HomeRegister of Information › Asset Managers
DORA · Asset Managers

DORA Register of Information for Asset Managers

What DORA changes for asset managers: who is in scope, why the register is particularly unforgiving for management companies, and how to avoid rejection at filing.

In short — Asset managers — UCITS ManCos, AIFMs, third-party management companies — are financial entities in scope of DORA and must file a Register of Information on their ICT providers. The real risk isn't the rules themselves: it's keeping a repeated core of providers consistent across multiple LEIs and templates before filing through OneGate or the CSSF.

On this page

Are you in scope?

Yes. Asset managers — UCITS management companies, AIFMs, and third-party management companies (ManCos) — are financial entities within the scope of DORA (Regulation (EU) 2022/2554). As such, they must maintain and file a Register of Information listing every contractual arrangement with an ICT third-party service provider, whether or not the service in question supports a critical or important function. The register sits alongside — not instead of — your other ICT risk management obligations under DORA: it is specifically the annual reporting deliverable, built from the EBA's 15 interlinked templates. For the general rules on scope, format and structure, see the DORA Register of Information guide.

What makes an asset manager's register different

An asset manager sits on top of a fairly typed chain of providers: depositary, fund administrator / valuation agent, market data vendors, portfolio and order management systems (PMS/OMS), and hosting providers. Many of these functions are themselves delegated further down the chain, which stretches out the ICT sub-outsourcing chain you need to map — see ICT third-party providers for how to declare each link. A market data vendor may itself rely on an exchange feed reseller, and a cloud-hosted PMS may run on a hyperscaler your compliance team never directly contracted with — both links belong in the register.

Some of these arrangements also support a critical or important function — custody, order execution, NAV calculation — which changes the level of assessment required for the underlying service. See critical or important functions to work out which of your providers fall into that category.

An asset manager's register rarely struggles on substance. It struggles on keeping a repeated core of providers consistent across every fund and every entity.

The multi-LEI and consolidation puzzle

This is the most sensitive point for asset managers. A group running several funds or several entities — sub-funds of a SICAV, FCPs, feeder funds, dedicated vehicles — typically ends up mapping the exact same core of providers separately under each LEI. That core has to stay consistent from one entity to the next: the same LEI for the same provider, the same criticality flag, the same DPM values. Depending on your group structure and your authority, filing can be individual (reporting type IND) per entity or consolidated (CON) at group level. That reporting type is itself a DPM value declared in the entity template — get it wrong and the whole submission can look inconsistent with your group's actual filing pattern.

This is where errors concentrate:

Typical rejection causes for asset managers

See the full breakdown in why registers get rejected and the xBRL-CSV format requirements.

Deadline and filing

Filing is an annual obligation. In France, it goes through OneGate (ACPR/AMF); the exact calendar should be confirmed with the AMF. In Luxembourg, ManCos and cross-border funds file through the CSSF's eDesk. Either way, the register has to be assembled from the 15 EBA templates before it can be submitted — see how to fill in the register for a template-by-template walkthrough. Whoever signs off the filing — typically a compliance officer or a delegated signatory — is itself declared in the register's signatories template, so that identity has to be consistent too, filing after filing.

Validate every entity's register before you file

DoraReady checks your register against the EBA's 116 validation rules, flags inter-table inconsistencies and non-conforming values, and generates the xBRL-CSV package — entity by entity or across a multi-LEI group. Everything runs in your browser: your list of providers never leaves your machine.

Run the free diagnostic

Frequently asked questions

Do asset managers have to file a register?
Yes. UCITS management companies, AIFMs and third-party ManCos are financial entities in scope of DORA and must file a Register of Information on their ICT third-party arrangements.
One register per fund, or per LEI?
Scope is assessed at entity/LEI level. A group may file several individual (IND) registers or one consolidated (CON) filing; the same core of providers is often repeated and must stay consistent — confirm with your authority.
What is the filing portal?
OneGate (AMF/ACPR) in France, the CSSF's eDesk in Luxembourg. Filing is annual; confirm the exact calendar with your competent authority.
Does DoraReady guarantee acceptance?
No. It reduces the risk of technical rejection by checking the file before submission; it does not replace your regulator's official review and does not guarantee acceptance.

← The complete DORA register guide · Lire en français →