The Luxembourg financial regulator, the Commission de Surveillance du Secteur Financier (CSSF), has issued important reminders and practical advice on December 5, 2024, for Financial Entities in preparation for the application of the Digital Operational Resilience Act (DORA).  

LEI code requirement 

Financial Entities must obtain and activate an LEI (Legal Entity Identifier) code to meet certain reporting obligations under DORA. This requirement, outlined in various level 2 texts (e.g., ITS on the register of information and RTS/ITS on reporting of major ICT-related incidents), takes effect on January 17, 2025. Entities without an LEI code are advised to proceed promptly to ensure compliance. 

ICT incident notification via eDesk 

Effective January 17, 2025, Financial Entities are required to report significant ICT-related incidents to the CSSF via the eDesk platform. To comply, entities must establish the “IT Incident Notifier” role in eDesk before this date. Reporting procedures will adhere to those outlined in Circular CSSF 24/847 or the “Major ICT-related incident notification” procedure available on the CSSF eDesk Portal (eDesk), ensuring alignment with current practices. 

ICT outsourcing notifications 

DORA’s Article 28.3 requires Financial Entities to notify authorities of planned ICT contractual arrangements supporting critical or important functions. The CSSF clarified that previously notified outsourcing arrangements under Circular CSSF 22/806 do not need to be resubmitted. However, ICT services already in place that were not deemed critical must be listed in the Register of Information. 

Upcoming deadlines and further guidance 

The ESAs have set 30 April 2025 as the deadline for competent authorities to submit the first register of information for the designation of critical ICT third-party providers. The CSSF will announce the timeline for Financial Entities to submit their registers shortly. 

The full reminder can be accessed directly on the CSSF website : DORA Regulation – reminders and advice on preparedness – CSSF

Feel free to contact us should you have any questions.