From 3a03b02c310c00c4a175e5a13a004d5da59a9d9e Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Fri, 7 Nov 2025 18:49:09 +0100
Subject: [PATCH 01/47] migration

---
 .../core/migrations/0112_asset_is_critical.py   | 17 +++++++++++++++++
 backend/core/models.py                          |  2 ++
 backend/core/serializers.py                     |  7 +++++++
 3 files changed, 26 insertions(+)
 create mode 100644 backend/core/migrations/0112_asset_is_critical.py

diff --git a/backend/core/migrations/0112_asset_is_critical.py b/backend/core/migrations/0112_asset_is_critical.py
new file mode 100644
index 0000000000..4a61888349
--- /dev/null
+++ b/backend/core/migrations/0112_asset_is_critical.py
@@ -0,0 +1,17 @@
+# Generated by Django 5.2.7 on 2025-11-07 17:17
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("core", "0111_finding_priority"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="asset",
+            name="is_critical",
+            field=models.BooleanField(default=False, verbose_name="is_critical"),
+        ),
+    ]
diff --git a/backend/core/models.py b/backend/core/models.py
index cfebbe23d0..def25bdc27 100644
--- a/backend/core/models.py
+++ b/backend/core/models.py
@@ -2149,6 +2149,8 @@ class Type(models.TextChoices):
     is_published = models.BooleanField(_("published"), default=True)
     observation = models.TextField(null=True, blank=True, verbose_name=_("Observation"))
 
+    is_critical = models.BooleanField("is_critical", default=False)
+
     fields_to_check = ["name"]
 
     class Meta:
diff --git a/backend/core/serializers.py b/backend/core/serializers.py
index 62da407c39..fcbcded2f3 100644
--- a/backend/core/serializers.py
+++ b/backend/core/serializers.py
@@ -14,6 +14,7 @@
 )
 from core.utils import time_state
 from ebios_rm.models import EbiosRMStudy, Stakeholder
+from tprm.models import Solution
 from global_settings.utils import ff_is_enabled
 from iam.models import *
 from django.contrib.auth.models import Permission
@@ -390,6 +391,11 @@ class AssetWriteSerializer(BaseModelSerializer):
         queryset=Asset.objects.all(),
         required=False,
     )
+    solutions = serializers.PrimaryKeyRelatedField(
+        many=True,
+        queryset=Solution.objects.all(),
+        required=False,
+    )
 
     class Meta:
         model = Asset
@@ -454,6 +460,7 @@ class AssetReadSerializer(AssetWriteSerializer):
     personal_data = FieldsRelatedField(many=True)
     asset_class = FieldsRelatedField(["name"])
     overridden_children_capabilities = FieldsRelatedField(many=True)
+    solutions = FieldsRelatedField(many=True)
 
     children_assets = serializers.SerializerMethodField()
     security_objectives = serializers.SerializerMethodField()

From 679a3f3891dd533a495f7da334877e1ac8fe22eb Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Fri, 7 Nov 2025 18:49:24 +0100
Subject: [PATCH 02/47] frontend

