What Is DORA? The Digital Operational Resilience Act — known as DORA — is Regulation (EU) 2022/2554, adopted by the European Parliament and the Council on 14 December 2022. The EU published it in the Official Journal on 27 December 2022. It entered into force on 16 January 2023 and became fully applicable on 17 January 2025. DORA addresses a specific gap in EU financial regulation. Before DORA, financial institutions managed operational risk primarily by setting aside capital. However, that approach did not adequately cover ICT-related disruptions, which can affect many institutions at the same time when a shared technology provider fails. Therefore, DORA introduces a uniform framework across the EU for ICT risk management, incident reporting, operational resilience testing, and oversight of third-party technology providers. Who Must Comply with DORA? DORA applies to two main groups of organisations involved

LEI is no longer limited to financial institutions Most companies initially assume that the LEI code only applies to banks or large financial institutions. However, this perception is outdated. Over the past decade, the role of LEI has expanded significantly across multiple sectors and jurisdictions. Today, companies encounter LEI requirements when they move into more advanced financial activities. For example, this includes investing in markets, applying for financing, making cross-border payments, participating in regulated environments, or interacting with financial institutions. By 2026, LEI clearly forms part of global financial infrastructure. In some countries, it is already deeply embedded into regulatory frameworks. In others, its adoption is accelerating as part of broader digitalization and transparency initiatives. As a result, the need for an LEI depends primarily on business activity rather than company size or industry alone. What is an LEI code?

The FATF Travel Rule (Recommendation 16) requires financial institutions to include information about the sender and the recipient in certain transactions. This article explains what the rule means in practice, why FATF Travel Rule compliance can be difficult, and how structured identifiers like LEI help solve this challenge. What is the FATF Travel Rule? The FATF Travel Rule is a global standard (Recommendation 16) that requires financial institutions to include verified information about the originator and beneficiary in certain financial transactions, especially cross-border payments. The purpose is to make transactions traceable and reduce the risk of money laundering and terrorist financing. What is FATF and where does the Travel Rule come from? The Financial Action Task Force (FATF) is an international body established in 1989 by the G7. Its role is to develop global standards to combat money laundering and

Could vLEI technology replace passwords for business authentication in the future? The digital world still relies heavily on passwords. Every day, people log into systems, approve transactions, and access platforms using user accounts and passwords. In a business context, however, this approach has an important limitation. A password only proves that someone was able to access an account. It does not prove which organization that person represents or what their official role is within that organization. This is where the limitations of current authentication systems become visible. At the same time, new solutions are being developed internationally to enable organizations to prove their identity and authority in a digital and reliable way. One of these emerging solutions is vLEI technology. Why passwords are not enough for business authentication Password-based authentication was originally designed for individual users. When applied to organizations,

Why LEI Is Used in the USA In the United States, the LEI code is used in situations where a company’s activities involve regulated financial transactions or the use of professional financial services. LEI was not created as a general company identifier nor as a substitute for a business registry. Its purpose is to enable financial transactions to be processed technically correctly in situations where transaction reporting is mandatory. The U.S. approach is practical: LEI applies where a financial service provider must submit data about a transaction and where the unique identification of a legal entity is necessary for that purpose. If such an obligation does not arise, there is no need for an LEI. For a broader regulatory overview, see our detailed guide on LEI Code in the USA: What You Need to Know. In Which Situations LEI Becomes

Why LEI Is Not Just a Formal Requirement Many companies first encounter the LEI code when a bank, broker, or another financial service provider tells them they need one. The requirement often feels like another formal step before a transaction can move forward. From a company’s perspective, the LEI may seem like just a number without clear practical value. In reality, the Legal Entity Identifier (LEI) serves as a global identifier for legal entities. Financial markets and regulators around the world rely on it. The European Union adopted the LEI widely because it links transactions, counterparties, and risks in a clear and machine-readable way. This structure allows authorities to supervise markets automatically, across borders, and at scale. Why Companies in the EU Must Have an LEI Financial markets in the European Union handle a large volume of transactions involving legal

Cybersecurity does not start with technology, but with trust Cybersecurity is often described as a technical challenge. Firewalls, access controls, monitoring systems, and incident response tools tend to dominate the discussion. While these measures are essential, they are not where cybersecurity truly begins. In practice, it starts much earlier — at the moment an organisation decides who it does business with. Modern business is deeply interconnected. Companies rely on external service providers, vendors, financial intermediaries, and partners across borders. Each connection creates operational value, but also introduces risk. When a business partner’s identity is unclear, outdated, or difficult to verify, it becomes impossible to assess that risk reliably. Cybersecurity is built on trust. And trust begins with knowing who you are actually dealing with. Why technical security alone is no longer sufficient Technical security controls are designed to protect systems,

Are documents required to apply for an LEI code? In most cases, companies can register an LEI code without submitting any documents. The process is fully digital and relies on official business registers. When a company appears in a public register and a person with registered signing authority submits the application, the system verifies the data automatically. In these situations, the applicant does not need to upload any supporting files. If you want to see the full step-by-step process from application to issuance, you can read how to obtain an LEI. The system requests documents only when registry data does not clearly confirm the company details or the applicant’s authority. When does LEI registration work without documents? LEI registration works without documents when the business register clearly shows the company’s details. This also requires that a director or another authorised

Why the LEI status matters as much as the LEI itself The LEI code is used to uniquely identify legal entities in the global financial system. However, having an LEI alone does not provide the full picture. Just as important is the LEI status, which indicates whether the data linked to the LEI can be considered current and reliable. The LEI status is not designed to answer whether a specific transaction is technically possible. Its purpose is to provide a transparent signal about data quality and verification. An LEI may exist in a database, but the status determines whether it represents a well-maintained and professionally managed record. How LEI statuses form and change over time The most common LEI statuses encountered in practice are those that describe whether the entity’s reference data is up to date. These statuses apply to