Exercice d’essai volontaire pour la collecte des registres d’information requis par DORA (uniquement en anglais)

Under the Digital Operation Resilience Act (DORA) and starting from 2025, financial entities will have to maintain registers of information regarding their use of ICT third-party service providers. In this context, the CSSF would like to draw the attention to the announcement by the European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) of the voluntary exercise for the collection of the registers of information of contractual arrangements on the use of ICT third-party service providers by the financial entities serving as preparation for the implementation and reporting of registers of information under DORA.

In this dry run exercise, the registers of information will be collected from participating financial entities through their competent authorities who will, in turn, provide those to the ESAs.

The press releases made by EBA and ESMA are available online at the following links:

• ESAs to run voluntary dry run exercise to prepare industry for the next stage of DORA implementation | European Banking Authority (europa.eu)
• ESAs to run voluntary dry run exercise to prepare industry for the next stage of DORA implementation (europa.eu)

The CSSF would like to underline the key elements of the ESAs announcements:

• To provide more information regarding the dry run exercise, the ESAs invite financial entities to take part in an introductory workshop on 30 April 2024 from 10 am to 12 pm.This workshop will be held virtually and the deadline for registration is 25 April 2024 using the following link. A dedicated factsheet is also available for more information.
• The ad-hoc data collection is expected to be launched in May 2024 with the financial entities expecting to submit their registers of information to the ESAs through their competent authorities between 1 July and 30 August.
• Financial entities participating in the dry run will receive support from the ESAs to: (1) build their register of information in the format as close as possible to the steady-state reporting from 2025, (2) test the reporting process, (3) address data quality issues, and (4) improve internal processes and quality of their registers of information.
• As part of the exercise, the ESAs will provide feedback on data quality to financial entities participating, return cleaned files with their register of information, organise workshops and respond to frequently asked questions.

The CSSF invites the supervised entities to consider their participation to this exercise, being a good opportunity to test their readiness concerning the implementation and reporting of registers of information under DORA. The CSSF therefore encourages the supervised entities that are considering to participate:

• To register to the ESAs workshop to be able to gain further information and ask any questions before deciding if they volunteer or not for this exercise.
• To inform the CSSF of their wish to participate to the exercise by sending an email to the following email address: ictrisksupervision@cssf.lu by 17 May 2024. The email must specify the exact name of the entity and its CSSF code.