The Swedish Financial Supervisory Authority has published practical clarifications on how firms should complete the reporting templates for the Digital Operational Resilience Act (DORA) register of information. The register must be submitted by 28 February and should reflect the situation as at 31 December 2025. The guidance focuses on what to include across specific templates and fields, including that template B_07.01 should only cover contractual arrangements with third-party ICT service providers where the ICT services support a critical or important function or a material part of such a function, with criticality assessed in template B_06.01. Finansinspektionen also highlights expectations on naming conventions (legal names aligned with official registers and replacing Å, Ä and Ö with A or O), reporting amounts for standalone and framework agreements (with specific treatment where costs sit in linked call-off or supplementary agreements), and how to report intra-group agreements (in B_02.03 and also B_02.01, but not B_02.02). Other clarifications cover reporting aggregated annual or estimated costs for direct ICT providers in B_05.01, listing relevant subcontractors in B_05.02, using unique function identification codes consistently between B_02.02 and B_06.01, completing the definitions list in B_99.01, and reporting total assets in B_01.02.0110 based on the 2025 annual report (with stated non-applicability for “non-financial entity” and preferred analogous handling for “other financial entity”). It also states that government authorities should not be classified as third-party ICT service providers. Finansinspektionen points firms to the European Supervisory Authorities’ published guidance, particularly FAQs, and notes the templates reference Commission Implementing Regulation (EU) 2024/2956.

Original source View in tracker