Live demo Book a demo
DORA · Article 28 · Register of Information

File your DORA Register of Information with confidence — not in a spreadsheet.

CleanDesk builds your register and validates it against the published DORA/ESA rules — catching every gap before you submit. Built for smaller financial firms and crypto CASPs.

Try it free — no signup Book a demo ▸
Free · No signup · Your data never leaves your browser — the validator runs entirely on your machine.
Applies published DORA/ESA validation rules — not a guarantee of regulatory acceptance. You review and file.
EVERY NCA RUNS AN AUTOMATED CROSS-CHECK

Would your register survive it?

If your register is clean, you’ll know in 30 seconds. If it isn’t — better you find out than your regulator.

WE CHECK
LEI checksums (ISO-7064) — every provider identifier mathematically verified, validated against live GLEIF records. One bad digit is an instant automated flag.
Template cross-references — every link between the ESA tables reconciled, so no field points at a record that doesn’t exist.
Critical-provider clauses — exit strategies (Art 28(8)) and audit rights (Art 30(2)(e)), required on every critical or important function.
…plus dates, duplicates, required fields and fourth-party chains — every finding cited to its DORA article.
? your score
See your readiness score ▸
Free · No signup · 30 seconds · Nothing leaves your browser
● Built for DORA Art. 28–30 ● MiCA / CASP-ready ● EU-hosted & encrypted ● Processed locally — never uploaded
22,000+
EU financial firms must file — including yours
31 Mar
Due to your regulator. Every single year.
€10M / 2%
Of global turnover — the price of filing it wrong
~44%
Of firms still aren't compliant. Certain you're in the other half?
In 30 seconds

What CleanDesk does

A quick explainer of the problem, and how we solve it.

Cloud host · critical
Data feed · important
KMS · critical
FLAGGED
Penalties up to €10M or 2% of global turnover
LEI checksums valid
References reconciled
Exit & audit clauses present
SUBMISSION READY
DORA compliance, filed right.
Watch: what CleanDesk does
30-second explainer
How it works

Three steps to a clean filing

From vendor export to a submission-ready register — minutes, not days.

1

Upload your supplier spreadsheet

Any vendor export works. CleanDesk maps it to the official ESA register templates — and you see your first validated register in minutes.

2

We build & validate

CleanDesk assembles the Register of Information and runs the automated checks defined in the ESA reporting standards — LEI checksums, broken references, missing exit and audit clauses on critical providers.

3

File with confidence

Fix what's flagged, export the submission-ready register, and keep it current as suppliers and rules change — ready every March.

Try it on your register — free ▸
Product

Built for the register, not as a checkbox

Everything you need to produce, validate and maintain your DORA Register of Information.

Register builder

Maps your suppliers, contracts, functions and subcontractors to the ESA templates automatically.

Regulator-grade validation

LEI (ISO 17442) checksums, cross-table referential integrity, and criticality-control checks — the gaps NCAs flag.

Living register

Kept current as your suppliers and the ESA templates change, with reminders before the 31 March deadline.

One-click export

Produce the submission-ready register and a clear gap report for your board and your regulator.

Third-party & 4th-party

Tracks material subcontractors and concentration so critical-provider chains are complete and defensible.

Incident-ready

Templates and the 4-hour / 24-hour clock for the major-incident reports DORA requires.

Try the live validator ▸ Runs in your browser — nothing uploaded.
Why CleanDesk

The register the big GRC tools skip

General GRC platforms

  • ○ DORA is one checkbox among 30+ frameworks
  • ○ Control mappings, not the actual register
  • ○ Priced and built for large enterprises
  • ○ No crypto / CASP specifics

CleanDesk

  • ✓ Purpose-built for the Register of Information
  • ✓ Runs the validation rules published in the ESA standards
  • ✓ Priced for smaller firms — self-serve
  • ✓ MiCA / CASP-native, ahead of the 1 July deadline
Why you can trust the result

Built to be right — not just plausible

A regulatory filing has to be correct, not convincing. Here's exactly why CleanDesk's validation holds up where an AI's "best guess" doesn't.

Deterministic, not guessed

Every check is arithmetic or a published rule — never an AI's opinion. A LEI is valid or invalid by its ISO-7064 checksum; there's no "probably." Where a chatbot hallucinates, CleanDesk is correct by construction.

Traceable to the rule

Every finding cites the exact DORA article and ESA template field behind it — so your register is defensible to your board, your auditor and your NCA. No black box, no "trust me."

Built on the published standards

The checks implement the ESA Implementing Technical Standards for the Register of Information — the same documented rules in the public rulebook, not our interpretation of them.

Verify it yourself

Don't take our word for it — run your own register in the browser and check every flag against the regulation. The tool is auditable precisely because the rules are public and the checks are explicit.

Tested, not promised: LEI validation verified against live GLEIF records — the global LEI authority — with real LEIs passing and corrupted ones rejected in 100% of cases. In testing, the surveillance engine caught 100% of seeded abuse patterns at ~86% precision. And the register validator is deterministic — it catches every checkable gap, by construction.

