DORA – Register of Information collection – Update

DORA Digital Operational Resilience Act · · cssf

AI Analysis

The CSSF has published an update regarding the collection of information for the DORA Register. This involves the formal issuance of templates and technical specifications that financial entities must use to submit detailed information on their use of ICT third-party service providers. This register is a core DORA requirement for centralized oversight.

All in-scope financial entities under DORA are affected, including credit institutions, payment institutions, investment firms, and others within the EU financial sector. This update is particularly critical for entities relying on ICT third-party providers, as they must now prepare to report these contractual relationships and associated risk assessments.

Compliance teams should immediately obtain the official templates and technical specifications from the CSSF announcement. The next step is to initiate an internal data collection exercise to populate these templates accurately, ensuring all relevant ICT third-party contracts and criticality assessments are documented and ready for submission within the mandated deadlines.

View original source →

Get notified about DORA changes

Subscribe to our free weekly digest covering 21 compliance frameworks.