Bafin now considers two of the seven main risks to the German financial market to be IT-related disruptions (see Bafin press release dated 23 January 2024) that directly or indirectly affect a company. In order to make the companies supervised by Bafin more resilient to such cyberattacks, a comprehensive set of rules has been published for the Digital Operational Resilience Act (DORA), which will be launched in mid-January 2025. The aim is not only to make the individual companies be supervised by Bafin from the banking, insurance and securities sectors, etc. more resilient themselves, but also to review the associated ICT service providers. With the help of the companies it supervises, Bafin is endeavouring to identify service providers and sub-service providers that are to be classified as critical.