{"id":56829,"date":"2025-03-31T14:55:57","date_gmt":"2025-03-31T12:55:57","guid":{"rendered":"https:\/\/www.usd.de\/?p=56829"},"modified":"2025-03-31T17:39:07","modified_gmt":"2025-03-31T15:39:07","slug":"bafin-workshop-dora-register-of-information","status":"publish","type":"post","link":"https:\/\/www.usd.de\/en\/bafin-workshop-dora-register-of-information\/","title":{"rendered":"Our 3 Key Takeaways from the BaFin Workshop on the DORA Register of Information"},"content":{"rendered":"\n

Original publication date: March 10, 2025<\/em>.<\/p>\n\n\n\n

Since the publication of this blog post, BaFin has postponed the deadline for submission from April 11 to April 28, 2025<\/a>.<\/em><\/p>\n\n\n\n

\n\n\n\n

<\/p>\n\n\n\n

More than 3,000 participants attended the two-hour online workshop hosted by the German Federal Financial Supervisory Authority (BaFin<\/a>) on submitting the Register of Information (RoI).<\/strong><\/p>\n\n\n\n

<\/p>\n\n\n\n

A Brief Recap: The Register of Information<\/h2>\n\n\n\n

Since January 2025, the Digital Operational Resilience Act (DORA<\/a>) has required companies in the financial sector to maintain a Register of Information. This register must contain all contractual agreements regarding the use of information and communication technology (ICT) services between a company and its third-party ICT providers.<\/p>\n\n\n\n

The purpose of compiling this information in a standardized overview document is to give the European Supervisory Authorities (ESAs) insight into the contractual relationships and the dependencies of European financial institutions on third-party ICT providers. The goal is to identify potential concentration risks across Europe in order to limit or even prevent them in the future.<\/p>\n\n\n\n

DORA mandates that the register must be kept available as of January 17, 2025, and provided to the relevant supervisory authority upon request. In addition to this ongoing availability, the Register of Information must also be submitted annually to the supervisory authority<\/strong>. The first submission must be made to BaFin by April 28, 2025 <\/strong>\u2013 or, in the case of significant credit institutions, to the European Central Bank (ECB).<\/p>\n\n\n\n

To answer key questions about the submission process, BaFin held a workshop<\/strong>. Our financial security experts attended on your behalf and identified three key takeaways:<\/p>\n\n\n\n

<\/p>\n\n\n\n

Excel or No Excel? That Is the Question.<\/h2>\n\n\n\n

The ESAs have specified XBRL as the required format for creating the Register of Information. Since this format poses challenges, particularly for small and medium-sized enterprises, BaFin has stepped in to help by providing an Excel template. After submission, BaFin will convert the Excel file into XBRL and forward it to the ESAs.<\/p>\n\n\n\n

BaFin\u2019s Excel template is fully aligned with the relevant ITS (Implementing Technical Standards) for the Register of Information<\/a>, following the same numbering and terminology. The template is only available in English.<\/p>\n\n\n\n

During the workshop, BaFin pointed out that the Excel template is primarily intended for small and medium-sized enterprises, as it reaches its limits when handling large data volumes.<\/p>\n\n\n\n

Additionally, the template is only a beta version and currently available exclusively for Windows. Another key issue raised was that the template includes macro elements, which many IT departments prohibit for security reasons.<\/p>\n\n\n\n

<\/p>\n\n\n\n

Don\u2019t Wait Until April 28 to Upload!<\/h2>\n\n\n\n

We've all seen it happen \u2013 deadlines get stretched to the very last minute. However, in this case, an early submission is strongly advised, and here\u2019s why:<\/p>\n\n\n\n