Preparation for DORA application
The Digital Operational Resilience Act (DORA) will become applicable on 17 January 2025. From that date all financial entities in its scope will need to have a comprehensive register of their contractual arrangements with ICT third-party service providers available at entity, sub-consolidated and consolidated levels.
The registers will serve for:
- financial entities to monitor their ICT third-party risk,
- the EU competent authorities to supervise ICT and third-party risk management at the financial entities and
- the ESAs to designate the critical ICT third-party service provides (CTPP) which will be subject to an EU-level oversight.
PREPARATIONS FOR OFFICIAL REPORTING OF REGISTERS
ADDITIONAL DOCUMENTS
TOOLS AND MATERIAL FOR DRY RUN
- Explanation of data quality checks [xlsx]
- Template for the register of information [xlsb]
- Example of filled template A - updated 8 July 2024 [xlsb]
- Example of filled template B - updated 8 July 2024 [xlsb]
- Draft Data Point Model – annotated table layout [xlsx]
- Draft taxonomy [zip]
- DORA plain csv sample reporting package [zip]
- XLS to CSV conversion tool [xlsm]
- Instructions to XLS to CSV conversion tool [pdf]
- ITS on RoI - Annex 2 list of licensed activities for data point model
- Presentation – workshop on exercise tools 10 June 2024 [pdf]
- Video recording – workshop on exercise tools 10 June 2024
- Press release 31 May 2024
- Frequently asked questions regarding dry run – updated 29 July 2024 [pdf]
DORA Dry Run FAQ (Updated)
(495.66 KB - PDF)