Implementing Regulation on Standard Templates for the Register of Information

Commission Implementing Regulation 2024/2956 laying down Implementing Technical Standards for the application of the EU Digital Operational Resilience Act with regard to standard templates for the register of information, was published in the Official Journal of the European Union. Under Article 28(3) of DORA, as part of their ICT risk management framework, financial entities must maintain and update at entity level, and at sub-consolidated and consolidated levels, a register of information for all contractual arrangements on the use of ICT services provided by ICT third-party service providers. These ITS set out the standard templates for the register of information.

The European Commission rejected the European Supervisory Authorities' draft ITS in September on the basis that financial entities should have the choice of using either EU unique identifiers or legal entity identifiers. The ESAs published an opinion in October setting out their concerns for introducing the EUID as an identifier for these purposes. Nonetheless, the Implementing Regulation refers to financial entities using a valid and active LEI or EUID.

The Regulation enters into force on December 22, 2024, 20 days after publication in the Official Journal.

Return to main website.