DORA register of information: LEI, EUID and CRN clarification

Under normal circumstances, the DORA register of information is the conclusion of a comprehensive exercise completed against Art 8 of DORA.

One requirement for the DORA register of information (RoI) is the supply of an LEI or a EUID or alternatives.

There are several options to identify a third party provider (TPP) in the RoI, but rules vary depending on the type of business registration and their location.

Your organisation needs to understand the following

  1. Is the TPP a registered business (legal persons) or a sole-trader (individual acting in a business capacity).
  2. Is the TPP registered in the EU or not?

The rules can be summarised as follows:

  1. Business registered in the EU: LEI or EUID
  2. Business NOT registered in the EU: LEI
  3. Sole trader (EU or Non EU): CRN, VAT, PRN, NIN.

Note 1: the PRN or NIN also put the register in the scope of the GDPR. 
Note 2: I assume (but haven't checked) that a sole trader can't have a EUID nor can register a LEI.

So for instance, if you are an ICT services TPP in the UK, with a client regulated in the EU that happens to be in scope of DORA, you will probably need to register a LEI or your client won't be able to comply with DORA.

It may not be conveniencet, but it's now the law!

You can check the official rules here: https://eur-lex.europa.eu/eli/reg_impl/2024/2956/oj

For EUID, you can search here (with patience) https://e-justice.europa.eu/content_find_a_company-489-en.do 

Bizoneo offers a comprehensive DORA module which can also prepare the Register of Information. It validates the LEI, reducing the errors in the submission.

Claude Saulnier
CDPO - CIPP/E

Bizoneo

Post Scriptum (PS):