DORA (Digital Operational Resilience Act) has applied since 17 January 2025. For many businesses that supply ICT services to regulated financial institutions in the EU, this regulation introduces a concrete new requirement for financial entities: they must record a standardised identifier for each ICT third-party service provider in their information register.
What is DORA?
DORA is an EU regulation designed to strengthen the financial sector’s digital operational resilience. It applies to banks, insurance companies, investment firms, payment institutions, and a broad range of other regulated financial entities across all EU member states.
Its central objective is to ensure financial entities can withstand, respond to, and recover from ICT-related disruptions – whether caused by cyberattacks, system failures, or technology outages at third-party providers.
Who does DORA affect?
DORA applies directly to regulated financial entities. But its reach extends well beyond the financial sector itself.
Under DORA, financial entities must maintain an information register covering all contractual arrangements for ICT services provided by ICT third-party service providers.
For each provider in this register, the financial entity is required to record a standardised identifier:
- For providers that are legal persons established within the EU: an LEI or EUID
- For providers that are legal persons not established in the EU: an LEI
For a closer look at how this works in practice, the GBRIS blog covers automating DORA’s ICT third-party register with verified EUID data in detail.
That means if your company supplies ICT services to a regulated financial institution in the EU, your client needs a standardised identifier to include you in their DORA register. As an India-registered business, you are a legal person established outside the EU – which means an LEI is the required identifier for your EU clients’ DORA register. Without it, the onboarding or vendor due diligence process may be delayed while the client completes their DORA register.
What is an LEI?
A Legal Entity Identifier is a unique 20-character code that identifies a legal entity in financial and regulatory systems worldwide. It is issued by GLEIF-accredited LEI Issuers (also known as Local Operating Units, or LOUs), often accessible via registration agents and is widely used across financial regulatory frameworks globally, including MiFID II, EMIR, and EU DORA – and under DORA, it is the required identifier for ICT providers established outside the EU.
You can check the LEI status of any entity for free through the GLEIF public registry.
The renewal requirement
An LEI is not a one-time registration. It must be renewed annually to remain active. An lapsed LEI remains a valid identifier in the GLEIF system, but it signals that renewal is overdue – and some counterparties and onboarding processes may prefer it to be up to date.
According to GLEIF data, the global average LEI renewal rate is around 62%. That means a significant share of registered LEIs globally are not renewed on time.
Before assuming your company’s LEI is valid, it’s worth verifying the current status in the GLEIF database.
What to do now
Check whether your company has an active LEI. Use the GLEIF public registry to verify the status. If your LEI has lapsed, you can renew it quickly on our website.
Register an LEI if you don’t have one. DORA is already in effect, and EU financial institutions are actively building and auditing their ICT registers. As an India-registered business, you are a legal person established outside the EU – which means an LEI is the required identifier for your EU clients’ DORA register. An LEI is also internationally recognised and widely used beyond the DORA register context, making it a practical choice for any business operating across borders.
Keep your LEI data up to date. Outdated entity information is a common issue that can create delays during client onboarding and regulatory checks.
You can register a new LEI or renew an existing one via IndiaLEI – an official LEI registration agent operating under EQS Group GmbH, a GLEIF-accredited Local Operating Unit. Registration is fully online and typically completed within 24 hours.