EU CELLAR6 May 2026
CELEX:32024R1348R(03)This is a corrigendum to the Digital Operational Resilience Act (DORA) Delegated Regulation 2024/1348, published on 6 May 2026. It corrects technical errors in the original text, specifically in…
DORACSSF17 Feb 2026
DORA – Submission timeframe for register of information for third-country branches of credit institutions having their head office in a third country
Digital Operational Resilience Act. Sourced from CSSF, summarised by Matproof.
AI Analysis
What changed and what to do.
The CSSF has published a communication specifying the submission timeframe for a key DORA requirement. It mandates that third-country branches of credit institutions, whose head office is outside the EU, must submit their register of information on contractual arrangements with ICT third-party service providers. This register is a core DORA obligation for managing ICT third-party risk.
This change directly affects all credit institutions operating in the EU via a branch structure, where the parent entity is headquartered in a non-EU third country. These branches fall under the direct supervisory remit of the CSSF for DORA compliance.
Compliance teams at affected branches must now prepare to submit this register to the CSSF within the specified timeframe. They should immediately verify that their register is fully populated and accurate, encompassing all required contractual details with ICT providers, to ensure timely submission and adherence to this clarified deadline.
This summary is AI-generated for orientation purposes. For regulatory action, always consult the original source linked above.
More DORA updates
Latest in Digital Operational Resilience Act.
EU CELLAR5 May 2026
CELEX:32024R2952R(02)This is a corrigendum to the Digital Operational Resilience Act (DORA), specifically correcting a technical error in the original Regulation 2024/2952. The correction addresses a misalignment in the…
EU CELLAR5 May 2026
CELEX:32024R3005R(01)On 5 May 2026, the European Commission published a corrigendum to the Digital Operational Resilience Act (DORA), formally referenced as CELEX:32024R3005R(01). This correction addresses technical…
EU CELLAR4 May 2026
CELEX:32024R1689R(04)This is a corrigendum to the Digital Operational Resilience Act (DORA), specifically correcting errors in the original text of Regulation (EU) 2024/1689. The corrections address technical…
Map this to your controls
Connect regulatory changes to your compliance work.
Matproof maps every regulator update directly to your controls and surfaces the ones that affect your organisation — across 21 frameworks.