---
 frontend/messages/en.json                     |  2 ++
 .../Forms/ModelForm/AssetForm.svelte          | 19 +++++++++++++++++++
 frontend/src/lib/utils/crud.ts                |  5 ++++-
 frontend/src/lib/utils/schemas.ts             |  4 +++-
 4 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index f07a74ce58..b02606cb15 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -834,6 +834,7 @@
 	"tpSolutions": "Third-Party solutions",
 	"solution": "Solution",
 	"addSolution": "Add solution",
+	"solutionsLinkedToAssetHelpText": "Solutions associated with this asset",
 	"providerEntity": "Provider entity",
 	"addProduct": "Add product",
 	"representatives": "Representatives",
@@ -1000,6 +1001,7 @@
 	"tooManyLoginAttempts": "Too many login attempts. Please try again later.",
 	"step": "Step {number}",
 	"critical": "Critical",
+	"isCritical": "Is critical",
 	"info": "Information",
 	"vulnerabilities": "Vulnerabilities",
 	"severity": "Severity",
diff --git a/frontend/src/lib/components/Forms/ModelForm/AssetForm.svelte b/frontend/src/lib/components/Forms/ModelForm/AssetForm.svelte
index 0a9d4fc859..938a662497 100644
--- a/frontend/src/lib/components/Forms/ModelForm/AssetForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/AssetForm.svelte
@@ -130,6 +130,13 @@
 	bind:cachedValue={formDataCache['owner']}
 	label={m.owner()}
 />
+<Checkbox
+	{form}
+	field="is_critical"
+	label={m.isCritical()}
+	cacheLock={cacheLocks['is_critical']}
+	bind:cachedValue={formDataCache['is_critical']}
+/>
 <AutocompleteSelect
 	{form}
 	optionsEndpoint="folders?content_type=DO&content_type=GL"
@@ -287,6 +294,18 @@
 		cacheLock={cacheLocks['observation']}
 		bind:cachedValue={formDataCache['observation']}
 	/>
+	<AutocompleteSelect
+		{form}
+		multiple
+		optionsEndpoint="solutions"
+		optionsLabelField="auto"
+		optionsExtraFields={[['provider_entity', 'str']]}
+		field="solutions"
+		cacheLock={cacheLocks['solutions']}
+		bind:cachedValue={formDataCache['solutions']}
+		label={m.solutions()}
+		helpText={m.solutionsLinkedToAssetHelpText()}
+	/>
 </Dropdown>
 {#if initialData.ebios_rm_studies}
 	<AutocompleteSelect
diff --git a/frontend/src/lib/utils/crud.ts b/frontend/src/lib/utils/crud.ts
index e896392d30..589e2709b8 100644
--- a/frontend/src/lib/utils/crud.ts
+++ b/frontend/src/lib/utils/crud.ts
@@ -482,12 +482,14 @@ export const URL_MODEL_MAP: ModelMap = {
 			{ field: 'support_assets' },
 			{ field: 'children_assets' },
 			{ field: 'owner' },
+			{ field: 'is_critical' },
 			{ field: 'filtering_labels' },
 			{ field: 'security_objectives', tooltip: 'securityObjectivesTooltip' },
 			{ field: 'disaster_recovery_objectives', tooltip: 'disasterRecoveryObjectivesTooltip' },
 			{ field: 'security_capabilities', tooltip: 'securityCapabilitiesTooltip' },
 			{ field: 'recovery_capabilities', tooltip: 'recoveryCapabilitiesTooltip' },
 			{ field: 'reference_link' },
+			{ field: 'solutions' },
 			{ field: 'observation' }
 		],
 		reverseForeignKeyFields: [
@@ -511,7 +513,8 @@ export const URL_MODEL_MAP: ModelMap = {
 			{ field: 'filtering_labels', urlModel: 'filtering-labels' },
 			{ field: 'ebios_rm_studies', urlModel: 'ebios-rm', endpointUrl: 'ebios-rm/studies' },
 			{ field: 'security_exceptions', urlModel: 'security-exceptions' },
-			{ field: 'overridden_children_capabilities', urlModel: 'asset-capabilities' }
+			{ field: 'overridden_children_capabilities', urlModel: 'asset-capabilities' },
+			{ field: 'solutions', urlModel: 'solutions' }
 		],
 		selectFields: [{ field: 'type' }, { field: 'asset_class' }],
 		filters: [
diff --git a/frontend/src/lib/utils/schemas.ts b/frontend/src/lib/utils/schemas.ts
index a133cdd3fa..25ff326777 100644
--- a/frontend/src/lib/utils/schemas.ts
+++ b/frontend/src/lib/utils/schemas.ts
@@ -304,7 +304,9 @@ export const AssetSchema = z.object({
 	security_exceptions: z.string().uuid().optional().array().optional(),
 	ref_id: z.string().max(100).optional(),
 	observation: z.string().optional().nullable(),
-	overridden_children_capabilities: z.string().uuid().optional().array().optional()
+	overridden_children_capabilities: z.string().uuid().optional().array().optional(),
+	solutions: z.string().uuid().optional().array().optional(),
+	is_critical: z.boolean().default(false)
 });
 
 export const FilteringLabelSchema = z.object({

From 8fe8f0b44227a07ee75c10af6dad758d8d3f211f Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Fri, 7 Nov 2025 19:13:54 +0100
Subject: [PATCH 03/47] is critical and associated filter for assets

---
 backend/core/views.py           |  1 +
 frontend/src/lib/utils/crud.ts  |  2 +-
 frontend/src/lib/utils/table.ts | 12 +++++++++++-
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/backend/core/views.py b/backend/core/views.py
index 15ed4c78bd..f9b09214a2 100644
--- a/backend/core/views.py
+++ b/backend/core/views.py
@@ -675,6 +675,7 @@ class Meta:
             "filtering_labels",
             "asset_class",
             "personal_data",
+            "is_critical",
         ]
 
