DORA Register of Information — CySEC filing guide (2026)

If your firm is authorised by CySEC, your DORA Register of Information is one of the earliest filings in the EU — and CySEC has been explicit that the format has changed. This guide covers the CySEC deadline, the mandatory XBRL-CSV format, and exactly what CySEC's automated checks flag.

Filing deadline — CySEC (Cyprus)

~28 February 2026

The earliest Register of Information deadline in the EU — weeks ahead of the 31 March ESA backstop most vendors quote.

Format required

XBRL-CSV only. CySEC Circular C751 states explicitly that Excel is no longer accepted — a register submitted in the wrong format is rejected on load, before any of its content is even assessed.

Reference date

31 December 2025 — your register must reflect every ICT third-party arrangement in place on that date.

What CySEC checks

LEI checksums (ISO 7064) on every provider, validated against the GLEIF registry
Broken fourth-party references — subcontractor links that point at a record that doesn't exist
Missing exit-strategy clauses on critical or important providers (Art 28(8))

Common errors that get flagged

Firms that filed incomplete data in the 2025 cycle are being specifically scrutinised in 2026
Excel submissions rejected outright under Circular C751
Invalid LEIs and unreconciled cross-table references

Who's in scope

~30 crypto-asset service providers (CASPs) regulated by CySEC
CIFs (Cyprus investment firms) and other CySEC-supervised entities

Drop your vendor CSV into CleanDesk — see what CySEC would flag in 60 seconds.

Run your register free →

No signup · nothing uploaded · runs in your browser

DORA filing guides by regulator

This guide is general information, not legal advice, and deadlines and formats can change — always confirm the current requirement directly with the Cyprus Securities and Exchange Commission (CySEC) before you file.