Short pieces written for the people who have to deliver TLPT, not the people who have to sell it. Practitioner perspectives on the parts of Article 26 and the RTS that look simple on paper and get complicated in scoping.
The SSD is the most operationally consequential artefact in a DORA TLPT engagement. What the RTS requires, where NCAs push back, and why drafts must start at T+3, not T+5.
A limited number of TIBER and DORA-accredited red team and threat intelligence providers face concentrated demand into 2027. What designated entities should do about it now.
A programme manager's view of the regulatory clock. What to do in the 3 months between notification and your initiation documents, and the 6 months to your SSD.
Article 27 sets the bar for TLPT providers but leaves room for interpretation. A practitioner read on accreditation, independence, insurance, and what to actually look for in a procurement.
DORA made purple teaming mandatory where TIBER-EU only encouraged it. The operational shift, the 10-week clock, and why most commercial red team engagements would now fail compliance.
DORA Article 26 testing differs from a standard penetration test in five operational ways. A practitioner walk-through of scope, scenarios, duration, sequencing, and reporting.