European Union: Drafted Implementing Technical Standards to establish the template register of information for all contractual arrangements on the use of ICT services provided by third-party providers under DORA

On 10 January 2024, the three European Supervisory Authorities (EBA, EIOPA and ESMA) published a draft Implementing Technical Standard (ITS) to establish standard templates for the register of information required under Regulation EU 2022/2554 on digital operational resilience for the financial sector. The regulation specifies that the register should include information on all contractual arrangements for ICT services provided by third-party providers to financial entities and sets out general requirements for maintaining and updating the register, including using valid legal entity identifiers (LEIs) to identify providers to enable effective oversight. The draft regulation proposes a set of minimum harmonised templates while allowing financial entities flexibility to supplement based on internal risk management needs. The regulation establishes templates to capture information such as general details on the financial entity and entities in its scope of consolidation, details on contractual arrangements like parties involved, dates, and jurisdictions, identification of functions supported by ICT services and risk assessments for services supporting critical/important functions. The templates are structured as a relational database using keys like contractual reference numbers and LEIs to link relevant data, with the aim of ensuring accuracy, consistency, completeness, and quality of data in the register.