The LEI: enabler for cyber resilience in a digital world

Posted on January 19, 2025 by Editor

Why does the Digital Operational Resilience Act (DORA) need to integrate the Legal Entity Identifier (LEI)? As GLEIF's Alexandre Kech explains in a recent blog, it's because DORA aims to tackle a critical challenge: identifying and managing the risks associated with third-party ICT providers that underpin modern financial services. Without standardised, verifiable identifiers like the LEI, it's nearly impossible to map these connections accurately and ensure accountability within ICT providers.

DORA, coming into effect today (17 January), is the European Union's newest cybersecurity regulation, that seeks to strengthen the operational resilience of financial entities. As we saw last year, in the Crowdstrike outage there is a growing interconnectedness of technology and finance, where a single cyber incident can ripple across industries and borders. DORA requires financial services firms to document and report their key IT providers, in part to help regulators understand where there are specific dependencies across the sector.

The LEI provides a standardised way to identify the estimated 15,000 ICT providers involved in finance, and maps their corporate structures across borders. By unambiguously linking entities, the LEI can enhance visibility, simplify compliance, and streamline incident reporting. It's a practical tool to reduce complexity and foster trust in today's interconnected world.

Explore more on the LEI's role within DORA on GLEIF's blog here.