DORA: Reporting DORA registers of information in April 2025

News item supervision

Since the entry into force of DORA, financial institutions must keep a register of information on all contractual agreements on the use of ICT services provided by third-party providers (DORA, Article 28(3)). To start the European process for designating critical third-party ICT service providers, financial institutions must report their information registers to DNB in April. See below for more information on this requirement.

Published: 26 February 2025

Mappen

When will the reporting request be available?

The reporting request will be available from 1 April 2025 in MyDNB (via the Reporting Service(Refers to an external site)). 

What is the reporting deadline?

You must report the information register by 23 April 2025. 

What is the Reporting format?

You must report the information register as an xBRL-CSV file with a table-oriented layout for the data.

The European supervisory authorities (ESAs) have provided a website(Refers to an external site) with a set of resources to prepare for the reporting of DORA registers of information, including the applicable validation rules and a visual representation of the data model. The validation rules are also integrated into the EBA's reporting framework.

To support financial institutions that are unable to implement the xBRL-CSV standard  on time, we are making an alternative delivery method available this year. Financial institutions wishing to make use of this method must report the information register using a standardised Excel template. The template will also be made available in MyDNB via the Reporting Service. We will then convert the Excel template to the xBRL-CSV standard. Responsibility for the accuracy and completeness of the reported information remains with the financial institutions themselves at all times. 

What is the reference date?

The reference date is 31 March 2025. 

What if the information register is not yet fully completed?

In our supervision, we take into account the circumstances and timelines within which legislation is finalised. With respect to the information register, this means we expect financial institutions to be able to report the register on time. The design of the information register and relevant information has been known for some time through publication of the final drafts on 17 January 2024 and the dry run organised by the ESAs. If the information register is not yet fully completed, we ask you to prioritise the quality of the data to be reported over the completeness of the ICT agreements included. 

What happens after 23 April 2025?

We will perform most technical and data quality checks automatically using the validation rules(Refers to an external site). You will receive immediate feedback on these checks. We will then make the information registers available to the ESAs. The ESAs will also perform data quality checks, and check the validation rules with respect to LEI codes and EUIDs. We will inform you of the results, and ask you to rectify any identified errors by resubmitting your report. 

Level of consolidation

The consolidation level at which the information register is requested depends on the prudential consolidation of the financial institution, our supervisory mandate (in Dutch)(Refers to an external site) and the relevant Decision(Refers to an external site) of the ESAs.

  1. Financial institutions for which DNB is the competent supervisory authority, and which are not part of a group of financial institutions, must report the information register at the individual institution level.
  2. Financial institutions for which DNB is the competent supervisory authority, and which are part of a group of financial institutions, where the parent company is an entity outside the European Union and there is no parent company in the EU, must also report the information register at the individual institution level.
  3. Financial institutions for which DNB is the competent supervisory authority, and which are part of a group of financial institutions where DNB also supervises at the consolidated level, must report the information register at the highest level of consolidation in the European Union. If the parent company of a financial institution is under the supervision of another European financial supervisory authority, the information register must be reported to that supervisory authority at the highest level of consolidation within the European Union.

We will use this designation when opening up reporting requirements. Consolidated reporting of the information register reduces the reporting burden on financial institutions. A further explanation including detailed examples is included in Frequently asked questions no. 5.

Banks under the direct supervision of the ECB must report the information register at a consolidated level to the ECB. 

More information

We regularly communicate relevant developments related to DORA. More information on DORA can be found at www.dnb.nl/DORA.

DORA template

45KB XLSX
Download DORA template