In the industry workshop of 18 of December 2024, which was a summary of Dry Run, it was stated that the reporting taxonomy provided shall be used for the reporting , while the current DORA 4.0 validation rules does not follow the instructions provided in the ROI ITS. We kindly ask you to confirm if the reporting shall follow the DORA 4.0 validation rules despite the mismatch with the ROI ITS.
Differences between the law and the taxonomy:
Requirement in Law
Requirement in Taxonomy
Additional question
B_01_01_0010 stated as non-nullable, but is mentioned as nullable in "LEI - EUID checks VR-2"
B_01_02_0010 stated as non-nullable, but is mentioned as nullable in "LEI - EUID checks VR-12"
B_02.03 does not include an extra column c0030
b_02.03 has a column c0030, that is required to be filled out
What is the extra column used for?
B_03.01 does not include an extra column c0030
b_03.01 has a column c0030, that is required to be filled out
What is the extra column used for?
B_03.03 does not include an extra column c0031
b_03.03 has a column c0031, that is required to be filled out
What is the extra column used for?
B_04.01 clarifies that column c0040 is only mandatory if the financial entity making use of the ICT service(s) is a branch of a financial entity (B_04.01.0030)
B_04.01 column c0040 is mandatory. Which also requires at least 1 branch in B_01.03.
What should be reported if a reporting entity does not have any branches? Should both B_01.03 and B_04.01 be empty. Or?
B_05.01 c0030 & c0040 is optional
B_05.01 c0030 & c0040 is required when c0070 = Legal person, excluding individual acting in a business capacity
B_05.01 c0110 is mandatory if the ICT-third party service provider is not the ultimate parent undertaking
B_05_01_0110 is mandatory all the time according to the DPM
B_05.02 column c0060 & c0070 is mandatory, but not applicable for rank 1. An empty value should be reported if rank = 1
B_05.02 column c0060 & c0070 is always required.
What should be reported in c0060 & c0070 if the rank = 1?
B_01_01_0050 is mandatory in case of reporting
B_01_01_0050 is always mandatory
B_01_01_0060 is mandatory in case of reporting
B_01_01_0060 is always mandatory
B_01_02_0060 is mandatory
B_01_02_0060 is optional in DPM
B_02_01_0030 is mandatory
B_02_01_0030 is optional in DPM
B_02_02_0040 is mandatory
B_02_02_0040 is optional in DPM
B_02_02_0130 is mandatory if the ICT service is supporting a critical or important function
B_02_02_0130 is optional in DPM
B_02_02_0140 is mandatory if the ICT service is supporting a critical or important function
B_02_02_0140 is optional in DPM
B_02.02.0150 is mandatory if Yes is reported in c0140
B_02.02.0150 is mandatory in DPM
B_02.02.0160 is mandatory if the ICT service is based on or foresees data processing
B_02.02.0160 is mandatory in DPM
Additional to the question above:
If changes will be made to the Taxonomy, when will these be made available? Do you foresee to apply changes to solve the aforementioned mismatch? If so, can you please share when this is expected to be done?
If the current Taxonomy, DORA 4.0, must be followed for reporting, can we expect that all local authorities are required to accept the Register of Informations in the format aligned with the Taxonomy?
We have experienced differences while doing a mock exercise to submit the reports to local authorities from the reporting technical package. To our knowledge, these discrepancies shall not exist and the national authorities to which entities have to report to are required to accept files that follow the reporting technical package. In this scenario, what actions can we expect to be taken?
- Legal act: Regulation (EU) No 2022/2554 (DORA Reg)
- COM Delegated or Implementing Acts/RTS/ITS/GLs: Regulation (EU) 2024/2956 - ITS on the register of information
