DORA Register of Information

 🔑 Key Highlights 

• All in-scope financial entities must submit an annual RoI (at entity or consolidated level), recording any new, amended, or terminated agreements with ICT third-party arrangements.
• Reporting is via the MFSA LH Portal; submissions must show “Accepted” status to be considered compliant.
• Reporting Period: 1 January (or next working day) – 21 March (or next working day). 
• Reference date each year: 31 December of the calendar year preceding the Reporting Period.
• Non-compliance may trigger regulatory action.

Beyond the annual submission, it is important to maintain and update internal RoI documentation on an ongoing basis and to monitor MFSA and ESAs communications for any updates to DORA reporting requirements.

Now is the time for financial entities to assess their ICT outsourcing inventories, strengthen data governance practices, and take proactive steps toward DORA compliance ahead of the 2026 deadline.

Our team at RMC Wise can support you with your DORA reporting obligations — get in touch to learn more.