For complying with the regulatory provisions envisaged by the DORA Regulation, Financial Entities should consider End User Computing (EUC) tools, End User License Agreements (EULA), and the conditions of Shadow IT.
Would it be possible to obtain the regulatory references for these areas?

Would an EU-based Firm providing ICT Services wholly to non-EU-based Firms be deemed in or out of scope for DORA?

The activities of credit bureaus (credit reporting agencies) are not directly referenced within the scope of DORA. These services may not traditionally seen as "ICT Services", but they could be interpreted as "data services provided through ICT systems". Are these intended to be within scope for ICT services?

Table 102 of the Guidelines specifies that GLEIF database should be used to determine the access rights of the relevant members of the ESCB, including the ECB in carrying out its tasks within a single supervisory mechanism, when applying the filtering for the fields 2.144 ‘Reference entity’, 1.4 ‘Counterparty 1 (Reporting counterparty’, 1.9 ‘Counterparty 2’, 1.15 ‘Broker ID’ and 1.16 ‘Clearing member’. Should the authorities in question have also access to the derivatives involving subsidiaries of the relevant entities and, if so, how the access rights should be determined?

As clarified in the Guidelines on transfer of data between Trade Repositories under EMIR and SFTR , in the case of transfer of data requested by a TR participant the TRs should transfer only the latest state of the outstanding derivatives (‘Trade State Report’, TSR). Are the TRs expected to follow this guideline with regards to the notional schedules, given that the TSR will not contain the full schedules (for the notional quantity, amount etc.) but only the currently applicable value?