What is a critical or important function under DORA?

A function whose failure would materially impair the financial soundness of the entity, or the continuity or quality of its services, or whose disruption would jeopardise compliance with its regulatory obligations. The classification triggers stricter requirements.

Where do I declare critical functions in the DORA register?

Functions are identified in template B_06.01, linked to the ICT services through B_02.02, and services supporting a critical or important function are assessed in template B_07.01.

Do I also declare non-critical services?

Yes. The register lists all arrangements with ICT providers, not only those tied to a critical function. Criticality drives the level of assessment, not inclusion in the register.

Home › Register of Information › Critical or important functions

DORA · Criticality

Critical or important functions

It's the most structuring notion in the register — and the most scrutinised. It decides the level of requirements on each provider. Here's the definition, how to identify one, and where to declare it.

In short — A critical or important function under DORA is one whose failure would materially impair the financial soundness, the continuity or quality of the entity's services, or jeopardise compliance with its regulatory obligations. You declare it in B_06.01 and assess the service supporting it in B_07.01.

On this page

The definition
Why it matters
How to identify them
Where to declare them
Common errors
FAQ

The definition

Under DORA, a critical or important function is a function whose failure would:

materially impair the financial soundness of the entity, or the continuity or quality of its services; or
whose disruption would jeopardise compliance with its regulatory obligations or the conditions of its authorisation.

Criticality isn't guessed: it's justified, function by function.

Why it matters in the register

Classifying a function as critical or important triggers a higher level of requirements: it mandates an assessment of the ICT service supporting it and concentrates the supervisor's attention. Getting the boundary wrong means either under-declaring (a compliance risk) or over-declaring (needless burden).

How to identify them

Review your business functions and ask, for each:

would its disruption directly impact clients or markets?
is there a quick fallback, or is the dependency strong?
would a failure trigger a regulatory breach (reporting, payments, custody of assets…)?
is the function supported by an external ICT provider (and its subcontracting chain)?

The answers build your critical perimeter — document it, because the supervisor may ask for the justification.

Where to declare them in the register

B_06.01 — you declare the list of your functions with an identifier and their classification (including criticality);
B_02.02 — each ICT service is linked to the function it supports (via the function identifier);
B_07.01 — services supporting a critical or important function are assessed (risk, substitutability, etc.).

For the overview of templates and their links, see the 15 templates of the register.

Common errors

a function identifier used in B_07.01 but missing from B_06.01 (orphan reference);
a service linked to a critical function in B_02.02 but without an assessment in B_07.01;
criticality that is unjustified or inconsistent across entities in a multi-LEI group.

Check functions ↔ services ↔ assessments consistency

DoraReady verifies that every function identifier, service reference and assessment points to an existing record, among the EBA's 116 validation rules, and generates the xBRL-CSV package. Everything runs in your browser: your data never leaves your machine.

Run the free diagnostic

Frequently asked questions

What is the exact definition?

A function whose failure would materially impair the financial soundness, continuity or quality of the entity's services, or jeopardise its regulatory obligations.

Where do I declare it?

Functions in B_06.01, service-to-function link in B_02.02, assessment of critical services in B_07.01.

Do I declare non-critical services?

Yes. The register lists all ICT arrangements; criticality drives the level of assessment, not inclusion.

Does DoraReady guarantee acceptance?

No. It reduces the risk of technical rejection by checking the file before submission; it does not replace the regulator's review and does not guarantee acceptance.

← The complete DORA register guide · Lire en français →