DORA validator:
Check your Register of Information now
Financial entities are required to maintain a Register of Information (RoI) covering all ICT contractual arrangements, involving complex data compilation. These registers will be validated first by national authorities, then by European Supervisory Authorities. In the absence of an official tool, we created the DORA validator to help entities verify their registers before filing.
Review your DORA Register of InformationUnderstanding the DORA Register of Information (RoI)
What is the Register of Information (RoI)?
The Digital Operational Resilience Act (DORA) is a European regulation that enhances financial entities' cybersecurity and operational resilience. It requires firms to identify, assess, and manage risks related to their ICT third-party service providers.
Under DORA, the Register of Information (RoI) is a mandatory dataset that financial entities must maintain and report. It includes:
- A list of all ICT third-party service providers.
- The criticality of each provider to the institution.
- Details of contractual arrangements, including risk assessments and dependency evaluations.
What is the required format and validation rules?
The RoI must be submitted as a structured ZIP package, containing:- Plain CSV files (specific tables based on regulatory templates).
- JSON metadata file (providing taxonomy references).
Each submission is automatically validated by the relevant authority, checking for:
- File integrity (correct ZIP structure, mandatory files present).
- Data consistency (matching key identifiers, expected values).
- Compliance with regulatory rules (both EU-wide and national-level validations).
The ESAs have provided a website with a set of resources to prepare for the reporting of RoIs, including the applicable validation rules and a visual representation of the data model.
Who must submit the RoI and what happens after submission?
AIFMs, management companies (ManCos), investment firms, credit institutions, insurance companies and other entities covered under DORA must submit the Register of Information (RoI) to their respective National Competent Authority (NCA).
Submitted registers will undergo validation checks by the NCAs. Should any errors be identified, the financial entity responsible will be invited to correct and resubmit its register by 30 April 2025, after which the NCAs will transmit the finalized registers to the ESAs.
In May 2025, the ESAs will conduct data quality checks and apply validation rules with respect to LEI codes and EUIDs.
Reporting deadlines & submission schedule
Financial authorities must submit the RoI files to the ESAs by 30 April 2025. The registers shall use the reference date of 31 March 2025 for the first submission.
In EU local countries, financial entities are required to submit their RoI packages to the National Competent Authorities at the locally required date, that precedes the deadline of 30 April 2025.
We provide an overview of local register submission deadlines and ensure it is regularly updated.
Contribute if you have first hand insights or updates on local submission requirements. Your assistance will help keep this resource accurate.
| Country | Competent Authority | Submission deadline | Reporting channel |
|---|---|---|---|
| Austria | FMA | 1st week of April 2025 | FMA-Incoming Platform |
| Belgium | FSMA | 10 April 2025 | FiMiS |
| Denmark | FSA | 31 March 2025 | FIONA online |
| Estonia | FSA | 31 March 2025 | Not specified |
| Finland | FIN-FSA | 30 April 2025 | Suomi.fi Reporter portal |
| France | AMF | 30 April 2025 | ROSA platform |
| Germany | BAFIN | 11 April 2025 | MVP platform |
| Greece | Bank of Greece | 15 April 2025 | Not specified |
| Ireland | CBI | 04 April 2025 | CBI Portal |
| Italy | Bank of Italy, IVASS | 11 April 2025 | Infostat platform |
| Lichtenstein | FMA | 14 April 2025 | e-Service Portal |
| Luxembourg | CSSF | 15 April 2025 | eDesk |
| Malta | MFSA | 08 April 2025 | Not specified |
| Netherlands | AFM | 16 April 2025 | AFM Portal |
| Netherlands | DNB | 23 April 2025 | MyDNB Portal |
| Poland | KNF | First half of April 2025 | KNF Portal |
| Portugal | Banco de Portugal | 28 April 2025 | Not specified |
| Slovakia | NBS | 17 April 2025 | Not specified |
| Slovenia | ATVP | 14 April 2025 | Not specified |
| Spain | CNMV | 22 April 2025 | Cifra Doc |
| Sweden | FIN-FSA | 15 April 2025 | Fidac |
How the DORA RoI validator works
User-friendly process
The validator is open to any financial entity who wants to benefit from health checks on the format and content of their RoI packages.
Users can access the validator without the need for prior registration or creating an account.
- Upload your RoI zip file in the drop zone
- Read and accept the Terms & Conditions
- Tick the CAPTCHA
- Click on the button to launch the process
- Receive your RoI validation status in real-time
What it checks
The validator integrates three levels of checks sourced from the ESAs’ guidelines:- Level 1: File structure, naming, and completeness
- Level 2: For each file, control of column names/headers and their completeness
- Level 3: Control of required fields and type
Additional levels of checks – levels 4 and 5 – are available upon request by contacting our dedicated team at dora@arendt.com. It caters for integrity & consistency checks of data fields and tables, as well as validity checks on LEIs.
Validation results
The checks are run instantaneously. The validation results are displayed on your web browser in a few seconds.
As a user, you will see:
- A validation confirmation if the uploaded RoI package has passed all checks.
- A failed result with the list of issues in case at least one check is in error.
Check your Register of Information now
Simple. User-friendly. Free.
Upload your file, launch the process and review the validation results.
No data is stored or shared. All uploaded files are processed only for validation purposes and are automatically deleted after validation.
Get started and challenge
your DORA compliance readiness.
Click on the following button to upload your DORA zip file.
Do you need support on DORA? Contact us.
Stay informed
If you would like to receive notifications about DORA regulatory changes, new local NCAs rules and updates applied to the DORA validator, please subscribe to our distribution list by contacting the Arendt expert team.Get assistance
Specific RoI validation approach: We understand that some organizations require confidentiality agreements to protect their RoI data. If you need a tailored approach, please contact us to discuss how we can deliver the same robust controls under a dedicated service agreement with our company.DORA RoI reporting: Has the validator highlighted challenges in structuring data or compiling your Register of Information report? If your organization lacks the right tools to efficiently manage the end-to-end DORA RoI reporting process, Arendt can help. We provide a fully developed, ready-to-use reporting solution designed to ensure compliance and efficiency. This solution is available as a license-based online application for autonomous use or through a managed service model where our experts handle the process for you.
DORA Control Plan solution helps you map controls to requirements, set up and monitor activity plans with a calendar view, and track compliance through dynamic dashboards.
Learn more about our full range of DORA solutions here.
Contribute
Do you have insights into upcoming rules to be applied in your jurisdiction? Or suggestions for improvements?Please contact us at dora@arendt.com . Your input helps us improve coverage and ensure better compliance for all entities