The European Banking Authority (EBA) has released a series of clarifications related to the Digital Operational Resilience Act (DORA). These updates, issued on March 28, 2025, focus on specific data fields in the reporting templates required under DORA, helping financial entities navigate the reporting process with more precision.
Below are the key Q&As covered in this EBA update, which focus on various template-specific instructions:
1. Hierarchy of the Financial Entity within the Group (Field B_01.02.0050)
Question ID: 2024_7277
-
Issue: Clarification on what ‘where applicable’ means in the title of data field B_01.02.0050 and reporting instructions for non-financial entities.
-
Clarification: This field should be reported when relevant to the entity’s structure. In the case of a non-financial entity, such as when options 22, 23, or 24 are selected for the entity type in B_01.02.0040, the entity does not need to report data for this field.
2. LEI of the Direct Parent Undertaking (Field B_01.02.0060)
Question ID: 2024_7278
-
Issue: Guidance on how to report the LEI when the financial entity does not have a direct parent undertaking.
-
Clarification: If the financial entity is its own parent or reports individually, the LEI field should reflect the appropriate identification for the entity.
3. Country of the Governing Law of the Contractual Arrangement (Field B_02.02.0130)
Question ID: 2024_7279
-
Issue: Clarification on how to report this field when the ICT service is not critical or important.
-
Clarification: This primary key should still be reported even if the ICT service does not support a critical function.
Question ID: 2024_7280
-
Issue: How to report field B_02.02.0150 for non-storage ICT services.
-
Clarification: If the ICT service is not related to data storage (B_02.02.0140 = ‘No’), then the data for this field should be reported accordingly.
4. Location of Management of the Data (Field B_02.02.0160)
Question ID: 2024_7281
-
Issue: Reporting instructions when the ICT service does not foresee data processing.
-
Clarification: In cases where no data processing is involved, this field should be reported with appropriate details or left blank if not applicable.
5. Identification Code of the Branch (Field B_04.01.0040)
Question ID: 2024_7282
-
Issue: How to report when the financial entity is not a branch.
-
Clarification: If the entity is not a branch, this data field does not need to be reported.
6. Type of Code to Identify ICT Third-Party Service Providers (Field B_05.01.0020)
Question ID: 2024_7283
-
Issue: How to report the type of identification code when using codes other than LEI or EUID.
-
Clarification: This field should be populated with the relevant identification code or left blank if no appropriate code is available.
7. Identification Code of the Recipient of Sub-contracted ICT Services (Field B_05.02.0060)
Question ID: 2024_7284
-
Issue: Reporting instructions for this field when the ICT third-party service provider is a direct provider.
-
Clarification: If the ICT service provider is a direct provider (rank = 1), the relevant identification code should be reported.
8. Reporting Missing Values (Primary Keys)
Question ID: 2024_7285
-
Issue: How to report data fields in cases where there are missing values.
-
Clarification: If certain required values are missing, these fields should either be left blank or reported with specific notations as defined in the reporting guidelines.
9. Part 2 – Template Specific Instructions for Template B_06.01
Question ID: 2025_7313
-
Issue: Clarification regarding the missing data point B_06.01.0050 from the official ITS templates.
-
Clarification: It has been confirmed that this data point is no longer applicable.
These updates offer critical guidance on how to correctly fill out the required DORA reporting templates, specifically focusing on the appropriate use of data fields related to ICT service providers, contractual arrangements, and organizational structures. For entities working on their DORA compliance, this guidance is vital to ensure accurate and consistent reporting.
For further questions or assistance regarding DORA reporting, please feel free to contact Konkrit Solutions at info@konkritsolutions.com.
