Technology & Cyber Regulations in Luxembourg

Submission of the register of information at individual or consolidated level to the CSSF (excluding entities under the direct supervision of the ECB)

Sectors:

Banking & Credit Investment Management Wealth & Private Banking

Topics:

Operational Resilience / Outsourcing Reporting & Disclosure Technology & Cyber

BankAsset ManagerWealth Manager

View Original

🇱🇺 CSSF Guidance high

February 11th 2026

Guidance for interpretation and resolution of CSSF error messages related to the submission of the DORA register

Guidance allowing financial entities to identify the National Competent Authority to which their register of information has to be submitted.

AI Analysis

This CSSF guidance document, published on 11 February 2026, provides detailed explanations and resolution steps for error messages encountered during the submission of the DORA Register of Information (RoI) via the eDesk portal, specifically for the 2026 submission cycle. It matters because it enables Luxembourg financial entities to ensure compliant submissions amid enhanced validation checks on more data fields, avoiding re-submission delays and supporting timely transmission to the ESAs by CSSF deadlines. Non-compliance risks supervisory scrutiny under DORA's ICT risk management framework.

What Changed

Enhanced validation checks for the 2026 RoI submission: Applies ESA-defined checks (last updated April 2025) to more data fields to improve data quality, compared to prior cycles. Specific error resolutions detailed, including requirements for LEI code communication to CSSF beforehand, correct reference date ('2025-12-31') in file naming, plain-CSV files in predefined .zip structure, and proper FilingIndicators.csv/parameters.csv content. Mandatory inclusion of all tables (even empty) in FilingIndicators.csv set to 'true', with matching identification codes across parent-child records. Builds...

What You Need To Do

Assign "DORA Reporting" role in eDesk to dedicated employee(s) per user guide
Communicate LEI code to CSSF line supervisor prior to first submission to enable upload
Prepare RoI in plain-CSV files within
Test submissions against listed error codes (e
Consult ESAs' EBA resources (data point model, validation rules, FAQs) and CSSF guides (e

Key Dates

31 December 2025 - Reference date for 2026 RoI submission (all contractual arrangements up to this date).

11 February 2026 - Publication date of this error guidance (last updated 10/02/2026).

1 April 2025 to 15 April 2025 - Initial 2025 submission window via eDesk (for context; 2026 window likely similar, pending confirmation).

30 April 2025 - CSSF re-submission deadline post-validation for 2025; analogous for 2026 if errors detected. DEADLINE

May 2025 - ESAs' second-round validation for 2025; expect similar for 2026 with potential re-submissions.

Compliance Impact

Urgency: High - Published today (11 February 2026), this equips firms for imminent 2026 RoI submissions (reference date 31 December 2025), with stricter validations on expanded fields risking rejections/re-submissions. Matters for operational resilience compliance under DORA Article 28, as accurate RoI supports supervisory oversight of ICT third-party risks; delays could trigger CSSF/ESA follow-up or fines. Firms with prior 2025 issues (e.g., portal extensions to May 2025) must prioritize to avoid recurrence.

Press release 25/08

Sectors:

Banking & Credit Investment Management Wealth & Private Banking

Topics:

Technology & Cyber Operational Resilience / Outsourcing Authorisation & Licensing

BankAsset ManagerWealth Manager

View Original