Information on the Digital Operational Resilience Act (DORA)

- ICT service provider identification via Legal Entity Identifier (LEI) -

As part of DORA, the Regulation (EU) 2022/2554 on digital operational resilience in the financial, a Technical Implementation Standard has been published in draft status, which among other things, prescribes ICT service provider identification via a valid Legal Entity Identifier (LEI) for financial entities.

As a result, the LEI is expected to become mandatory for certain legal entities under DORA as of January 17, 2025, as affected companies will have to comply with the DORA requirements from this date.

All key information you need to obtain your LEI quickly and reliably:

As an ICT service provider, have you been asked to apply for an LEI?

Bundesanzeiger Verlag GmbH, with its officially accredited LEI issuing organization LEIReg, is your competent partner for meeting regulatory requirements. We can issue your LEI quickly and easily in just a few steps. Please register in a first step and then log in to apply for your LEI. 

REGISTER NOW

Are you a financial institution and need support in meeting the LEI requirements through DORA? 

Please contact us at dora-lei@bundesanzeiger.de and benefit from our customized solutions - from LEI issuance to LEI monitoring.

All key information about DORA:

What is DORA?

The Digital Operational Resilience Act, or DORA for short, is a major regulatory measure of the European Union that came into force on January 16, 2023. 

What is the aim of DORA?

The aim of DORA is to strengthen digital operational resilience in the financial sector by introducing new, uniform rules for the use of information and communication technologies (ICT). The aim is to ensure that a wide range of financial entities, including banks, insurance companies, investment firms and payment service providers, are able to effectively respond to and recover from cyberattacks and other digital threats.

How is DORA to be implemented?

The strict regulations for risk management, security requirements and the monitoring of third-party providers are intended to strengthen confidence in the digital infrastructure of the financial sector. The Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) actively supports the implementation of DORA in Germany and sees it as a key to strengthening financial market stability.

What role does the LEI play in this regulation?

The document "Final Report on Draft ITS on Register of Information" deals with the development of implementing technical standards (ITS) for the register templates in relation to all contractual arrangements for the use of ICT services by third party providers in the financial sector. This ITS is necessary to monitor the risk of third-party ICT providers and to facilitate monitoring by the competent authorities, as provided for under the Digital Operational Resilience Act (DORA).

The ITS ensures that financial institutions must keep and update detailed information about their contractual arrangements with third party ICT providers at different levels (individual, sub-consolidation and consolidation level). This information is recorded in standardized templates to ensure consistent and efficient data management. 

A central aspect of the ITS is the identification of the ICT third-party providers and the financial entities by the Legal Entity Identifier (LEI) in order to enable clear and consistent identification. The current draft of the ITS explicitly stipulates an LEI requirement for the identification of certain legal entities so that the financial institutions concerned can identify their third-party ICT service providers beyond doubt.

Who must possess an LEI according to the current ITS of the DORA Regulation?

Financial entities (including banks, insurance companies, investment firms and payment service providers) and their third-party ICT providers must have a valid and active LEI if they are legal entities.

Where can I find further information on DORA?

You can find further information here