 
diff --git a/frontend/src/lib/utils/crud.ts b/frontend/src/lib/utils/crud.ts
index 589e2709b8..3b7dd3611b 100644
--- a/frontend/src/lib/utils/crud.ts
+++ b/frontend/src/lib/utils/crud.ts
@@ -500,7 +500,7 @@ export const URL_MODEL_MAP: ModelMap = {
 				disableDelete: true
 			},
 			{ field: 'assets', urlModel: 'vulnerabilities' },
-			{ field: 'assets', urlModel: 'solutions' },
+			{ field: 'assets', urlModel: 'solutions', disableCreate: true, disableDelete: true },
 			{ field: 'assets', urlModel: 'personal-data', disableCreate: true, disableDelete: true }
 		],
 		foreignKeyFields: [
diff --git a/frontend/src/lib/utils/table.ts b/frontend/src/lib/utils/table.ts
index f542e8f311..837e65d61b 100644
--- a/frontend/src/lib/utils/table.ts
+++ b/frontend/src/lib/utils/table.ts
@@ -834,6 +834,15 @@ const ASSET_CLASS_FILTER: ListViewFilterConfig = {
 	}
 };
 
+const ASSET_IS_CRITICAL_FILTER: ListViewFilterConfig = {
+	component: AutocompleteSelect,
+	props: {
+		label: 'is_critical',
+		options: YES_NO_OPTIONS,
+		multiple: true
+	}
+};
+
 const REFERENCE_CONTROL_CATEGORY_FILTER: ListViewFilterConfig = {
 	component: AutocompleteSelect,
 	props: {
@@ -1286,7 +1295,8 @@ export const listViewFields = {
 			folder: DOMAIN_FILTER,
 			type: ASSET_TYPE_FILTER,
 			filtering_labels: LABELS_FILTER,
-			asset_class: ASSET_CLASS_FILTER
+			asset_class: ASSET_CLASS_FILTER,
+			is_critical: ASSET_IS_CRITICAL_FILTER
 		}
 	},
 	'asset-class': {

From 7d3da20e734b46eaeb2dea517ed56fe29e2fb5e2 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Fri, 7 Nov 2025 20:00:06 +0100
Subject: [PATCH 04/47] legal identifiers

---
 .../0008_entity_legal_identifiers.py          |  22 +++
 backend/tprm/models.py                        |   6 +
 frontend/messages/en.json                     |   8 +
 .../Forms/LegalIdentifierField.svelte         | 183 ++++++++++++++++++
 .../Forms/ModelForm/EntityForm.svelte         |   7 +
 frontend/src/lib/utils/schemas.ts             |   3 +-
 6 files changed, 228 insertions(+), 1 deletion(-)
 create mode 100644 backend/tprm/migrations/0008_entity_legal_identifiers.py
 create mode 100644 frontend/src/lib/components/Forms/LegalIdentifierField.svelte

diff --git a/backend/tprm/migrations/0008_entity_legal_identifiers.py b/backend/tprm/migrations/0008_entity_legal_identifiers.py
new file mode 100644
index 0000000000..71cce95add
--- /dev/null
+++ b/backend/tprm/migrations/0008_entity_legal_identifiers.py
@@ -0,0 +1,22 @@
+# Generated by Django 5.2.7 on 2025-11-07 18:56
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("tprm", "0007_entity_relationship"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="entity",
+            name="legal_identifiers",
+            field=models.JSONField(
+                blank=True,
+                default=dict,
+                help_text="Legal identifiers (LEI, EUID, VAT, DUNS, etc.)",
+                verbose_name="Legal identifiers",
+            ),
+        ),
+    ]
diff --git a/backend/tprm/models.py b/backend/tprm/models.py
index fe63ade8d0..ca075ca96f 100644
--- a/backend/tprm/models.py
+++ b/backend/tprm/models.py
@@ -33,6 +33,12 @@ class Entity(NameDescriptionMixin, FolderMixin, PublishInRootFolderMixin):
         verbose_name=_("Relationship"),
         help_text=_("Type of relationship with this entity"),
     )
+    legal_identifiers = models.JSONField(
+        default=dict,
+        blank=True,
+        verbose_name=_("Legal identifiers"),
+        help_text=_("Legal identifiers (LEI, EUID, VAT, DUNS, etc.)"),
+    )
 
     fields_to_check = ["name"]
 
diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index b02606cb15..8933ceb877 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -840,6 +840,14 @@
 	"representatives": "Representatives",
 	"representative": "Representative",
 	"addRepresentative": "Add representative",
+	"legalIdentifiers": "Legal identifiers",
+	"addLegalIdentifier": "Add identifier",
+	"noLegalIdentifierAdded": "No legal identifiers added yet",
+	"identifierType": "Identifier type",
+	"identifierValue": "Identifier value",
+	"identifierErrorMessage": "Invalid identifier",
+	"enterIdentifierValue": "Enter identifier value...",
+	"removeIdentifier": "Remove identifier",
 	"phone": "Phone",
 	"role": "Role",
 	"questions": "Questions",
diff --git a/frontend/src/lib/components/Forms/LegalIdentifierField.svelte b/frontend/src/lib/components/Forms/LegalIdentifierField.svelte
new file mode 100644
index 0000000000..e7eef6c403
--- /dev/null
+++ b/frontend/src/lib/components/Forms/LegalIdentifierField.svelte
@@ -0,0 +1,183 @@
+<script lang="ts">
+	import { m } from '$paraglide/messages';
+	import { onMount } from 'svelte';
+	import type { CacheLock } from '$lib/utils/types';
+	import { formFieldProxy, type SuperForm } from 'sveltekit-superforms';
+
+	interface Props {
+		form: SuperForm<Record<string, unknown>, any>;
+		field: string;
+		cacheLock?: CacheLock;
+		cachedValue?: any[] | undefined;
+	}
+
+	let {
+		form,
+		field,
+		cacheLock = {
+			promise: new Promise((res) => res(null)),
+			resolve: (x: any) => x
+		},
+		cachedValue = $bindable()
+	}: Props = $props();
+
+	const { value, errors, constraints } = formFieldProxy(form, field);
+
+	const initialValue = $state($value || {});
+
+	$effect(() => {
+		$value = cachedValue;
+	});
+
+	let legalIdentifiers: Record<string, string> = $state(cachedValue || initialValue);
+
+	const identifierTypes = [
+		{ value: 'LEI', label: 'LEI (Legal Entity Identifier)' },
+		{ value: 'VAT', label: 'VAT Number' },
+		{ value: 'DUNS', label: 'DUNS Number' },
+		{ value: 'EUID', label: 'EUID (European Unique Identifier)' },
+		{ value: 'SIRET', label: 'SIRET' },
+		{ value: 'SIREN', label: 'SIREN' },
+		{ value: 'TAX_ID', label: 'Tax ID' },
+		{ value: 'COMPANY_REG', label: 'Company Registration Number' },
+		{ value: 'OTHER', label: 'Other' }
+	];
+
+	onMount(async () => {
+		const cacheResult = await cacheLock.promise;
+		if (cacheResult) $value = cacheResult;
+	});
+
+	function addIdentifier() {
+		const used = Object.keys(legalIdentifiers);
+		const available = identifierTypes.find((t) => !used.includes(t.value));
+		const newType = available?.value || 'OTHER';
+		legalIdentifiers = { ...legalIdentifiers, [newType]: '' };
+	}
+
+	function removeIdentifier(type: string) {
+		const copy = { ...legalIdentifiers };
+		delete copy[type];
+		legalIdentifiers = copy;
+	}
+
+	function updateIdentifierType(oldType: string, newType: string) {
+		if (oldType === newType) return;
+
+		const copy = { ...legalIdentifiers };
+		const value = copy[oldType] || '';
+
+		// Remove old key
+		delete copy[oldType];
+
+		// Add with new key if it doesn't already exist
+		if (!copy[newType]) {
+			copy[newType] = value;
+		}
+
+		legalIdentifiers = copy;
+	}
+
+	function updateIdentifierValue(type: string, value: string) {
+		legalIdentifiers = { ...legalIdentifiers, [type]: value };
+	}
+
+	// Keep cachedValue synced with legalIdentifiers
+	$effect(() => {
+		if (cachedValue !== legalIdentifiers) {
+			cachedValue = legalIdentifiers;
+		}
+
+		// Update form data if form exists
+		if (form.data) {
+			form.data.legal_identifiers = legalIdentifiers;
+		}
+	});
+</script>
+
+<div class="space-y-4">
+	<div class="flex items-center justify-between">
+		<label class="text-sm font-semibold">{m.legalIdentifiers()}</label>
+		<button
+			type="button"
+			class="px-3 py-1 text-sm rounded bg-blue-100 hover:bg-blue-200 text-blue-700 transition-colors"
+			onclick={() => addIdentifier()}
