Preparations for reporting of DORA registers of information
The Digital Operational Resilience Act (DORA) became applicable on 17 January 2025. From that date all financial entities in its scope will need to have a comprehensive register of their contractual arrangements with ICT third-party service providers available at entity, sub-consolidated and consolidated levels.
The registers of information will serve for:
- financial entities to monitor their ICT third-party risk,
- the EU competent authorities to supervise ICT and third-party risk management at the financial entities and
- the ESAs to designate the critical ICT third-party service provides (CTPP) which will be subject to an EU-level oversight.
This page provides a set of resources to help the financial entities to be ready with the preparation and submission of the registers of information to the competent authorities that will provide the collected registers to the ESAs for the purposes of designation of the CTPPs. The resources provided cover both official reporting starting form 2025 and preparatory dry run exercise the ESAs carried out in 2024.
PREPARATIONS FOR OFFICIAL REPORTING OF REGISTERS
- ESAs Decision on reporting of information for CTPP designation
- ITS on the registers of information - Adopted and published in the Official Journal of the EU
- Data Model for DORA RoI
- Reporting technical package
- Validation rules - Please download the file and search for DORA under ‘Frameworks’
- Data Point Model Dictionary
- Data Point Model table layout and data point categorisation - Please download and search for ‘20241217 Annotated Table Layout DORADORA 4.0’
- Sample files for taxonomy under taxonomy architecture v2.0 - Please download the folder, under “instances xBRL-CSV”, search for the DORA file (DUMMYLEI123456789012.CON_FR_DORA010100_DORA_2024-12-31_20241213174803429)
- Taxonomy package under taxonomy architecture v2.0 - Please download the folder and search for DORA file
- EBA reporting filing rules v5.5
- Preparing plain csv reporting package for DORA (explanatory slides)
- Validation rules - Please download the file and search for DORA under ‘Frameworks’
- List of possible values for all data fields with drop downs (updated 3 March 2025)
- ITS on RoI - Annex 2 list of licensed activities for data point model updated to reflect DPM V4.0
- Overview of technical checks, validation rules and business checks to be applied by the EBA for RoI reporting (updated 14 March 2025)
- Explanations of the data quality feedback to the registers of information from the validations (explanatory slides)
- DORA Sample data quality responses
- Frequently asked question on reporting of the registers of information [updated on 14 February 2025]
2024 DRY RUN EXERCISE
- Summary report from the Dry Run exercise
- Presentation – workshop for industry on summary of Dry Run and preparations for 2025 reporting 18 December 2024
- Video recording – industry workshop of 18 December 2024
- Factsheet: ‘dry run’ to prepare for DORA
- Presentation - workshop for industry on DORA 2024 dry run data collection 30 April 2024
- Video recording - industry workshop 30 April 2024
- Press release 11 April 2024
TOOLS AND MATERIAL FOR THE 2024 DRY RUN
- Explanation of data quality checks [xlsx]
- Template for the register of information [xlsb]
- Draft Data Point Model – annotated table layout [xlsx]
- Draft taxonomy [zip]
- DORA plain csv sample reporting package [zip]
- XLS to CSV conversion tool [xlsm]
- Instructions to XLS to CSV conversion tool [pdf]
- ITS on RoI - Annex 2 list of licensed activities for data point model
- Presentation – workshop on exercise tools 10 June 2024 [pdf]
- Video recording – workshop on exercise tools 10 June 2024
- Press release 31 May 2024
- Frequently asked questions regarding dry run – updated 29 July 2024 [pdf]