EU DORA Register of Information

Detects extracts and working copies of the DORA Article 28(3) register of information on contractual arrangements with ICT third-party service providers, including the ESAs' Implementing Regulation (EU) 2024/2956 template content (contractual arrangement reference numbers, provider LEIs, ICT service supply chain, critical or important function flags). The register maps a financial entity's entire ICT outsourcing estate and its concentration risk; disclosure exposes supplier dependencies and attack surface.

Type
keyword_proximity
Engine
universal
Confidence
medium
Confidence justification
Medium confidence: honest topic matcher, not an identifier detector. The Article 28(3) phrase 'register of information' and the ITS field name 'contractual arrangement reference number' are regulation-specific terms of art, and the 85 tier additionally requires DORA register vocabulary (Regulation (EU) 2022/2554, critical or important function, LEI, ICT service supply chain) or B_xx.xx template codes. Compliance-consultancy and news content about DORA uses the same vocabulary and is suppressed only by noise exclusions.
Jurisdictions
eu
Regulations
Regulation (EU) 2022/2554 (DORA), Implementing Regulation (EU) 2024/2956
Frameworks
ISO 27001
Data categories
financial, governance, security
Scope
wide
Risk rating
6

Pattern

(?i)\b(?:register\s+of\s+information|contractual\s+arrangement\s+reference\s+number|ICT\s+third[\s-]party\s+service\s+provider)\b

Corroborative evidence keywords

register of information, contractual arrangement reference number, ICT third-party service provider, Regulation (EU) 2022/2554, DORA, critical or important function, ICT intra-group service provider, ICT service supply chain, type of ICT services, LEI, competent authority, contractual arrangement, subcontractor, substitutability, exit strategy, board, committee, governance, compliance, fiduciary (+10 more)

Proximity: 300 characters

Should match

Should not match

Known false positives

References