On 11 February 2025, the Eurosystem updated its European framework for threat intelligence-based ethical red-teaming (TIBER-EU framework) to align with the regulatory technical standards (RTS) of the Digital Operational Resilience Act (DORA) on threat-led penetration testing (TLPT).

Background

The TIBER-EU framework sets out comprehensive guidance on how authorities, entities, and threat intelligence providers and red-team testers should work together to test and improve the cyber resilience of entities by carrying out controlled cyberattacks. It also contains detailed guidance on how to complete DORA TLPT in a qualitative, controlled and safe manner, applying a uniform approach across the EU. Authorities are encouraged to adopt and implement the TIBER-EU framework.

Updates to align with DORA

The updates made to the TIBER-EU framework to incorporate regulatory requirements and align with other measures set out in DORA include:

• Aligning the process steps with the deliverables derived from the DORA RTS on TLPT (for which strict timelines have been introduced by the DORA RTS and are now incorporated into the TIBER-EU framework).

• Specifying purple-teaming as mandatory under TIBER-EU, as prescribed in the DORA RTS.

• Introducing changes to terminology to ensure consistency with DORA terminology.

• Establishing TIBER-EU guidance documents to facilitate the implementation of different parts of the framework and to ensure a secure and controlled TLPT execution.

• Providing advice on how to assess the quality of a provider in the updated Guidance for Service Provider Procurement.

• Moving away from the requirement for authorities that want to implement TIBER-EU to publish a full national implementation guide; authorities can instead refer to the adoption of the TIBER-EU documentation and publish a short implementation document described in the framework