identified for the purposes of the advanced digital resilience testing should be required to conduct threat-led penetration tests, the administrative processes and financial costs entailed in the performance of such tests should be borne by a small percentage of financial entitiesas defined in Article 2, points (a) to (t).