Summary
This document is a summary information pack published by Germany’s Federal Financial Supervisory Authority (BaFin) on 19 September 2024, detailing its guidance regarding the implementation of the Digital Operational Resilience Act (DORA). The guidance primarily targets banks and other financial institutions subject to BaFin’s IT requirements and DORA’s ICT risk rules. The document outlines BaFin's objectives, including identifying regulatory divergences between DORA and BaFin’s existing requirements, and scopes the desired outcomes from DORA’s regulatory technical standards. It discusses eight key themes related to DORA, such as governance, ICT business continuity management, IT operations, information risk management, identity and access management, operational information security, and ICT third-party risk management. Each theme includes specific outputs expected from in-scope firms to support compliance with DORA, highlighting areas where BaFin's expectations differ from DORA’s requirements.
