As per 17 January 2025, the EU Digital Operational Resilience Act (DORA) will enter into force. One of the requirements under DORA is that financial institutions in scope of DORA must keep a register of all contractual agreements with ICT service providers (DORA-register).
Information register
On 6 December 2024, the Dutch Authority for the Financial Markets (AFM) announced that in February 2025 it will request all financial institutions under its supervision and in scope of DORA to submit their DORA-register to the AFM. This allows the AFM to submit the collected DORA-registers to the European supervisory authorities (EBA, EIOPA and ESMA) in a timely manner, which must be done by 30 April 2025 at the latest.
Requirements for the register
Along with the request, the financial institutions involved will also receive a notice on the response time they must adhere to. When preparing the DORA-register, financial institutions in scope of DORA should observe the requirements as laid down in the Implementing Technical Standards (ITS) on the DORA-register as adopted by the European Commission.
In the announcement of 6 December 2024, the AFM has stressed that it is important to verify that all mandatory fields are included in the DORA-register. If any fields are missing or incomplete, the DORA-register cannot be shared by the AFM with the European supervisory authorities. In such cases, the AFM will have to request the entire DORA-register with the concerning financial institution again.
Contact
Should you require any assistance with the preparation of the DORA-register for your organisation, please do not hesitate to reach out to us.
