DORA
DORA Register: Instructions for a First Submission Without Errors
Feb 11, 2025
As the April 30, 2025 deadline approaches, financial institutions subject to DORA must submit their first ICT information register. This document centralizes all contracts made with ICT service providers, including those considered critical or important. Here’s how to prepare a mistake-free submission.
1. Understand the expectations of the DORA register
The register must list all active contractual agreements with ICT providers. For each contract, it is essential to indicate the services provided, the associated critical function, the contractual terms, audit rights, termination clauses, and many other mandatory fields according to the implementing regulation (EU) 2024/2956.
2. Identify and classify your suppliers
List all active suppliers
Determine if the service provided is related to a critical or important function
Assign a level of criticality to each supplier
3. Collect the missing data
Contact suppliers to complete the mandatory fields
Centralize all contracts and annexes in a single space
Validate the information with the Purchasing, Legal, and IT teams
4. Choose the right technical format
The register must be submitted in CSV format, structured according to the templates provided by the authorities. Note: during the European dry run, 94% of submitted Excel files were rejected!
5. Conduct a cross-review
Have the register reviewed by the Risk Manager, DPO, and CISO to validate the completeness and compliance of the data.
6. Submit on time
Deadline in France: April 15, 2025, via the ACPR OneGate portal
Receipt by the AES: April 30, 2025
Conclusion
A well-prepared register ensures that you successfully cross the first step of DORA compliance with peace of mind. With Galink, you centralize, evaluate, and automatically export your register, compliant with the required format.