The EU’s Digital Operational Resilience Act (DORA) became applicable on January 17, 2025. For many US businesses – especially those providing technology services to regulated financial institutions in the EU – this regulation introduces a concrete new requirement that directly affects them: EU financial entities must record a standardized identifier for each ICT third-party service provider in their register of information.
What is DORA?
DORA is an EU regulation designed to strengthen the digital resilience of the financial sector. It applies to banks, insurers, investment firms, payment institutions, and a wide range of other regulated financial entities across all EU member states.
Its core aim is to ensure that financial entities can withstand, respond to, and recover from ICT-related disruptions – whether caused by cyberattacks, system failures, or third-party technology outages.
Who does DORA affect?
DORA applies directly to regulated financial entities operating within the EU. US companies are not subject to DORA themselves – but any US business providing technology services to an EU financial institution is affected, because DORA’s requirements fall on the EU client, who must record a standardized identifier for every ICT provider in their register.
Under DORA, financial entities must maintain a register of information covering all contractual arrangements for ICT services provided by ICT third-party service providers.
For each provider in this register, the financial entity is required to record a standardized identifier:
For providers that are legal persons established within the EU: an LEI or EUID
For providers that are legal persons not established in the EU: an LEI
For a closer look at how this works in practice, the GBRIS blog covers automating DORA’s ICT third-party register with verified EUID data in detail.
This means that if your company provides ICT services to a regulated financial institution in the EU, your client needs a standardized identifier to include you in their DORA register – an LEI. As a US-registered business, your company is a legal person established outside the EU – which means an LEI is the required identifier under DORA. Without it, onboarding or supplier due diligence may be delayed while your EU client works to complete its DORA register.
What is an LEI?
A Legal Entity Identifier is a unique 20-character code that identifies a legal entity in financial and regulatory systems worldwide. It is issued by GLEIF-accredited LEI Issuers (also known as Local Operating Units, or LOUs), often accessible via registration agents and is widely used across financial regulatory frameworks globally, including MiFID II, EMIR, and EU DORA – and under DORA, it is the required identifier for ICT providers established outside the EU.
You can check the LEI status of any entity for free through the GLEIF public registry.
The renewal requirement
An LEI is not a one-time registration. It must be renewed annually to remain active. A lapsed LEI remains a valid identifier in the GLEIF system, but it signals that renewal is overdue – and some counterparties and onboarding processes may prefer it to be current.
According to GLEIF data, the global LEI renewal rate is around 62%. This means a significant share of registered LEIs worldwide are not currently renewed on time.
Before assuming your company’s LEI is valid, it is worth verifying its current status in the GLEIF database.
What to do now
Check whether your company has an active LEI. Use the GLEIF public registry to verify the status. If your LEI has lapsed, you can renew it quickly on our website.
Register an LEI if you don’t have one. DORA is already in effect, and EU financial institutions are actively building and auditing their ICT registers. As a US-registered business, you are a legal person established outside the EU – which means an LEI is the required identifier for your EU clients’ DORA register. An LEI is also internationally recognized and widely used beyond the DORA register context, making it a practical choice for any business operating across borders.
Keep your LEI data up to date. Outdated entity information is a common issue that can cause problems during client onboarding and regulatory checks.
You can register a new LEI or renew an existing one through AmericanLEI – an Official LEI Registration Agent operating under EQS Group GmbH, a GLEIF-accredited Local Operating Unit. Registration is fully online and typically completed within 24 hours.