Adding ICT Providers — DORA

ICT providers are the foundation of your DORA Register of Information. Every contractual arrangement, risk assessment, and concentration risk analysis links back to a provider record. This article walks through every field in the provider creation form and the provider detail page.

Creating a New Provider

Navigate to Register of Information → ICT Providers and click the "Add Provider" button.

Provider Form Fields

Field	Type	Required	Details
Display Name	Text input	Required	The common name you use to refer to this provider. Placeholder: "e.g., AWS, Microsoft Azure, Salesforce"
Legal Name	Text input	Optional	The full registered legal name. Placeholder: "Amazon Web Services, Inc."
LEI	Text input	Optional	Legal Entity Identifier. Maximum 20 characters. Input is automatically converted to uppercase. Placeholder: "20-character LEI code". A link to the GLEIF website is provided for reference.
Headquarters Country	Dropdown	Required	Select from all EU/EEA member states plus: United States, United Kingdom, Switzerland, Norway, Israel, India, Singapore, United Arab Emirates, Japan, Australia, Canada
Provider Type	Dropdown	Required	Options: Cloud Service Provider, Software Vendor, Data Center Operator, Network Provider, Managed Service Provider, Payment Processor, Security Provider, Infrastructure Provider, Consulting/Advisory, Other
Alternative ID	Text input	Conditional	Shown only when no LEI is provided. Placeholder: "e.g., BIC code, registration number"
Alternative ID Type	Dropdown	Conditional	Shown alongside Alternative ID. Options: BIC, DUNS, National registration number, Tax ID/VAT, Other
Intragroup Entity	Checkbox	Optional	Tick if this provider is part of your corporate group. Affects template B_02.03 (intra-group arrangements).
Criticality	Radio buttons	Required	Three options with distinct colour styling: Critical (red), Important (amber), Supporting (blue). This directly maps to DORA's tiered approach to oversight.
Person Type	Radio buttons	Required	Two options: Legal person or Natural person. Most providers are legal persons.
Ultimate Parent ID	Text input	Optional	The identifier of the provider's ultimate parent entity, if applicable.
Ultimate Parent ID Type	Dropdown	Optional	Options: Not applicable, LEI, BIC, DUNS, National registration, Tax ID, Other
Contact Name	Text input	Optional	Name of the primary contact at the provider.
Contact Email	Text input	Optional	Email address of the primary contact.
Notes	Textarea	Optional	Free-text notes about the provider. Useful for recording context, relationship history, or special considerations.

LEI Lookup Feature

Instead of manually entering the LEI, you can use the LEI Lookup feature:

Step 1: Open the lookup modal

Click the "Search GLEIF" button next to the LEI field. A modal dialog will appear with a search box.

Step 2: Search for the entity

Type the provider's name or LEI code. The search is debounced at 400ms, meaning it waits 400 milliseconds after you stop typing before sending the query to the GLEIF API.

Step 3: Review the results

Each result displays:

Country badge — the two-letter country code
Legal name — the officially registered name
Trading name — the name the entity trades under, if different
LEI code — the 20-character identifier
City and country — registered address
Entity status badge — Active (green) or Inactive (red)

Step 4: Select and auto-fill

Click on a result to automatically populate the LEI, Legal Name, and Headquarters Country fields in the provider form.

ℹ️

The LEI Lookup queries the GLEIF public API in real time. Ensure you have internet connectivity. If the provider does not have an LEI, you can use the Alternative ID fields instead.

Provider Detail Page

After saving a provider, you are taken to the provider detail page. This page shows all the information you entered and provides additional features.

CTPP Classification

The Critical Third-Party Provider (CTPP) Classification feature helps you determine whether a provider may be designated as critical by the European Supervisory Authorities under DORA Art 31.

Step 1: Trigger the calculation

Click the "Calculate CTPP Score" button on the provider detail page.

Step 2: Review the weighted score

The system calculates a weighted score from 0 to 10 based on factors including criticality, number of linked contracts, number of critical functions supported, concentration risk indicators, and substitutability.

Step 3: Examine the breakdown

A detailed breakdown is shown with colour-coded bars for each factor. The bars use a gradient from green (low risk) to red (high risk).

Related Records

The provider detail page also shows links to all related records:

Contractual Arrangements — all contracts associated with this provider
Risk Assessments — all risk assessments completed for this provider

💡

Keep your provider records up to date. Changes to a provider's criticality or status will ripple through to your concentration risk analysis and compliance scoring.