DORA: ICT Service Provider Identification – LEI vs. EUID
en

LEI vs. EUID: DORA and the question of identification for ICT service providers

The DORA regulation is about to be introduced - but it is not yet clear how companies will be able to uniquely identify their ICT service providers. Two options are currently being discussed: the Legal Entity Identifier (LEI) and the European Unique Identifier (EUID)

The Digital Operational Resilience Act - or DORA for short - is designed to plug security gaps in the financial sector. Companies must implement the regulation by 17 January 2025. A key point is the precise documentation of external information and communication technology (ICT) service providers, such as providers of cloud solutions, software, hardware, etc. At present, however, it is unclear how ICT service providers are to be identified. While European supervisory authorities - ESMA, EBA, EIOPA - propose the LEI as the standard, the European Commission rejects this proposal and sees the EUID as a more practical and cost-effective alternative, especially for smaller ICT service providers. This means that two approaches are up for discussion. ICT service providers who favour the LEI can easily apply for it at WM LEIPORTAL.

LEI: A global solution for transparency

Both approaches are already widely in use. The LEI was introduced in the aftermath of the 2008 banking crisis and has since become the standard for uniquely identifying financial actors. Around 1.5 million LEIs are already in use around the world and are managed by the Global Legal Entity Identifier Foundation (GLEIF). The 20-digit code creates transparency and helps prevent abuse. As companies with an active LEI can be clearly identified, it is particularly useful for international business partners and supervisory authorities. The LEI also improves traceability and minimises risk when working with service providers.

The LEI costs between €50 and €100 per year. These costs are relatively low compared to the benefits, especially for larger companies or those with international relations. At WM LEIPORTAL, ICT service providers can find out more about the LEI in the context of DORA and how they can apply for an LEI in just a few steps.

Home of Financial Actors

Number of LEI codes in thousands

USA
298.0
Germany
201.5
India
197.7
Italy
196.4
United Kingdom
185.7
Spain
159.4
France
128.2
China
102.3
Sweden
98.7

© Börsen-Zeitung, Graphic: ben/iGrafik.de | Source: GLEIF

EUID: A cost effective alternative?

The EUID has been introduced as a European standard alongside national business registers. Many European companies can obtain it free of charge. The EUID is used within the framework of EU company law and is relatively widespread. Its advantage lies in its cost-effectiveness and ease of use, especially for small and medium-sized ICT service providers already registered in national registries. The disadvantage, however, is that it is not specifically tailored to the needs of the financial market. In addition, data quality and timeliness can vary from country to country as the EUID is based on national business registers. Unlike the LEI, the EUID also lacks uniform standardisation, which can make it difficult for international companies to identify service providers consistently.

Consideration: Flexibility vs. consistency

The EU Commission views the EUID as an efficient and flexible solution for DORA compliance, particularly for smaller companies. In contrast, supervisory authorities have indicated that the LEI is the superior solution, citing its global reach and consistent data quality, particularly for monitoring financial stability in an international context. The LEI offers high-quality data and is available in real time. The EUID, on the other hand, relies on national registries, which can vary in terms of timeliness and reliability. For financial institutions, the approval of both systems – LEI and EUID – could result in increased administrative costs. The LEI is already integrated into many technical standards and systems, making it a more straightforward option to implement and use. The EUID would require integration into these systems, which could involve additional costs and adaptations.

European supervisory authorities have rejected the use of different identification numbers to identify ICT service providers in the financial sector. They believe that the LEI is a more comprehensive and easier-to-manage solution thanks to its centralised administration. Media reports indicate that ESMA is planning a survey to clarify how EUID and LEI are used in practice. Regardless of which identifier is ultimately selected, ICT service providers should be prepared for their identification to be a crucial aspect of compliance under DORA. The application process for an LEI via WM LEIPORTAL can be completed in just a few steps.

LEI vs. EUID – The Pros and Cons at a Glance

LEI EUID
  • Global recognition: Established as the standard for unique identification of financial actors
  • High transparency: Reduces misuse and improves traceability
  • International identification: Unique identification for international business partners and supervisory authorities
  • Integration: Already integrated into numerous technical standards and systems
  • Reliability: High data quality and real-time availability
  • Costs: Annual fees between €50 and €100 (could be particularly burdensome for SMEs)
  • Free of charge: Many companies can use it without paying any fees
  • Easy to use: Particularly beneficial for small and medium-sized ICT service providers
  • Widespread use: Used under EU company law
  • Varying quality: Data quality and timeliness can vary from country to country
  • Lack of technical standardisation: A lack of uniform identifiers can hamper international businesses
  • Need for integration: Needs to be integrated with existing systems, which can add cost

Applying for the LEI:

Take advantage of this opportunity while weighing up the pros and cons: You can easily apply for the LEI at WM LEIPORTAL. Find out about the necessary steps and benefit from the advantages of an active LEI.

Abkürzungsverzeichnis

DORA Digital Operational Resilience Act
EBA European Banking Authority
EIOPA European Insurance and Occupational Pensions Authority
ESMA European Securities and Markets Authority
EUID European Unique Identifier
GLEIF Global Legal Entity Identifier Foundation
ICT Information and Communication Technology
LEI Legal Entity Identifier

More on this topic:

ESMA: EU supervisory authorities' (ESAs) response to the European Commission’s rejection of the technical standards on registers of information under the Digital Operational Resilience Act (https://www.esma.europa.eu/press-news/esma-news/esas-respond-european-commissions-rejection-technical-standards-registers)

ESMA / ESAs: Final report on the “Draft Implementing Technical Standards (ITS)” (https://www.esma.europa.eu/sites/default/files/2024-01/JC_2023_85_-_Final_report_on_draft_ITS_on_Register_of_Information.pdf)

Gleif: Important facts, figures and data on the LEI (https://www.gleif.org/de/lei-data/global-lei-index/lei-statistics)

Börsen-Zeitung: Barcode divides Europe’s financial sector (https://www.boersen-zeitung.de/banken-finanzen/barcode-fuer-finanzakteure-entzweit-europa)