Documentation
DORA RoI is a browser-based tool for preparing the Register of Information required under the Digital Operational Resilience Act (DORA — EU Regulation 2022/2554) and its Implementing Technical Standard (ITS — EU Commission Implementing Regulation 2024/2956).
Financial entities within the EU must maintain and submit a register documenting all contractual arrangements with ICT third-party service providers. The register reference date is 31 December 2025. Financial entities submit to their competent authority according to local deadlines; from 2026, competent authorities report to the ESAs by 31 March annually.
What This Tool Does
DORA RoI helps you fill out, validate, and export the 15 register templates laid down in Commission Implementing Regulation (EU) 2024/2956. You can enter data manually template by template, or import from Excel. The tool guides you through entity information, contractual arrangements, signatories, service usage, ICT providers, function mapping, and risk assessments. When you are ready, it exports a compliant xBRL-CSV package for submission to your competent authority.
Privacy by design
This tool runs entirely in your browser. Your data is stored in local storage and never leaves your device. No data is sent to any server. You can verify this by inspecting network traffic — there are no API calls after the initial page load. See the Security & Privacy page for full details.
Quick Links
Getting Started
Step-by-step guide to filling out the DORA Register of Information, from entity setup through to export.
Import Guide
How to import register data from Excel files, supported formats, header mapping, and troubleshooting.
Template Reference
Overview of all 15 templates, their fields, relationships, and grouping structure.
Validation Guide
Understand the four-layer validation system: technical checks, DPM rules, DORA business logic, and EBA rules.
Export Guide
How the xBRL-CSV export works, ZIP package structure, naming conventions, and submission steps.
Security & Privacy
Client-only architecture, data storage, threat model, and security recommendations for organizations.
Regulatory Background
DORA (Regulation (EU) 2022/2554) establishes a comprehensive framework for digital operational resilience in the EU financial sector. Article 28 requires financial entities to maintain a register of information on all contractual arrangements with ICT third-party service providers.
The ITS (Commission Implementing Regulation (EU) 2024/2956) specifies the exact format and content of this register, defining 15 templates organized into 8 groups: entity information, contractual arrangements, signatories, service usage, ICT providers, functions, assessments, and definitions.
The register must be reported to competent authorities such as the ECB, EBA, EIOPA, or national financial supervisory bodies. The reporting format is xBRL-CSV, following the EBA Taxonomy 4.0.
Key Dates
| Milestone | Date |
|---|---|
| DORA entry into force | 16 January 2023 |
| DORA application date | 17 January 2025 |
| ITS published in Official Journal | 20 November 2024 |
| ITS entry into force | 10 December 2024 |
| Register reference date | 31 December 2025 |
| CA-to-ESA reporting deadline | 31 March annually (from 2026) |