In the context of DORA, the Register of Information (RoI) is a mandatory report that lists all contractual arrangements with ICT third-party service providers.
All financial entities operating in the EU must submit a DORA RoI (Record of Information) report annually. A full list of who is defined as a financial entity can be found under Article 2 of the legislation: Digital Operational Resilience Act (DORA) .
Technical Requirements
- Format: Reports must be submitted in xBRL-CSV format, strictly adhering to the ESA Reporting Framework 4.0.
- Content: The RoI consists of interconnected templates covering contract IDs, provider LEIs, data locations, and subcontractors.
- Validation: Files must pass strict technical validations; common errors include incorrect reference dates or non-unique timestamps in filenames.
Key Preparation Steps
- LEI Synchronization: Ensure your Legal Entity Identifier (LEI) is correctly registered with your national regulator’s portal.
- Subcontractor Mapping: Submissions require more mature data, specifically including detailed documentation of chain outsourcing (subcontractors).
- Level of Consolidation: Reporting is required at the individual, sub-consolidated, and consolidated levels where applicable.
Our reporting service provides
- Data Aggregation: Consolidating contract details, Legal Entity Identifiers (LEIs), and service types from disparate procurement and legal systems.
- Hierarchy Mapping: Managing the complex “Chain Outsourcing” requirements—identifying subcontractors that support “Critical or Important Functions.”
- Technical Conversion: Converting internal spreadsheets into the mandatory ESA Reporting Framework 4.0 (xBRL-CSV) files.
- Validation Engine: Running pre-submission checks against the EBA Validation Rules to prevent portal rejections.
- Direct Submission: Handling (optional) the secure upload to national portals.