The European Supervisory Authorities (ESAs) have announced their intentions to launch the voluntary exercise for the next stage of the DORA implementation. The ESAs, which include EBA, EIOPA, and ESMA, plan to introduce in May 2024 the voluntary exercise for the collection of the registers of data of contractual arrangements on the leverage of ICT third-party service providers by financial organisations.

Financial entities are set to be required to maintain registers of information about their use of ICT third-party providers, under the Digital Operation Resilience Act (DORA), starting from 2025. The exercises’ objectives and ESAs’ plans As part of the dry run exercise, the above-mentioned information is set to be collected from financial entities via their competent authorities, being intended to serve as preparation for the implementation and reporting of registers of data under DORA. The ESAs, together with the competent authorities, plan to introduce the voluntary exercise to support financial organisations in preparing for developing their register of information, collecting the relevant data specific to the regulator’s final draft of Implementing Standards  and reporting to their respective authority. Furthermore, the ESAs mention that financial entities that participate in the dry run are set to receive assistance in developing their register of information in the format of the steady-state reporting of 2025, testing their process, addressing data quality difficulties, and enhancing internal procedures and quality of their registers of information.

Additionally, during the exercise, the ESAs intend to deliver feedback on data quality to financial entities, return cleaned files with their register of data, organise workshops, and respond to questions. The press release also mentions that ad-hoc data collection is projected to be introduced in May 2024, with the financial entities being expected to submit their registers of information to the ESAs via their competent authorities starting 1 July 2024 until 30 August 2024. Moreover, to deliver more information about the dry run and answer any questions, the ESAs plan to provide an introductory workshop for financial entities at the end of April 2024. More information about DORA The DORA was launched at the beginning of January 2023, with it being set to take effect starting on January 2025.

The act was developed to enhance the digital operational resilience of entities operating in the EU financial sector, while also supporting important digital operational resilience requirements for all EU financial entities. The regulatory framework covers areas such as ICT-related incident management and reporting, ICT risk management, digital operational resilience testing, and the management of ICT third-party risk. .