ICT Third-Party Register (Register of Information)
The register of information is a structured record of every ICT third-party arrangement a financial entity relies on, required under DORA Article 28. Building and maintaining it, in the format competent authorities expect, is a core, recurring DORA obligation.
What the register must contain
Each arrangement is recorded with the provider, service, whether it supports a critical or important function, contract dates, governing law, and exit arrangements. The register must be kept current and be reportable to authorities on request. See the glossary definition for the full field set.
Build it yourself or with support
Our free TPP Register Generator produces a register in the EBA column format. For larger estates, providers offer tooling and managed maintenance, compare them in the directory.
Frequently asked questions
Who must maintain a register of information under DORA?
All in-scope financial entities must maintain a register of their ICT third-party arrangements at entity, sub-consolidated, and consolidated levels.
What format should the register use?
Authorities expect the harmonised EBA register template. Our generator exports matching columns.
How often is the register submitted?
Entities report their registers to competent authorities at least annually and whenever authorities request them.