The German Federal Financial Supervisory Authority Issues Guidelines for DORA Implementation
On 8 July 2024, the German Federal Financial Supervisory Authority (BaFin) published guidelines for implementing the Digital Operational Resilience Act (DORA). These guidelines are intended to help supervised financial companies meet DORA requirements for ICT risk management and third-party ICT risk management. The guidelines cover governance, information risk management, IT operations, business continuity, project management, and operational security. They are aimed at banks and insurers under BaFin’s supervision and include minimum contract contents with ICT service providers. Effective 17 January 2025, these companies must comply with DORA’s comprehensive ICT risk management framework.