FMA Guideline 2021/3 updated

07.01.25 Supervision and Regulation
In May 2021, the FMA Guideline 2021/3 - ICT Security Guideline was adopted and entered into force on January 1, 2022 (ICT Guideline). Due to the (advance) implementation of the Digital Operational Resilience Act (DORA) on February 1, 2025, the ICT Guideline was amended by resolution of the Supervisory Board in December 2024.

The scope of the ICT Directive has been adapted to the effect that the ICT Directive will apply exclusively to financial intermediaries that do not fall within the scope of DORA. Furthermore, the definitions and terms have been aligned with DORA and clarifications have been included due to the increased number of questions from intermediaries in recent years. Simplifications that DORA provides for compared to the ICT Directive have also been taken into account. Significant changes to the content are the minimum requirements for the creation of the register of contractual agreements (formerly the register of outsourcing agreements) and the reporting of ICT-related incidents to the FMA.

This content has been translated using a fully automated machine translation tool. Some content may not be accurately translated. More information.

Downloads

Search
  • Pages
  • News
  • Warnings
  • Assets
  • Publications
  • Events
  • Employees
  • Legal basis
  • Guidelines