DORA ROI Reporting Engine

The DORA ROI Reporting Engine supports the structured management and supervisory-ready reporting of the Register of Information (ROI) required under the Digital Operational Resilience Act (DORA).

DORA introduces mandatory obligations for financial entities to maintain a detailed, accurate, and up-to-date register of their ICT third-party service providers and related contractual arrangements. Supervisory authorities expect the ROI to be complete, consistent, traceable, and readily reportable upon request.

REGREP’s DORA ROI Reporting Engine provides the technical infrastructure required to operationalise these requirements by enabling structured data capture, validation, versioning, and reporting of ROI information in line with DORA expectations.

The Digital Operational Resilience Act (Regulation (EU) 2022/2554) establishes a harmonised EU framework for managing ICT risk across the financial sector. As part of this framework, in-scope entities are required to:

• Maintain a Register of Information covering ICT third-party arrangements

• Ensure accuracy, completeness, and ongoing updates

• Make the register available to competent authorities upon request

The ROI is a core supervisory artefact under DORA and plays a key role in third-party risk oversight and systemic ICT concentration monitoring.

The DORA ROI Reporting Engine enables firms to:

• Maintain a structured and centralised ROI data set

• Capture ICT third-party relationships and dependencies consistently

• Apply validation controls to improve data quality and completeness

• Track changes, versions, and historical updates to ROI records

• Produce supervisory-ready ROI outputs on demand

The engine is designed to support ongoing operational maintenance of the ROI, not just point-in-time reporting.

Provides a structured data model aligned with DORA ROI requirements, supporting consistent representation of ICT third-party providers, services, and contractual relationships.

Applies validation checks to improve completeness, consistency, and logical coherence of ROI data prior to supervisory reporting or internal review.

Supports tracking of updates and historical changes to the ROI, enabling traceability across reporting periods and supervisory enquiries.

Enables generation of ROI outputs suitable for submission or provision to competent authorities, aligned with DORA reporting expectations.

Designed to integrate with existing ICT, vendor management, and third-party risk processes, reducing duplication and manual reconciliation.

The DORA ROI Reporting Engine operates as a core capability within REGREP’s regulatory reporting infrastructure and is typically used alongside:

• Regulatory data management and validation

• Structured reporting workflows across entities and groups

• Other REGREP capabilities supporting supervisory reporting

REGREP does not provide regulatory approval or compliance certification. The engine supports the technical preparation and maintenance of ROI information in line with DORA requirements.

Relevant Regulation

• Digital Operational Resilience Act (DORA)

Related Capabilities

• EBA XBRL Reporting Converter

• Prudential Reporting Engine (IFR / CRR)

• Regulatory data validation and governance

The DORA ROI Reporting Engine is commonly used by:

• Banks and credit institutions

• Investment firms

• Payment institutions and electronic money institutions

• Crypto-asset service providers subject to DORA

• Groups with complex ICT third-party ecosystems