A stable, well-functioning financial market for all
StartE-services and formsReporting to FIFIDAC

Reporting according to DORA

Here you will find technical information for reporting of ‘Registers of Information’ and ‘ICT-related Incidents and Cyber Threats’, according to the DORA regulation. Registers of Information reporting is according to European Banking Authority (EBA) framework 4.0.

Reporting of Incidents and Cyber Threats

ICT-related incidents are separated into three different reporting modules in FIDAC: dora_initial, dora_intermediate och dora_final. Cyber Threats is its own reporting module. Data from the Initial notification can be downloaded and reused for the Intermediate report. In the same way, data from the intermediate report can be downloaded and reused for the Final report. This way all three reporting modules can be submitted effectively.

Report content

On this page there are Zip files containing technical schema in JSON format, mapping file and Excel template. The schema and mapping files can be used to generate a JSON file which can be used to submit the reports via the form.

Information about specific fields in the Incident reports:

  • "1.3 Identification code of the entity submitting the report". This field is divided into two fields, where field "1.3a" is specific for LEI code and "1.3b" is specific for EU ID. These fields cannot be submitted at the same time.
  • "3.1 Incident reference code provided by the competent authority". This field refers to a unique reference code which FIDAC generates when the Initial notification is submitted and is included in the email notification sent to the reporter. This code must be used in the Intermediate and Final reports, so the three reporting modules are connected.

Information about a specific field in the Cyber Threats report:

"2a Identification code of the entity submitting the notification". This field is divided into two fields, where field "2a" is specific for LEI code and "2b" is specific for EU ID. These fields cannot be submitted at the same time.

How do I access the reports?

Register yourself as a user to the Reporting Portal and have a signatory delegate reporting authorization (called "DORA incident och cyberhot") to you.

Then log in to the Reporting Portal and click FIDAC. More information can be found in our guide and video guide.

Reporting of 'Registers of Information'

It is now possible to test the new format for DORA Registers of Information (RoI), by submitting files in 'FIDAC Test Reporting'. We recommend that you do this to identify potential errors that need to be adjusted. The actual reports will be deployed to the production environment Tuesday 1st of April. Any changes to the schedule will be communicated continuously.

Reporting module DORA – XBRL-CSV format

Reporting module DORA (RoI) in framework 4.0 is submitted as "XBRL-CSV Reporting Package" (Zip-file). This is described for example in EBA Filing Rules (latest version = 5.5), which can be downloaded here: https://www.eba.europa.eu/risk-and-data-analysis/reporting-frameworks/reporting-framework-40

Identifier, reference date and currency are stated in the file "parameters.csv", the file should be placed in folder "reports". See what it might look like in the example file for DORA which can be downloaded under the heading "EBA XBRL v4.0", via the link above.

Example:

  • entityID,rs:XXXXX.IND
  • refPeriod,2025-03-31
  • baseCurrency,iso4217:SEK

Comments:

  • "entityID" identifies for which institute number the report is being submitted for. "rs" is a prefix for neutral namespace "https://eurofiling.info/eu/rs". XXXXX is replaced with the institute number. ".IND" means consolidation scope = Individual. If consolidation scope = Consolidated then use ".CON". The expected consolidation scope is displayed for the reporting obligations in FIDAC.
  • "refPeriod" states the reference date and for DORA, the first reference date is 2025-03-31.
  • "baseCurrency" anger valuta för monetära värden i rapporten. För DORA kan SEK eller EUR kan användas. D.v.s "iso4217:SEK" eller "iso4217:EUR"
  • "baseCurrency" states currency for monetary values in the report. For DORA, SEK or EUR kan be used, i.e. "iso4217:SEK" or "iso4217:EUR".

FI does not have requirements for file naming in XBRL-CSV format, other than the folder name (root folder) should have the same name as the Zip file itself (the root folder should not be ending with ".zip").

New module versions in 4.0, except for DORA RoI

New module versions in 4.0, except for DORA RoI, are to be submitted as XBRL-XML. Identifier in the file should continue to be scheme="http://www.fi.se/instnr" with institute number plus consolidation scope (".IND" for individual and ".CON" for Consolidated).

The expected consolidation scope is displayed for the reporting obligations in FIDAC.

Example (where XXXXX is replaced with institute number):

<xbrli:entity>

<xbrli:identifier scheme="http://www.fi.se/instnr">XXXXX.IND</xbrli:identifier>

</xbrli:entity>

FI does not have requirements for file naming in XBRL-XML format, except that the file ending must be ".xbrl".

How is a report in XBRL-CSV uploaded on the website?

A Zip file with "XBRL-CSV Reporting Package" is submitted as an attached file in the FIDAC system, under the menu selection "Scheduled" and then EBA XBRL reporting.

A registered profile in the Reporting Portal and authorization "Periodisk rapportering" is needed to submit the report.

The Reporting Portal and FIDAC are accessed from FI:s home page, via the link "E-services and forms" and "Reporting to FI".

For questions about the system, please contact reporting@fi.se.


Last reviewed: 2025-04-10
Contact us
FI’s Innovation Center
About fi.se
Visiting adress
Sveavägen 44, Stockholm 

 

Om cookies