Fast and easy DORA reporting
DORA reporting solutions & services
The Digital Operational Resilience Act (DORA) is an EU reporting mandate which became applicable on 17th January 2025. It is designed to collect data on the third-party Information and Communications Technology (ICT) suppliers of financial entities. This is to ensure that firms are monitoring their 3rd party risks and to give the EU visibility of the finance industry’s critical software and services providers.
Key information
Who needs to report against DORA?
All financial entities operating in the EU must submit a DORA report annually. A full list of who is defined as a financial entity can be found under Article 2 of the legislation: Digital Operational Resilience Act (DORA) .
Who do you need to report DORA to?
The DORA legislation identifies national competent authorities (NCAs) who are required to collect DORA reports and enforce the rules set down by the European authorities. Because DORA covers a wide variety of financial entities, the legislation refers to pre-existing reporting obligations in order to match them up with their normal or natural regulator, this can be seen in the legislation here. This means that companies will generally submit DORA reports to their normal industry regulator.
What is the deadline for DORA?
From 2026 onwards the EU wide deadline is 31st March each year. Some national competent authorities will set a country-specific deadline slightly earlier to ensure they can pass on the reports by this date.
What is the required format?
Like many other regulatory reports required by European regulators, DORA is reported in a digital format called XBRL. More specifically, they should be reported in “XBRL-CSV” format. DORA is the first EU report to use this flavour of XBRL, although several others, especially those defined by the EBA, are planned to be moved to XBRL-CSV as well.
What do you need to make a DORA report?
To make a DORA report you need software which can not only meet the format requirements but also ensure the additional technical validation rules are passed. Without the correct software, you run the risk of your DORA report not being accepted.
CoreFiling’s web-based Seahorse application provides a one-stop solution for DORA reporting. It lets users enter required data in Excel templates or a flat CSV file and convert it to XBRL-CSV.
Once converted, Seahorse runs validation checks to ensure that your submission will be accepted by the National Competent Authority (NCA) collecting DORA reports in your country. CoreFiling’s validation is also run by major financial regulators across Europe so you can be sure that your report is tested to the standard they expect and avoid last minute surprises.
What do you need to make an iXBRL report?
iXBRL and XHTML are document formats, the same as Microsoft Word’s DOCX format or Adobe’s PDF. XHTML is the format used to display websites and, since iXBRL is built on top of XHTML, annual reports can be viewed in any web browser. iXBRL also includes computer-readable information in the form of iXBRL tags that identify and define the meaning of the tagged numbers or text.
Typically, the production of a company’s annual report will start in Microsoft Word or Adobe InDesign. Once the document is ready it will be converted from a PDF or Microsoft Word document into the required format (XHTML or iXBRL) using specialist software. Then, if required, iXBRL tags will be added in a process known as “tagging”. When tags are added to a document, they can be viewed in an iXBRL viewer or read by computers to enhance analysis and automated uses of the data in the reports.