Comments
27th of March 2025
GBIC interpretation of the DORA constellation
‘ICT service as part of a regulated financial service’

The German Banking Industry Committee (GBIC) has prepared an interpretation of the DORA constellation ‘ICT service as part of a regulated financial service’. The background to the paper is the Q&A of the European Supervisory Authorities (EBA, ESMA, EIOPA) of 22 January 2025, which provides the EU Commission's clarification on this constellation. The GBIC interpretation highlights the specific regulatory implications for financial companies. Essentially, with regard to regulated financial ICT services, the DORA requirements for third-party risk management do not apply, while the MaRisk requirements continue to apply.
GBIC interpretation of the DORA constellation
PDF

Contact
Diana Campar
Banking Technology and Security