+			disabled={Object.keys(legalIdentifiers).length >= identifierTypes.length}
+		>
+			<i class="fa-solid fa-plus mr-1"></i>{m.addLegalIdentifier()}
+		</button>
+	</div>
+
+	{#if Object.keys(legalIdentifiers).length === 0}
+		<div
+			class="text-gray-500 text-sm italic text-center py-4 border-2 border-dashed border-gray-200 rounded"
+		>
+			{m.noLegalIdentifierAdded()}
+		</div>
+	{/if}
+
+	<div class="space-y-3">
+		{#each Object.entries(legalIdentifiers) as [type, identifier], i (i + '-' + type)}
+			<div class="flex gap-2 items-start p-3 bg-gray-50 rounded-lg">
+				<div class="flex-1">
+					{#if $errors && $errors[type]}
+						<div class="text-xs text-red-500 mb-1">{m.identifierErrorMessage()}</div>
+					{/if}
+					<label class="block text-xs font-medium text-gray-600 mb-1">{m.identifierType()}</label>
+					<select
+						value={type}
+						onchange={(e) => updateIdentifierType(type, e.target.value)}
+						class="w-full px-3 py-2 border border-gray-300 rounded-md text-sm focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+					>
+						{#each identifierTypes as idType}
+							<option value={idType.value}>
+								{idType.label}
+							</option>
+						{/each}
+					</select>
+				</div>
+
+				<div class="flex-[2]">
+					{#if $errors && $errors[type]}
+						<div class="text-xs text-red-500 mb-1 invisible">{m.identifierErrorMessage()}</div>
+					{/if}
+					<label class="block text-xs font-medium text-gray-600 mb-1">{m.identifierValue()}</label>
+					<input
+						type="text"
+						value={identifier}
+						oninput={(e) => updateIdentifierValue(type, e.target.value)}
+						placeholder={m.enterIdentifierValue()}
+						class="w-full px-3 py-2 border border-gray-300 rounded-md text-sm focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-transparent"
+					/>
+				</div>
+
+				<div class="pt-6">
+					<button
+						type="button"
+						class="text-red-600 hover:text-red-800 hover:bg-red-50 p-1 rounded transition-colors"
+						onclick={() => removeIdentifier(type)}
+						title={m.removeIdentifier()}
+					>
+						✕
+					</button>
+				</div>
+			</div>
+
+			<!-- Hidden input to ensure form data is submitted -->
+			<input type="hidden" name="legal_identifiers[{type}]" value={identifier} />
+		{/each}
+	</div>
+
+	<!-- Hidden input for the entire legal_identifiers object as JSON -->
+	<input type="hidden" name="legal_identifiers" value={JSON.stringify(legalIdentifiers)} />
+</div>
+
+<style>
+	.space-y-3 > * + * {
+		margin-top: 0.75rem;
+	}
+
+	.space-y-4 > * + * {
+		margin-top: 1rem;
+	}
+</style>
diff --git a/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte b/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
index 60f1c07faf..77250959d5 100644
--- a/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
@@ -2,6 +2,7 @@
 	import AutocompleteSelect from '../AutocompleteSelect.svelte';
 	import TextArea from '$lib/components/Forms/TextArea.svelte';
 	import TextField from '$lib/components/Forms/TextField.svelte';
+	import LegalIdentifierField from '../LegalIdentifierField.svelte';
 	import type { SuperValidated } from 'sveltekit-superforms';
 	import type { ModelInfo, CacheLock } from '$lib/utils/types';
 	import { m } from '$paraglide/messages';
@@ -57,3 +58,9 @@
 	label={m.relationship()}
 	multiple
 />
+<LegalIdentifierField
+	{form}
+	field="legal_identifiers"
+	cacheLock={cacheLocks['legal_identifiers']}
+	bind:cachedValue={formDataCache['legal_identifiers']}
+/>
diff --git a/frontend/src/lib/utils/schemas.ts b/frontend/src/lib/utils/schemas.ts
index 25ff326777..ad75a52b7d 100644
--- a/frontend/src/lib/utils/schemas.ts
+++ b/frontend/src/lib/utils/schemas.ts
@@ -570,7 +570,8 @@ export const EntitiesSchema = z.object({
 			message: "Link must be either empty or a valid URL starting with 'http'"
 		})
 		.optional(),
-	relationship: z.string().optional().array().optional()
+	relationship: z.string().optional().array().optional(),
+	legal_identifiers: z.record(z.string()).optional()
 });
 
