The introduction of the information register under the Digital Operational Resilience Act (DORA) poses significant challenges for many companies. The new requirements of the European Supervisory Authorities (ESAs) force financial institutions to maintain a complete and regularly updated directory of all ICT-related contractual agreements. In addition, there is an obligation to report this data to the authorities at least once a year. The associated time, personnel and data management costs are enormous – but there is a solution.
Our solution: automated creation of the DORA information register with our low-code software tool
With our software solution, you are on the path to automation and increased efficiency. Developed specifically for DORA requirements, our solution supports you in three central steps:
1. data collection
Our software processes data from various source systems, checks it for plausibility and assigns it to the fields of the information register.
- Automated integration: available data is uploaded directly into the tool.
- Add missing data: machine support or manual entry makes it easier to complete the data.
- Reusability: once collected, data can be used for future reports.
2. Review and approval
An automated validation ensures that all information is complete and correct. The software solution also ensures that the data in defined selection fields is transformed into the syntax required by the ESAs in the information register.
- Versioning and compliance: Changes in the ESAs’ requirements are automatically incorporated into the software.
- Approval process: Optionally, the data can be checked using a four-eyes principle.
3. Submission
The submission is either fully automated or by exporting a pre-prepared file in the required CSV format, which can then be uploaded to the relevant authority as a ZIP file.
- Logging: Every adjustment and report is documented in an audit-proof manner.
- Ensuring data quality: Automatic validations increase the quality of the reports.
Your benefits: Smart and efficient DORA compliance
With our solution, you can significantly reduce the effort required to create and maintain the information register – while maintaining high quality and security. The most important benefits at a glance:
- Time and cost savings: Thanks to automation and data reusability.
- Secure auditing: A record of all changes ensures seamless traceability.
- Scalability: The solution remains robust and low-maintenance, even with large amounts of data.
- User-friendliness: Easy to use and integrate into existing processes.
The challenges of the DORA information registry
Reporting to the information register is more than just a bureaucratic process – it requires in-depth data management and close coordination between different departments. The main challenges include:
- Complexity of data collection: data from different source systems (e.g. contract, company and order data) must be available in a high level of granularity and linked together.
- Enormous time and personnel costs: the creation and maintenance of a complete register can hardly be managed manually.
- Ensuring audit compliance: changes and adjustments must be historicised and logged in order to meet legal requirements.
- Unclear deadlines: While the BaFin continues to cite 17 January 2025 as the deadline, the ESAs have postponed the deadline for submitting national authority reports to 30 April 2025. For companies, this means that early preparation remains crucial.
Why manual creation is not sufficient
Many companies rely on solutions from their contract management system – but these often only cover 5-10% of the required information. Additional data, such as the assignment of critical company functions or the linking of external services with company structures, is stored in other data silos and must be integrated at great expense. A manual approach quickly reaches its limits here.
Results and adjustments according to the DORA Dry run for the information register
In mid-2024, the European Supervisory Authorities (ESAs) conducted a dry run test for reporting the information registers under the Digital Operational Resilience Act (DORA). The results showed that 6.5% of the registers passed all data quality checks and that the majority of the remaining registers failed fewer than 5 out of 116 checks.
To further improve data quality, the ESAs published a list of validation rules and a visual representation of the data model in November 2024. These measures are designed to help financial firms prepare their registers for official reporting in 2025. The technical implementing regulation (EU) 2024/2956, which contains the detailed requirements for the creation and reporting of the registers, was adopted to supplement this.
The ESAs also announced an updated technical reporting package with a revised data point model, a taxonomy and validation rules. This package will serve as a guide for the final reports in 2025. Workshops were held to support this, the last of which took place in December 2024, to explain the final report of the dry run and adjustments to the technical standards.
Financial companies are encouraged to use the materials provided and individual feedback to improve the quality of their data and to meet the regulatory requirements in a timely manner.
Conclusion: Act now – time is running out
Although the deadlines of BaFin and ESAs currently differ significantly, 17 January 2025 remains an important milestone. Companies that collect their data and automate their processes at an early stage have a clear advantage. With our low-code based software solution, you can take the first step towards sustainable digital resilience – and meet the DORA requirements without additional stress.
Contact us today to learn more about our solution and to advance your preparation for DORA. Efficient, secure and future-oriented!