ICT providers are the foundation of your DORA Register of Information. Every contractual arrangement, risk assessment, and concentration risk analysis links back to a provider record. This article walks through every field in the provider creation form and the provider detail page.

Creating a New Provider

Navigate to Register of Information → ICT Providers and click the "Add Provider" button.

Provider Form Fields

FieldTypeRequiredDetails
Display NameText inputRequiredThe common name you use to refer to this provider. Placeholder: "e.g., AWS, Microsoft Azure, Salesforce"
Legal NameText inputOptionalThe full registered legal name. Placeholder: "Amazon Web Services, Inc."
LEIText inputOptionalLegal Entity Identifier. Maximum 20 characters. Input is automatically converted to uppercase. Placeholder: "20-character LEI code". A link to the GLEIF website is provided for reference.
Headquarters CountryDropdownRequiredSelect from all EU/EEA member states plus: United States, United Kingdom, Switzerland, Norway, Israel, India, Singapore, United Arab Emirates, Japan, Australia, Canada
Provider TypeDropdownRequiredOptions: Cloud Service Provider, Software Vendor, Data Center Operator, Network Provider, Managed Service Provider, Payment Processor, Security Provider, Infrastructure Provider, Consulting/Advisory, Other
Alternative IDText inputConditionalShown only when no LEI is provided. Placeholder: "e.g., BIC code, registration number"
Alternative ID TypeDropdownConditionalShown alongside Alternative ID. Options: BIC, DUNS, National registration number, Tax ID/VAT, Other
Intragroup EntityCheckboxOptionalTick if this provider is part of your corporate group. Affects template B_02.03 (intra-group arrangements).
CriticalityRadio buttonsRequiredThree options with distinct colour styling: Critical (red), Important (amber), Supporting (blue). This directly maps to DORA's tiered approach to oversight.
Person TypeRadio buttonsRequiredTwo options: Legal person or Natural person. Most providers are legal persons.
Ultimate Parent IDText inputOptionalThe identifier of the provider's ultimate parent entity, if applicable.
Ultimate Parent ID TypeDropdownOptionalOptions: Not applicable, LEI, BIC, DUNS, National registration, Tax ID, Other
Contact NameText inputOptionalName of the primary contact at the provider.
Contact EmailText inputOptionalEmail address of the primary contact.
NotesTextareaOptionalFree-text notes about the provider. Useful for recording context, relationship history, or special considerations.

LEI Lookup Feature

Instead of manually entering the LEI, you can use the LEI Lookup feature:

Step 1: Open the lookup modal

Click the "Search GLEIF" button next to the LEI field. A modal dialog will appear with a search box.

Step 2: Search for the entity

Type the provider's name or LEI code. The search is debounced at 400ms, meaning it waits 400 milliseconds after you stop typing before sending the query to the GLEIF API.

Step 3: Review the results

Each result displays:

  • Country badge — the two-letter country code
  • Legal name — the officially registered name
  • Trading name — the name the entity trades under, if different
  • LEI code — the 20-character identifier
  • City and country — registered address
  • Entity status badgeActive (green) or Inactive (red)

Step 4: Select and auto-fill

Click on a result to automatically populate the LEI, Legal Name, and Headquarters Country fields in the provider form.

ℹ️
The LEI Lookup queries the GLEIF public API in real time. Ensure you have internet connectivity. If the provider does not have an LEI, you can use the Alternative ID fields instead.

Provider Detail Page

After saving a provider, you are taken to the provider detail page. This page shows all the information you entered and provides additional features.

CTPP Classification

The Critical Third-Party Provider (CTPP) Classification feature helps you determine whether a provider may be designated as critical by the European Supervisory Authorities under DORA Art 31.

Step 1: Trigger the calculation

Click the "Calculate CTPP Score" button on the provider detail page.

Step 2: Review the weighted score

The system calculates a weighted score from 0 to 10 based on factors including criticality, number of linked contracts, number of critical functions supported, concentration risk indicators, and substitutability.

Step 3: Examine the breakdown

A detailed breakdown is shown with colour-coded bars for each factor. The bars use a gradient from green (low risk) to red (high risk).

Related Records

The provider detail page also shows links to all related records:

  • Contractual Arrangements — all contracts associated with this provider
  • Risk Assessments — all risk assessments completed for this provider
💡
Keep your provider records up to date. Changes to a provider's criticality or status will ripple through to your concentration risk analysis and compliance scoring.