 export const EntityAssessmentSchema = z.object({

From be5d0cbaaef627fe7a5239e262e097811f90a735 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Fri, 7 Nov 2025 20:17:09 +0100
Subject: [PATCH 05/47] fixup

---
 backend/tprm/serializers.py                            |  9 +++++++++
 .../lib/components/Forms/LegalIdentifierField.svelte   |  8 ++------
 frontend/src/lib/utils/crud.ts                         | 10 ++++++++++
 3 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/backend/tprm/serializers.py b/backend/tprm/serializers.py
index fee3cf2047..c695332bc5 100644
--- a/backend/tprm/serializers.py
+++ b/backend/tprm/serializers.py
@@ -22,6 +22,15 @@ class EntityReadSerializer(BaseModelSerializer):
     folder = FieldsRelatedField()
     owned_folders = FieldsRelatedField(many=True)
     relationship = FieldsRelatedField(many=True)
+    legal_identifiers = serializers.SerializerMethodField()
+
+    def get_legal_identifiers(self, obj):
+        """Format legal identifiers as a readable string for display"""
+        if not obj.legal_identifiers:
+            return ""
+        return "\n".join(
+            [f"{key}: {value}" for key, value in obj.legal_identifiers.items()]
+        )
 
     class Meta:
         model = Entity
diff --git a/frontend/src/lib/components/Forms/LegalIdentifierField.svelte b/frontend/src/lib/components/Forms/LegalIdentifierField.svelte
index e7eef6c403..48e5550431 100644
--- a/frontend/src/lib/components/Forms/LegalIdentifierField.svelte
+++ b/frontend/src/lib/components/Forms/LegalIdentifierField.svelte
@@ -33,13 +33,9 @@
 
 	const identifierTypes = [
 		{ value: 'LEI', label: 'LEI (Legal Entity Identifier)' },
-		{ value: 'VAT', label: 'VAT Number' },
-		{ value: 'DUNS', label: 'DUNS Number' },
 		{ value: 'EUID', label: 'EUID (European Unique Identifier)' },
-		{ value: 'SIRET', label: 'SIRET' },
-		{ value: 'SIREN', label: 'SIREN' },
-		{ value: 'TAX_ID', label: 'Tax ID' },
-		{ value: 'COMPANY_REG', label: 'Company Registration Number' },
+		{ value: 'DUNS', label: 'DUNS Number' },
+		{ value: 'VAT', label: 'VAT Number' },
 		{ value: 'OTHER', label: 'Other' }
 	];
 
diff --git a/frontend/src/lib/utils/crud.ts b/frontend/src/lib/utils/crud.ts
index 3b7dd3611b..666b6eb31c 100644
--- a/frontend/src/lib/utils/crud.ts
+++ b/frontend/src/lib/utils/crud.ts
@@ -760,6 +760,16 @@ export const URL_MODEL_MAP: ModelMap = {
 		localNamePlural: 'entities',
 		verboseName: 'Entity',
 		verboseNamePlural: 'Entities',
+		detailViewFields: [
+			{ field: 'id' },
+			{ field: 'ref_id' },
+			{ field: 'name' },
+			{ field: 'description' },
+			{ field: 'mission' },
+			{ field: 'relationship' },
+			{ field: 'legal_identifiers' },
+			{ field: 'reference_link' }
+		],
 		reverseForeignKeyFields: [
 			{ field: 'entity', urlModel: 'entity-assessments' },
 			{ field: 'entity', urlModel: 'representatives' },

From 56df9de6485fad711e5838637274a2c59a89b6f9 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Fri, 7 Nov 2025 22:35:31 +0100
Subject: [PATCH 06/47] feat: contracts management

---
 backend/core/startup.py                       |  13 ++
 backend/core/urls.py                          |   2 +
 backend/core/views.py                         |   1 +
 backend/tprm/migrations/0009_contract.py      | 139 ++++++++++++++++++
 backend/tprm/models.py                        |  81 +++++++++-
 backend/tprm/serializers.py                   |  22 ++-
 backend/tprm/views.py                         |  25 +++-
 frontend/messages/en.json                     |   7 +
 .../src/lib/components/Forms/ModelForm.svelte |   3 +
 .../Forms/ModelForm/ContractForm.svelte       | 113 ++++++++++++++
 .../src/lib/components/SideBar/navData.ts     |   7 +-
 frontend/src/lib/utils/crud.ts                |  23 ++-
 frontend/src/lib/utils/schemas.ts             |  15 ++
 frontend/src/lib/utils/table.ts               |  20 +++
 frontend/src/lib/utils/types.ts               |   1 +
 15 files changed, 465 insertions(+), 7 deletions(-)
 create mode 100644 backend/tprm/migrations/0009_contract.py
 create mode 100644 frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte

