Home › DORA Register of Information
DORA · Register of Information

The DORA Register of Information

The complete guide to the register every financial entity must keep under DORA: what it is, who files it, the format that trips everyone up, and how to build one that doesn't get rejected.

In short — The DORA Register of Information is a structured inventory of a financial entity's contractual arrangements with ICT third-party service providers, required under the Digital Operational Resilience Act. It is filed annually with the national authority in xBRL-CSV format and is built from 15 interlinked templates (B_01.01 to B_99.01) defined by the EBA.

On this page

What the Register of Information is

Under DORA (the Digital Operational Resilience Act), financial entities must maintain a Register of Information describing every contractual arrangement for the use of ICT services provided by third parties. It is not a free-form document: it is a regulated dataset, kept up to date and submitted to the supervisor each year.

It is less a form to fill in than a structured map of your ICT dependencies — and it has to hold together.

Who must file one

Financial entities in scope of DORA, including: asset managers and management companies (UCITS ManCos, AIFMs), banks, insurers, payment and e-money institutions, investment firms, and crypto-asset service providers. The register covers all ICT service arrangements — not only those supporting a critical or important function.

The xBRL-CSV format

The register isn't submitted as a free Excel file. The expected output is xBRL-CSV defined by the EBA — a set of structured CSV files following the taxonomy and the DPM (Data Point Model) dictionary, packaged with their metadata. The format is rigid: structure, encoding, naming and allowed values are all normalised. One out-of-range value and the whole submission is rejected.

The 15 templates

The register is made of 15 templates in 8 groups (Commission Implementing Regulation (EU) 2024/2956), linked together by foreign keys: entity information, contractual arrangements, signatories, service usage, ICT providers, functions, assessments and definitions. The arrangements template B_02.01 is the hub referenced by most of the others. Full breakdown: the 15 templates of the register.

Why registers get rejected

Almost never because of substance — usually because of technical issues: a non-ISO date, a non-conforming country or DPM value, an invalid LEI, a missing mandatory template, non-UTF-8 encoding, or an inconsistency between the interlinked templates.

Check your register before you submit

DoraReady checks your register against the EBA's 116 validation rules, points out line by line what would cause a rejection, and generates the xBRL-CSV package. Everything runs in your browser: your list of providers never leaves your machine.

Run the free diagnostic

Frequently asked questions

What is the Register of Information?
A structured inventory of your contractual arrangements with ICT third-party service providers, required under DORA, filed annually in xBRL-CSV and built from 15 interlinked EBA templates.
Who must file one?
Financial entities in scope of DORA — asset managers, banks, insurers, payment/e-money institutions, investment firms, CASPs — covering all ICT service arrangements.
Why do registers get rejected?
Mostly technical: non-ISO dates, non-conforming DPM values, invalid LEIs, missing templates, bad encoding, or inconsistencies between templates.
Does DoraReady guarantee acceptance?
No. It reduces the risk of technical rejection by checking the file before submission; it does not replace your regulator's official review and does not guarantee acceptance.

Lire ce guide en français →