Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Germany: BaFin publishes implementation guidelines for DORA

On July 8, 2024, the Federal Financial Supervisory Authority (BaFin) published implementation guidelines for the Digital Operational Resilience Act (DORA). BaFin stated that the guidelines are intended to support companies in implementing the requirements of DORA for regular ICT risk management and ICT third-party risk management. The guidelines also include an overview of the minimum contract contents that supervised companies must agree with ICT third-party service providers.

The guidelines are aimed particularly at those companies supervised by BaFin that fall within the scope of the banking supervisory requirements for IT or the insurance supervisory requirements for IT. The guidelines are divided into the following sections:

  • governance and organization;
  • information risk and information security management;
  • IT operations;
  • ICT business continuity management;
  • IT project management and application development;
  • ICT third-party risk management; and
  • operational information security and identity and rights management.

You can read the press release here, download the guidelines here, and read the minimum contract contents here, all only available in German.