🇱🇺 CSSF Guidance high

Guidance for interpretation and resolution of CSSF error messages related to the submission of the DORA register

Published 11 February 2026 | Luxembourg

AI Analysis

Executive Summary

This CSSF guidance document, published on 11 February 2026, provides detailed explanations and resolution steps for error messages encountered during the submission of the DORA Register of Information (RoI) via the eDesk portal, specifically for the 2026 submission cycle. It matters because it enables Luxembourg financial entities to ensure compliant submissions amid enhanced validation checks on more data fields, avoiding re-submission delays and supporting timely transmission to the ESAs by CSSF deadlines. Non-compliance risks supervisory scrutiny under DORA's ICT risk management framework. #

What Changed

- Enhanced validation checks for the 2026 RoI submission: Applies ESA-defined checks (last updated April 2025) to more data fields to improve data quality, compared to prior cycles. - Specific error resolutions detailed, including requirements for LEI code communication to CSSF beforehand, correct reference date ('2025-12-31') in file naming, plain-CSV files in predefined .zip structure, and proper FilingIndicators.csv/parameters.csv content. - Mandatory inclusion of all tables (even empty) in FilingIndicators.csv set to 'true', with matching identification codes across parent-child records. - Builds on prior CSSF guides, emphasizing eDesk role "DORA Reporting" assignment and ESAs' technical standards. No new regulatory requirements under DORA itself; this refines technical submission pro

What You Need To Do

Assign "DORA Reporting" role in eDesk to dedicated employee(s) per user guide
Communicate LEI code to CSSF line supervisor prior to first submission to enable upload
Prepare RoI in plain-CSV files within
Test submissions against listed error codes (e
Consult ESAs' EBA resources (data point model, validation rules, FAQs) and CSSF guides (e
If errors post-CSSF validation, re-submit promptly; prepare for ESA second-round checks

Key Dates

31 December 2025 - Reference date for 2026 RoI submission (all contractual arrangements up to this date).

11 February 2026 - Publication date of this error guidance (last updated 10/02/2026).

1 April 2025 to 15 April 2025 - Initial 2025 submission window via eDesk (for context; 2026 window likely similar, pending confirmation).

30 April 2025 - CSSF re-submission deadline post-validation for 2025; analogous for 2026 if errors detected. DEADLINE

May 2025 - ESAs' second-round validation for 2025; expect similar for 2026 with potential re-submissions.

2026 specific submission timeframe not yet detailed in sources; monitor CSSF for updates akin to 2025.

Compliance Impact

Urgency: High - Published today (11 February 2026), this equips firms for imminent 2026 RoI submissions (reference date 31 December 2025), with stricter validations on expanded fields risking rejections/re-submissions. Matters for operational resilience compliance under DORA Article 28, as accurate RoI supports supervisory oversight of ICT third-party risks; delays could trigger CSSF/ESA follow-up

Who is Affected

Luxembourg financial entitiesdirectly supervised entities), required to submit RoI at individual, sub-consolidated, or consolidated levels per Article 28(3) DORA and Article 3 Joint ESA Decision.Entities with ICT third-party service provider contractual arrangements, including banks, investment firms, payment providers, and others in scope of DORA.Third parties assisting with submissions must avoid broad eDesk access to prevent data exposure risks.

References

Summary

Guidance allowing financial entities to identify the National Competent Authority to which their register of information has to be submitted.

Sectors

Banking & Credit Investment Management Payments & E-Money

Topics

Operational Resilience / Outsourcing Technology & Cyber Reporting & Disclosure

Relevant Firm Types

BankFintechPayment Provider

View Original on CSSF Back to Feed