HomeRegister of Information › LEI & GLEIF
DORA · LEI & GLEIF

LEI & GLEIF in the DORA Register of Information

A 20-character code, but it identifies both your entity and every one of your ICT providers — and it is one of the most common reasons a DORA register bounces back. Here's what a LEI is, where the register needs one, what to do when a provider doesn't have one, and how a lapsed status quietly breaks a filing.

In short — In the DORA Register of Information, the LEI (Legal Entity Identifier, a 20-character ISO 17442 code from the GLEIF database) identifies both the reporting entity and every ICT third-party provider. It must be active (ISSUED), not LAPSED. A missing, expired or mistyped LEI is one of the most frequent causes of technical rejection.

On this page

What a LEI and GLEIF are

The LEI (Legal Entity Identifier) is a globally unique identifier for legal entities: a 20-character alphanumeric code standardised under ISO 17442. It is issued by accredited bodies called LOUs (Local Operating Units) and published in the free, public reference database maintained by GLEIF (the Global Legal Entity Identifier Foundation).

Think of the LEI as a license plate for a legal entity: unique, verifiable, and only useful if it's kept current.

DORA leans on the LEI precisely because it is already the standard identifier used across EU financial reporting — it lets a supervisor cross-reference the same entity or provider across different regulatory filings without ambiguity.

Where the register needs a LEI

The LEI does double duty in the Register of Information — it identifies the entity filing the register and it identifies who that entity depends on:

That foreign-key structure is why a single bad LEI rarely stays contained: get the entity's own LEI wrong in B_01.02 and every downstream template that points back to it becomes inconsistent too.

Getting and checking a LEI

When a provider has no LEI

A valid LEI is expected for every ICT third-party provider you declare, but in practice not every vendor has one on hand — this shows up most often with smaller software vendors and providers based outside the EU that have never needed a LEI for anything else. Where the register's rules allow another permitted identification code as a fallback, that path exists for a reason: LEIs aren't universal, and the format anticipates it.

What doesn't work is discovering this the week before the filing deadline. Applying for a LEI through a LOU takes time — and if the provider itself has to request and pay for it, that adds a negotiation you don't want to run under time pressure. Build the list of providers' LEI status well ahead of the filing, and chase down the missing ones early.

ISSUED vs LAPSED — the status that trips people up

A LEI doesn't expire outright, but it does need annual renewal with its LOU. Skip the renewal and GLEIF marks the code LAPSED: the number still exists and still resolves to the right entity, but it's no longer treated as current. In practice, a register built with a lapsed LEI is generally treated the same as one built with an invalid LEI — it is one of the checks most likely to flag a filing.

LEI-related rejection causes, in context

None of this is unique to the LEI — it's one instance of a broader pattern behind DORA register rejections. Across the ESAs' 2024 EU dry run, only 6.5% (ESAs, 2024) of submitted registers passed validation on the first attempt, and the recurring failures were technical rather than substantive: non-ISO dates, out-of-range DPM values, invalid identifiers, missing templates, wrong encoding, or exactly this kind of cross-template inconsistency. The full picture, with more failure modes than LEIs alone, is in why DORA registers get rejected.

Check every LEI before you submit

DoraReady validates the format, status and cross-template consistency of every LEI in your register, among the EBA's 116 validation rules, and generates the xBRL-CSV package. Everything runs in your browser: your list of entities and providers never leaves your machine.

Run the free diagnostic

Frequently asked questions

What is a LEI?
A 20-character code (ISO 17442) that uniquely identifies a legal entity worldwide, issued by an accredited LOU and referenced in the public GLEIF database.
Where is the LEI required in the DORA register?
It identifies both the reporting entity and group entities in scope (B_01.02) and every ICT third-party provider (B_05.01); other templates reference these LEIs by foreign key.
What if an ICT provider has no LEI?
Plan ahead: a valid, active LEI is expected, and some foreign or smaller vendors don't have one readily available. Obtaining or renewing it takes time, so start early — a missing or lapsed LEI is a frequent rejection cause.
What does a LAPSED LEI status mean?
ISSUED means the LEI is active and current. LAPSED means the code exists but its annual renewal wasn't completed, so GLEIF no longer treats it as up to date — generally handled the same as an invalid LEI in a register submission.
Does DoraReady guarantee my LEIs will be accepted?
No. It checks LEI format and consistency before submission to reduce the risk of technical rejection; it does not replace the regulator's review and does not guarantee acceptance.

← Back to the DORA Register of Information guide · Lire ce guide en français →