Implementation of “new” IT regulatory requirements

Efficient implementation of regulatory requirements – using a holistic, practical and future-oriented approach.

2024 was already a busy year for those who were obliged to implement the DORA requirements. And even after the initial implementation phase, DORA still necessitates various measures – including the implementation of effective ICT incident management, training and awareness-raising within the organization (especially among managers), the establishment and completion of the information register, the quantification of ICT risks and their integration into operational risk management. On top of that, future updates – such as the pending finalization of technical regulatory standards – must also be taken into account in the implementation.

Eine Person, die einen Taschenrechner benutzt

Additional requirements for financial services providers

The German Financial Market Digitalization Act (Finanzmarktdigitalisierungsgesetz, FinmadiG) extends the scope of DORA to include other types of enterprises such as factoring and leasing companies. These are subject to a simplified ICT risk management framework, which must be implemented by 2026 at the latest.

In addition to DORA, the AI Act and FIDA will also bring new and relevant regulatory requirements in 2025 – from governance and the risk-based use of AI to the strengthening of IT security and the standardized exchange of financial data. On top of that, regional regulations have to be observed, while the European and national requirements need to be continuously integrated and harmonized.

 

Our services at a glance:

  • We help you determine your status quo regarding these regulations, analyze your current level of maturity and identify potential regulatory gaps.
  • We provide companies with holistic support, from gap analysis and the integration of regulatory requirements into existing processes through to continuous optimization and improvement.
  • The practical implementation of regulatory requirements – such as the simplified ICT risk management framework pursuant to DORA or specific governance requirements of the AI Act – is a core component of our service portfolio.

Feel free to contact us

Profilfoto_Buschmann_Roger.jpg

Roger Buschmann

Senior Manager

Ein Mann in Anzug und Krawatte

Stephan Sahm

Senior Manager