diff --git a/backend/core/startup.py b/backend/core/startup.py
index 8dde2a6056..37b2c5b97f 100644
--- a/backend/core/startup.py
+++ b/backend/core/startup.py
@@ -34,6 +34,7 @@
     "view_riskmatrix",
     "view_riskscenario",
     "view_solution",
+    "view_contract",
     "view_storedlibrary",
     "view_threat",
     "view_vulnerability",
@@ -175,6 +176,7 @@
     "add_riskassessment",
     "add_riskscenario",
     "add_solution",
+    "add_contract",
     "add_threat",
     "add_vulnerability",
     "change_appliedcontrol",
@@ -193,6 +195,7 @@
     "change_riskassessment",
     "change_riskscenario",
     "change_solution",
+    "change_contract",
     "change_threat",
     "delete_appliedcontrol",
     "delete_asset",
@@ -209,6 +212,7 @@
     "delete_riskassessment",
     "delete_riskscenario",
     "delete_solution",
+    "delete_contract",
     "delete_threat",
     "view_appliedcontrol",
     "view_asset",
@@ -233,6 +237,7 @@
     "view_riskmatrix",
     "view_riskscenario",
     "view_solution",
+    "view_contract",
     "view_storedlibrary",
     "view_threat",
     "view_user",
@@ -414,6 +419,7 @@
     "add_riskmatrix",
     "add_riskscenario",
     "add_solution",
+    "add_contract",
     "add_threat",
     "change_appliedcontrol",
     "change_asset",
@@ -432,6 +438,7 @@
     "change_riskmatrix",
     "change_riskscenario",
     "change_solution",
+    "change_contract",
     "change_threat",
     "delete_appliedcontrol",
     "delete_asset",
@@ -453,6 +460,7 @@
     "delete_vulnerability",
     "delete_riskscenario",
     "delete_solution",
+    "delete_contract",
     "delete_threat",
     "view_appliedcontrol",
     "view_asset",
@@ -476,6 +484,7 @@
     "view_riskmatrix",
     "view_riskscenario",
     "view_solution",
+    "view_contract",
     "view_storedlibrary",
     "view_threat",
     "view_user",
@@ -770,6 +779,10 @@
     "change_solution",
     "view_solution",
     "delete_solution",
+    "add_contract",
+    "change_contract",
+    "view_contract",
+    "delete_contract",
     "add_entityassessment",
     "change_entityassessment",
     "view_entityassessment",
diff --git a/backend/core/urls.py b/backend/core/urls.py
index d904aa66f8..3fc4adf0cc 100644
--- a/backend/core/urls.py
+++ b/backend/core/urls.py
@@ -4,6 +4,7 @@
     RepresentativeViewSet,
     SolutionViewSet,
     EntityAssessmentViewSet,
+    ContractViewSet,
 )
 from library.views import StoredLibraryViewSet, LoadedLibraryViewSet
 import importlib
@@ -23,6 +24,7 @@
 )
 router.register(r"solutions", SolutionViewSet, basename="solutions")
 router.register(r"representatives", RepresentativeViewSet, basename="representatives")
+router.register(r"contracts", ContractViewSet, basename="contracts")
 router.register(r"perimeters", PerimeterViewSet, basename="perimeters")
 router.register(r"risk-matrices", RiskMatrixViewSet, basename="risk-matrices")
 router.register(r"vulnerabilities", VulnerabilityViewSet, basename="vulnerabilities")
diff --git a/backend/core/views.py b/backend/core/views.py
index f9b09214a2..719d05fca2 100644
--- a/backend/core/views.py
+++ b/backend/core/views.py
@@ -5797,6 +5797,7 @@ class EvidenceViewSet(BaseModelViewSet):
         "owner",
         "status",
         "expiry_date",
+        "contracts",
     ]
 