CleanDesk applies the published validation rules and shows you the gaps — you review and file. It doesn't promise a regulator will accept your register; it makes sure everything that's checkable is correct, and shows its working.

Security & trust

Your compliance data, handled properly

You're trusting us with sensitive supplier data. Here is exactly how we treat it.

Zero-upload architecture

The validator runs entirely in your browser. Your register isn’t “protected on our servers” — it never reaches them. The strongest data security is data we never hold.

Encrypted & edge-protected

Served over modern TLS on Cloudflare’s global edge network with always-on DDoS protection — the same infrastructure that shields a large share of the web.

No cookies. No trackers. No accounts.

No analytics, no signup, nothing stored by us. We couldn’t misuse your data if we wanted to — we never see it. What you save stays in your own browser.

Verify us in 60 seconds

Open DevTools → Network, run a check, and watch: zero requests leave your machine. Hardened security headers (CSP, frame-deny, nosniff) and a published security.txt disclosure policy. Don’t trust claims — inspect them.

Now onboarding founding design partners. Use CleanDesk on your real register, shape the roadmap, and keep founder pricing through your first filing — request a spot.
Plans

Pick the shape that fits. Pay nothing to start.

Founding design partners run CleanDesk free through their first filing, with founder pricing locked in after — no card, no lock-in, your register exports any time.

Starter

For a single entity

Everything a lean compliance team needs to go from a vendor spreadsheet to a submission-ready register — in an afternoon, not a fortnight.

  • ✓ Full register builder — any vendor export, mapped to the official ESA templates automatically
  • ✓ Regulator-grade validation: ISO-7064 LEI checksums, broken references, missing exit & audit clauses
  • ✓ Submission-ready export + a board-ready PDF where every finding cites its DORA article
  • ✓ A living register — re-run the moment a supplier changes, reminded before every 31 March
  • ✓ Browser-first privacy: your data never leaves your machine
  • ✓ Direct support from the founder
Start free — claim a design-partner spot
MOST POPULAR

Growth

For growing firms

For firms where the register is genuinely complex — multiple entities, deep supplier chains, and the next obligations already looming.

  • ✓ Everything in Starter
  • ✓ Multiple entities under one roof, one audit trail
  • ✓ Third- & fourth-party mapping — subcontractor chains and concentration, defensible end-to-end
  • ✓ DORA incident-reporting workflow — the 4-hour / 24-hour clocks, pre-formatted
  • ✓ Early access to market-abuse surveillance (MiCA Art. 92) as it ships
  • ✓ Priority support + a guided onboarding session
Book a demo

Enterprise

For groups & platforms

For groups, multi-jurisdiction filings, and the consultancies who run registers for many clients at once.

  • ✓ Groups & multi-jurisdiction filings
  • ✓ SSO & audit support
  • ✓ Custom integrations with your vendor & procurement systems
  • ✓ Dedicated onboarding and a named line to the founder
  • ✓ White-label & partner options for consultancies
Talk to us

Paid pilots are fixed-fee and scoped on a call — always a fraction of a consultant engagement.

FAQ

Questions, answered

Under DORA Article 28, every in-scope financial firm must maintain — and file annually to its national regulator — a structured register of every ICT third-party arrangement, including criticality, subcontractors and exit strategies. CleanDesk builds and validates it for you.

Yes. Data is EU-hosted, encrypted in transit and at rest, and never sold. Our browser-based validator processes your data locally — it never leaves your device. You can export and delete your data at any time.

For a regulatory filing, "plausible" isn't good enough — you need provably correct. CleanDesk doesn't ask an AI to guess; it runs the exact deterministic checks defined in the ESA standards (LEI ISO-7064 checksums, the official ESA template, cross-table references), so it's right by construction where a chatbot hallucinates. You get a defensible, audit-ready register you can stand behind with your NCA — not an answer with no accountability — and your confidential supplier data never goes into a public AI model.

General GRC platforms treat DORA as one of dozens of frameworks via control mappings — they don't actually build or validate the Register of Information. CleanDesk is purpose-built for it, runs the published ESA validation rules, and is priced for smaller firms.

Especially. CASPs have been in DORA scope since January 2025 and face the 1 July 2026 MiCA authorisation deadline. CleanDesk is built with crypto-specific suppliers and obligations in mind.

No. CleanDesk is software that helps you produce and validate your register accurately. It does not constitute legal advice; your firm remains responsible for its regulatory obligations.

Who's behind it

Built by someone who knows your world

James — founder of CleanDesk

"I'm James, founder of CleanDesk. After years building systems in financial markets, I kept seeing smaller firms struggle with the same task: producing the DORA Register of Information accurately and on time.

The big platforms treat the register as an afterthought. CleanDesk was built specifically to generate, validate and maintain it — without consultants, spreadsheets or enterprise budgets."

James · Founder, CleanDesk · james9819.54@gmail.com

Talk to me directly

See your register validated — free.

Book a 20-minute demo, or send your vendor list and we'll show you the gaps an NCA would flag.