The designation of a single public authorityany government or other public administration entity, including national central banks in the financial sector responsible for TLPT-related matters at national level according to Article 26(9) of Regulation (EU) 2022/2554 should be without prejudice to the competence for the TLPT(threat-led penetration testing) a framework that mimics the tactics, techniques and procedures of real-life threat actors perceived as posing a genuine cyber threat, that delivers a controlled, bespoke, intelligence-led (red team) test of the financial entity’s critical live production systems of competent authoritiesas defined in Article 46 entrusted with supervision at Union level of certain financial entitiesas defined in Article 2, points (a) to (t) to which Regulation (EU) 2022/2554 applies, such as, for instance, the European Central Bank for significant credit institutionsa credit institution as defined in Article 4(1), point (1), of Regulation (EU) No 575/2013 of the European Parliament and of the Council. Where only some tasks are delegated in a Member State in accordance with the national implementation of Article 26(10) of Regulation (EU) 2022/2554, the competent authorityas defined in Article 46 in accordance with Article 46 of Regulation (EU) 2022/2554 should remain the authority for those TLPT-related tasks that have been not delegated.