FinmadiG – German Implementation
Overview
The Finanzmarktdigitalisierungsgesetz (Financial Markets Digitalisation Act, FinmadiG) was published in the Federal Law Gazette on 27.12.2024 and serves as the national implementation measure for DORA, MiCAR, and the Funds Transfer Regulation.
Key DORA-Relevant Provisions
Extended Scope of Application (Section 1a(2a) KWG, as amended)
From 01.01.2027, the following are additionally subject to DORA:
| Institution Type | Legal Basis | Remarks |
|---|---|---|
| Financial services institutions | Section 1a(2a) KWG | Leasing, factoring |
| Crypto securities register operators | Section 1a(2a) KWG | Newly under DORA |
| Branches under Section 53 KWG | Section 1a(2a) KWG | Third-country branches |
| Insurance holding companies | Section 293(5) VAG | Section 7 No. 31, Section 294(4) VAG |
Transitional Provision (Section 65a(3) KWG, as amended)
For the newly included institutions:
- From 17.01.2025: Reporting obligations for major ICT-related incidents (Chapter III DORA)
- From 01.01.2027: Full ICT risk management framework (for microenterprises: simplified framework under Art. 16)
Replacement of the xAIT Circulars
| Circular | Status | Date |
|---|---|---|
| KAIT | Repealed | 16.01.2025 |
| VAIT | Repealed | 16.01.2025 |
| ZAIT | Repealed | 16.01.2025 |
| BAIT Chapter 11 | Repealed | 17.01.2025 |
| BAIT (complete) | Repeal scheduled | 31.12.2026 |
Sanctions
FinmadiG empowers BaFin to impose:
| Sanction | Amount | Application |
|---|---|---|
| Periodic penalty payments | Up to EUR 2.5 million | For violations of DORA requirements |
| Fines | According to severity | For systematic non-compliance |
| Special commissioners | – | Appointment by BaFin |
| Business restrictions | – | Restriction of business activities |
| Contract termination | – | Requirement to terminate non-compliant service provider relationships |
| Personal liability | – | Management personally liable for material deficiencies |
Audit Obligations
| Audit Subject | Legal Basis | Auditor |
|---|---|---|
| ICT risk management | Art. 5–15 DORA, Section 65a KWG | Annual financial auditor |
| Incident management | Art. 18, 19 DORA | Annual financial auditor |
| Third-party management | Art. 28–30 DORA | Annual financial auditor |
| TLPT | Art. 26–27 DORA | Systemically important only |
Important for BAUER GROUP
Since the annual financial auditors of clients are now explicitly required to audit DORA compliance (Art. 3 No. 10 a) dd) KWG amendment), audit requests to ICT service providers have increased significantly. BAUER GROUP provides standardised audit readiness packages.
Practical Implications
For Existing Financial Sector Clients
Clients will proactively approach BAUER GROUP with:
- Requests for information register data (fact sheet)
- Contract amendments (DORA clauses)
- Audit rights (on-site, remote, by supervisory authority)
- SLA adjustments (DORA-compliant reporting deadlines)
Extended Scope from 2027
The FinmadiG extension brings additional entity groups (including financial services institutions, crypto securities register operators) under DORA from 01.01.2027, requiring DORA-compliant ICT service providers for the first time.