Banking & Fintech /

Important! The PFSA Calls for Immediate Registration in DORA Systems 

On February 6, 2025, the Polish Financial Supervision Authority (PFSA) once again reminded financial institutions of the necessity to obtain access to the DORA reporting systems. The Digital Operational Resilience Act (DORA) has been directly applicable since January 17, 2025, and the deadline for registration in the PFSA systems expired on January 31, 2025.

The PFSA has identified that some entities have not submitted applications for access to the reporting systems, preventing them from fulfilling their reporting obligations. This may result in negative consequences, including difficulties in assessing their digital resilience. FSA has identified that some entities have not submitted applications for access to the reporting systems, preventing them from fulfilling their reporting obligations. This may result in negative consequences, including difficulties in assessing their digital resilience.

What is the DORA Regulation and why is it crucial?

The DORA Regulation (Digital Operational Resilience Act) is an EU regulation aimed at enhancing the operational resilience of the financial sector in managing digital risks. It applies to all entities providing financial services, including banks, insurance companies, fintech providers, and other institutions subject to PFSA regulations.

DORA imposes strict requirements regarding cybersecurity procedures, IT risk management, and the reporting of incidents to relevant supervisory authorities. More details on PFSA’s position can be found here.

What DORA reporting systems are required?

Financial institutions are required to obtain access to:

  • DORA Reporting System (SSD) – for reporting other than ICT incidents: crp.knf.gov.pl
  • DORA Incident Management System (SOID) – for reporting ICT-related incidents and cyber threats: csirt.knf.gov.pl

Failure to register in these systems may result in sanctions for non-compliance with DORA regulations. PFSA has urged institutions to take urgent action and rectify the issue no later than February 10, 2025.

How to register correctly in DORA systems?

To obtain access to the systems, financial institutions must:

  • have an ePUAP Trusted Profile for authentication,
  • provide the LEI code of their entity,
  • register through the appropriate PFSA websites.

How to register correctly in DORA systems? To obtain access to the systems, financial institutions must: have an ePUAP Trusted Profile for authentication, provide the LEI code of their entity, register through the appropriate FSA websites.

Need help with registration?

The PFSA reminds financial institutions of the urgent need to register in the DORA reporting systems, with the initial deadline having passed on January 31, 2025. Failure to register may result in sanctions and difficulties in assessing the digital resilience of entities. DORA imposes strict cybersecurity and incident reporting requirements on the financial sector. The PFSA urges institutions to take immediate action and complete their registration by February 10, 2025.

Need help? Contact us! Our law firm offers assistance in the registration process and obtaining access to the required systems.

Author team leader DKP Legal Mateusz Bałuta
Contact our expert
Write an inquiry: [email protected]
check full info of team member: Mateusz Bałuta

Contact us

Flaga Polski.POZNANPOLAND
Młyńska 16
61-730 Poznań
+48 61 853 56 48[email protected]
Flaga Polski.WARSAWPOLAND
Rondo ONZ 1
00-124 Warsaw
+48 22 300 16 74[email protected]
Flaga Polski.KRAKOWPOLAND
Opolska 110
31-355 Kraków
+48 61 853 56 48[email protected]
Flaga Polski.ZIELONA GÓRAPOLAND
Jana Sobieskiego 2/3
65-071 Zielona Góra
+48 61 853 56 48[email protected]
Flaga Włoch.MILANITALY
Via F. Sforza 15
20122 Milan
+48 61 853 56 48[email protected]
See all local services