Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Germany: BaFin publishes technical implementation guide for DORA
On August 23, 2024, the Federal Financial Supervisory Authority (BaFin) published a technical implementation guide for the Digital Operational Resilience Act (DORA). BaFin noted that from January 17, 2025, financial companies will be subject to:
- the obligation to report serious ICT-related incidents pursuant to Article 19(1) of the DORA;
- the possibility to voluntarily report significant cyber threats in accordance with Article 19(2) of the DORA; and
the obligation to submit the information register containing all contractual agreements on the use of ICT services provided by ICT third-party service providers in accordance with Article 28(3)(4) of the DORA.
BaFin stated that the submission of the aforementioned reports or the information register would take place via the MVP portal. BaFin further detailed information on the MVP portal including that after registering, reporters must generally apply for activation for the special DORA specialist procedure. BaFin further noted the process for outsourcing the reporting obligations and submitting aggregated reports.
You can read the press release here and access the MVP portal here, both only available in German.