Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Germany: BaFin publishes technical implementation guide for DORA

On August 23, 2024, the Federal Financial Supervisory Authority (BaFin) published a technical implementation guide for the Digital Operational Resilience Act (DORA). BaFin noted that from January 17, 2025, financial companies will be subject to:

  • the obligation to report serious ICT-related incidents pursuant to Article 19(1) of the DORA;
  • the possibility to voluntarily report significant cyber threats in accordance with Article 19(2) of the DORA; and
  • the obligation to submit the information register containing all contractual agreements on the use of ICT services provided by ICT third-party service providers in accordance with Article 28(3)(4) of the DORA.

BaFin stated that the submission of the aforementioned reports or the information register would take place via the MVP portal. BaFin further detailed information on the MVP portal including that after registering, reporters must generally apply for activation for the special DORA specialist procedure. BaFin further noted the process for outsourcing the reporting obligations and submitting aggregated reports. 

You can read the press release here and access the MVP portal here, both only available in German.