DORA Register of Information – Submission Deadline is approaching ...

What is the DORA Register of Information

The Register of Information (“RoI”) under DORA (Regulation (EU) 2022/2554), is introduced by Commission Implementing Regulation (EU) 2024/2956 implementing technical standards with regard to standard templates for the register of information, which is a standardized central database that records all contractual agreements of a financial company with ICT third-party service providers. It contains detailed information about the ICT services utilized, the providers, and the supported business and operational functions.

The RoI enables systematic monitoring of dependencies and risks arising from the use of ICT third-party providers and serves to provide this information to the relevant supervisory authorities, as well as it encompasses all ICT services; however, particularly critical or important functions must be listed in more detail.

Main Benefits:

• For financial entities: The RoI assists financial entities to document and monitor all their contractual dependencies related to ICT services. 

  
  

• For the entire financial sector: The RoI allows supervisory authorities to comprehensively monitor the dependencies of financial entities on ICT third-party providers and identify critical or important service providers. It also allows proactive identification of systemic risks and implementation of coordinated preventive measures, ensuring digital resilience across the financial sector.

How do you ensure a compliant RoI

The creation of a DORA-compliant register of information involves four main steps:

1. Identification of critical and important functions: Determine which operational and business functions are essential for maintaining business operations and meeting regulatory requirements.

   
   

2. Documentation of ICT third-party service providers: Identify all providers delivering ICT services, and document the contractual details and dependencies.

   
   

3. Documentation of ICT services: Record all ICT services with the identified critical or important functions of financial entities.

   
   

4. Consolidation of information: Enter the retrieved information into the unified templates which ensures uniform reporting. 

   
   

Preparation for reporting of DORA RoI

Key Notes for get prepared for RoIs. 

• Financial entities must submit their RoI as described in the Implementing Technical Standard on the Register of Information. 

  
  

• The RoI should contain all data as per the Implementing Technical Standards (ITS), as at 31 March 2025.

  
  

• The ESAs have provided information on how to prepare to report RoI at the following webpage.

  
  

• The file type financial entities must be using is a ‘plain-csv’ (xBRL OIM-CSV) file in accordance with EBA taxonomy 4.0.

  
  

• Financial entities submitting RoIs must have a valid LEI code.

  
  

• The ICT third party service providers listed in the RoI will need to have either a valid LEI code or EU-ID in order for the files to pass validation, along with meeting the other requirements mentioned above.

Upcoming Submission Date

According to the ESA decision, the deadline for the first submission of the RoIs to the ESAs is set for 30 April 2025, hence, the ESAs expect competent authorities to collect the RoIs from the financial entities under their supervision in advance, based on their own timelines.