TIBER-IT

The financial sector is a prime target for cyber threats due to the intense digitalization of business models and services, as well as to its wide-ranging and increasing interconnections. Among the tools adopted by the authorities and market participants to strengthen defence capabilities, advanced cybersecurity tests - known as Threat-Led Penetration Testing (TLPT) - play a crucial role for individual financial entities and the financial system as a whole.

Banca d'Italia, CONSOB and IVASS have been promoting these tests on a voluntary basis since 2022 and have jointly adopted the TIBER-IT National Guide, in line with the ECB's harmonized TIBER-EU framework.

As of January 2025, Regulation (EU) 2022/2554 (DORA) is applicable, requiring certain financial entities - identified by the authorities based on their importance for the financial sector - to carry out TLPT regularly. These provisions are further detailed in Commission Delegated Regulation (EU) 2025/1190 of 13 February 2025 (RTS on TLPT). The European TIBER-EU framework was also updated in January 2025 to reflect these changes.

In this context, Banca d'Italia, CONSOB and IVASS have updated the TIBER-IT National Guide to align it with DORA, the Regulatory Technical Standards (RTS) on TLPT, and the revised TIBER-EU framework. The Guide now serves as the reference framework for both mandatory tests under DORA and voluntary tests, which are to be strongly encouraged for entities not subject to mandatory requirements. To conduct these tests, entities should refer to DORA, the RTS on TLPT, TIBER-EU, and the related supporting documents, which are all referenced in the Guide.

The Guide is addressed primarily to financial entities within the scope of DORA, as implemented in Italy by Legislative Decree 23/2025, as well as to ICT service providers (where included in the test scope) and, where relevant, to threat intelligence and red teaming service providers.

Other financial entities or different types of organization may carry out voluntary TLPT tests by notifying their interest to the single contact point (see Contacts section).

Contacts

For information on the TIBER-IT National Guide, you can contact the TIBER-IT Cyber Team (TCT-IT) at the email address provided below. This e-mail supports secure communications via encryption, if deemed necessary. The certificate containing the related public encryption key is available as reported below.

tiber-it@bancaditalia.it

Publish date::11 December 2025
Joint Communication by Banca d'Italia, CONSOB and IVASS on the update of the TIBER-IT National Guidance (December 2025)
pdf 195 KB
Publish date::11 December 2025
TIBER-IT National Guide v.2.0 (November 2025)
pdf 2 MB
Publish date::29 July 2022
Public key of tiber-it@bancaditalia.it
p7b 4 KB
Publish date::28 September 2023
PGP public key of tiber-it@bancaditalia.it
asc 1 KB
Publish date::27 February 2025
Threat-led penetration testing: from TIBER-IT to the DORA rules
pdf 215 KB
by Chiara Scotti Deputy Governor of Banca d'Italia Opening remarks at the conference 'THREAT-LED PENETRATION TESTING. From TIBER-IT experiences to DORA TLPT rules' (Rome, 27 February 2025)
Publish date::27 February 2025
THREAT-LED PENETRATION TESTING. From TIBER-IT experiences to DORA TLPT rules - slides (only in Italian)
pdf 677 KB
TIBER-IT - Voluntary Testing: Experiences, Lessons Learned, and Perspectives

Publish date::13 October 2022
Cyber resilience of the Italian financial system: the role of TIBER-IT tests
pdf 164 KB
(only in Italian) by Luigi Cannari Head of Directorate General for Markets and Payment Systems
Publish date::13 October 2022
Cyber resilience of the Italian financial system: the role of TIBER-IT tests - slides (only in Italian)
pdf 2 MB
Publish date::29 July 2022
Joint Communication by the Bank of Italy, Consob and IVASS for the adoption of the TIBER-IT National Guidance
pdf 152 KB
Publish date::05 October 2022
TIBER-IT National Guidance
pdf 2 MB

Menu

TIBER-IT

Contacts

Related sites

Links

Legal Information

Contact Us

TIBER-IT

Contacts

Sezione di approfondimento

TIBER-IT documentation

Archive

TIBER-EU

Other links