On 11 April 2024, the European Insurance and Occupational Pensions Authority (EIOPA) issued a press release confirming that the European Supervisory Authorities (ESAs) will launch, in May, the voluntary exercise of the collection of the registers of information of contractual arrangements on the use of ICT third party service providers by the financial entities. This is to gather the relevant information specified in the ESA’s final draft Implementing Standards on the registers of information.

Financial entities participating in the dry run will receive support from the ESAs to:

  • Build their register of information in the format as close as possible to the steady-state reporting from 2025.
  • Test the reporting process.
  • Address data quality issues.
  • Improve internal processes and quality of their registers of information.

Under the Digital Operational Resilience Act (DORA) and starting from 2025, financial entities will have to maintain registers of information regarding their use of ICT third party providers. In the dry run exercise, this information will be collected from financial entities through their Member State competent authorities (NCAs) and will serve as preparation for the implementation and reporting of registers of information under DORA.

Next steps

The ad-hoc data collection is expected to be launched in May 2024, with the financial entities expecting to submit their registers of information to the ESAs through their NCAs between 1 July and 30 August. To provide further information on the dry run exercise, the ESAs invite financial entities to take part in an introductory workshop on 30 April 2024.