Recital 59
Digital Operational Resilience Act · UE 2022/2554
| (59) | Since this Regulation does not require financial entities to cover all critical or important functions in one single threat-led penetration test, financial entities should be free to determine which and how many critical or important functions should be included in the scope of such a test. |