Register of information

Preamble (Recitals 1 – 15)

Recitals

Article 1

Definitions

Article 2

Ranking of ICT third-party providers in the supply chain

Article 3

General requirements for the templates of the register of information

Article 4

Data format requirement

Article 5

Content of the register of information

Article 6

Scope of the register of information at sub-consolidated and consolidated level

Article 7

Entry into force

Article 3This ITS also includes four annexes; dora-info.eu only contains the main text. Please refer to the original source mentioned on the landing page to access the annexes. General requirements for the templates of the register of information

  1. Financial entitiesas defined in Article 2, points (a) to (t) shall use the templates set out in Annex I to IV to maintain and update the register of information in accordance with Article 28(3) of Regulation (EU) 2022/2554, at entity level, or at sub-consolidated and consolidated level.

  2. Financial entitiesas defined in Article 2, points (a) to (t) shall ensure that the templates referred to in paragraph 1 include all of the following:

    1. the relevant information in relation to all the ICT servicesmeans digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; provided by direct ICT third-party providers;

    2. information on all subcontractors that effectively underpin ICT servicesmeans digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; supporting critical or important functionsmeans a function, the disruption of which would materially impair the financial performance of a financial entity, or the soundness or continuity of its services and activities, or the discontinued, defective or failed performance of that function would materially impair the continuing compliance of a financial entity with the conditions and obligations of its authorisation, or with its other obligations under applicable financial services law; or material parts thereof.

  3. Financial entitiesas defined in Article 2, points (a) to (t) shall ensure that the information contained in the templates referred to in paragraph 1 is accurate and consistent. Financial entitiesas defined in Article 2, points (a) to (t) shall review the information contained in the templates regularly and shall promptly correct any errors or discrepancies detected.

    In case of groupsmeans a group as defined in Article 2, point (11), of Directive 2013/34/EU;, financial entitiesas defined in Article 2, points (a) to (t) responsible for maintaining and updating the register of information at sub-consolidated and consolidated level shall ensure that information in relation to entity level in the consolidation is correct and consistent with the information at the sub-consolidated and consolidated level.

  4. Financial entitiesas defined in Article 2, points (a) to (t) shall ensure that the information contained in the templates referred to in paragraph 1 adhere to the following principles of data quality:

    1. accuracy;

    2. completeness;

    3. consistency;

    4. integrity;

    5. uniformity;

    6. validity.

  5. Financial entitiesas defined in Article 2, points (a) to (t) shall use a valid and active legal entity identifier (LEI) or the European Unique Identifier referred to in Article 16 of Directive (EU) 2017/1132 (‘EUID’), and where available both of these identifiers, to identify all of their ICT third-party service providersmeans an undertaking providing ICT services; that are legal persons, except for individuals acting in a business capacity.

  6. Where an ICT service provided by a direct ICT third-party service providermeans an undertaking providing ICT services; is supporting a critical or important functionmeans a function, the disruption of which would materially impair the financial performance of a financial entity, or the soundness or continuity of its services and activities, or the discontinued, defective or failed performance of that function would materially impair the continuing compliance of a financial entity with the conditions and obligations of its authorisation, or with its other obligations under applicable financial services law; of the financial entitiesas defined in Article 2, points (a) to (t), financial entitiesas defined in Article 2, points (a) to (t) shall ensure through the direct ICT third-party service providermeans an undertaking providing ICT services;, that all the subcontractors of the direct ICT third-party service providermeans an undertaking providing ICT services; included in the register of information in accordance with paragraph 2, point (b), which effectively underpin/support ICT servicesmeans digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including hardware as a service and hardware services which includes the provision of technical support via software or firmware updates by the hardware provider, excluding traditional analogue telephone services; supporting critical or important functionsmeans a function, the disruption of which would materially impair the financial performance of a financial entity, or the soundness or continuity of its services and activities, or the discontinued, defective or failed performance of that function would materially impair the continuing compliance of a financial entity with the conditions and obligations of its authorisation, or with its other obligations under applicable financial services law;, use a valid and active LEI or provide their EUID, and where available both of these identifiers, except if those subcontractors are individuals acting in a business capacity.

Table of contents