     @action(detail=False, name="Get all evidences owners")
diff --git a/backend/tprm/migrations/0009_contract.py b/backend/tprm/migrations/0009_contract.py
new file mode 100644
index 0000000000..f6b821eb1d
--- /dev/null
+++ b/backend/tprm/migrations/0009_contract.py
@@ -0,0 +1,139 @@
+# Generated by Django 5.2.7 on 2025-11-07 20:57
+
+import django.db.models.deletion
+import iam.models
+import uuid
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("core", "0112_asset_is_critical"),
+        ("iam", "0016_folder_filtering_labels"),
+        ("tprm", "0008_entity_legal_identifiers"),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name="Contract",
+            fields=[
+                (
+                    "id",
+                    models.UUIDField(
+                        default=uuid.uuid4,
+                        editable=False,
+                        primary_key=True,
+                        serialize=False,
+                    ),
+                ),
+                (
+                    "created_at",
+                    models.DateTimeField(auto_now_add=True, verbose_name="Created at"),
+                ),
+                (
+                    "updated_at",
+                    models.DateTimeField(auto_now=True, verbose_name="Updated at"),
+                ),
+                (
+                    "is_published",
+                    models.BooleanField(default=False, verbose_name="published"),
+                ),
+                ("name", models.CharField(max_length=200, verbose_name="Name")),
+                (
+                    "description",
+                    models.TextField(blank=True, null=True, verbose_name="Description"),
+                ),
+                (
+                    "status",
+                    models.CharField(
+                        choices=[
+                            ("draft", "Draft"),
+                            ("active", "Active"),
+                            ("expired", "Expired"),
+                            ("terminated", "Terminated"),
+                        ],
+                        default="draft",
+                        max_length=20,
+                        verbose_name="Status",
+                    ),
+                ),
+                (
+                    "start_date",
+                    models.DateField(blank=True, null=True, verbose_name="Start date"),
+                ),
+                (
+                    "end_date",
+                    models.DateField(blank=True, null=True, verbose_name="End date"),
+                ),
+                (
+                    "ref_id",
+                    models.CharField(
+                        blank=True,
+                        help_text="Contract reference number or identifier",
+                        max_length=255,
+                        verbose_name="Reference ID",
+                    ),
+                ),
+                (
+                    "entities",
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text="Entities involved in this contract",
+                        related_name="contracts",
+                        to="tprm.entity",
+                        verbose_name="Entities",
+                    ),
+                ),
+                (
+                    "evidences",
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text="Supporting evidence for this contract",
+                        related_name="contracts",
+                        to="core.evidence",
+                        verbose_name="Evidences",
+                    ),
+                ),
+                (
+                    "filtering_labels",
+                    models.ManyToManyField(
+                        blank=True, to="core.filteringlabel", verbose_name="Labels"
+                    ),
+                ),
+                (
+                    "folder",
+                    models.ForeignKey(
+                        default=iam.models.Folder.get_root_folder_id,
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="%(class)s_folder",
+                        to="iam.folder",
+                    ),
+                ),
+                (
+                    "owner",
+                    models.ManyToManyField(
+                        blank=True,
+                        related_name="contracts",
+                        to=settings.AUTH_USER_MODEL,
+                        verbose_name="Owner",
+                    ),
+                ),
+                (
+                    "solutions",
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text="Solutions covered by this contract",
+                        related_name="contracts",
+                        to="tprm.solution",
+                        verbose_name="Solutions",
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "Contract",
+                "verbose_name_plural": "Contracts",
+            },
+        ),
+    ]
diff --git a/backend/tprm/models.py b/backend/tprm/models.py
index ca075ca96f..b63f8a960b 100644
--- a/backend/tprm/models.py
+++ b/backend/tprm/models.py
@@ -1,7 +1,14 @@
 from django.db import models
 from django.utils.translation import gettext_lazy as _
 from core.base_models import NameDescriptionMixin, AbstractBaseModel
-from core.models import Assessment, ComplianceAssessment, Evidence, Asset, Terminology
+from core.models import (
+    Assessment,
+    ComplianceAssessment,
+    Evidence,
+    Asset,
+    Terminology,
+    FilteringLabelMixin,
+)
 from iam.models import Folder, FolderMixin, PublishInRootFolderMixin
 from iam.views import User
 
@@ -163,6 +170,74 @@ class Meta:
         verbose_name_plural = _("Solutions")
 
 
+class Contract(NameDescriptionMixin, FolderMixin, FilteringLabelMixin):
+    """
+    A contract represents an agreement between multiple entities
+    """
+
+    class Status(models.TextChoices):
+        DRAFT = "draft", _("Draft")
+        ACTIVE = "active", _("Active")
+        EXPIRED = "expired", _("Expired")
+        TERMINATED = "terminated", _("Terminated")
+
+    owner = models.ManyToManyField(
+        User,
+        verbose_name=_("Owner"),
+        related_name="contracts",
+        blank=True,
+    )
+    entities = models.ManyToManyField(
+        Entity,
+        related_name="contracts",
+        blank=True,
+        verbose_name=_("Entities"),
+        help_text=_("Entities involved in this contract"),
+    )
+    evidences = models.ManyToManyField(
+        Evidence,
+        blank=True,
+        related_name="contracts",
+        verbose_name=_("Evidences"),
+        help_text=_("Supporting evidence for this contract"),
+    )
+    solutions = models.ManyToManyField(
+        "tprm.Solution",
+        blank=True,
+        related_name="contracts",
+        verbose_name=_("Solutions"),
+        help_text=_("Solutions covered by this contract"),
+    )
+    status = models.CharField(
+        max_length=20,
+        choices=Status.choices,
+        default=Status.DRAFT,
+        verbose_name=_("Status"),
+    )
+    start_date = models.DateField(
+        blank=True,
+        null=True,
+        verbose_name=_("Start date"),
+    )
+    end_date = models.DateField(
+        blank=True,
+        null=True,
+        verbose_name=_("End date"),
+    )
+    ref_id = models.CharField(
+        max_length=255,
+        blank=True,
+        verbose_name=_("Reference ID"),
+        help_text=_("Contract reference number or identifier"),
+    )
+
+    fields_to_check = ["name"]
+
+    class Meta:
+        verbose_name = _("Contract")
+        verbose_name_plural = _("Contracts")
+
+
 common_exclude = ["created_at", "updated_at"]
 
 auditlog.register(
@@ -181,3 +256,7 @@ class Meta:
     Solution,
     exclude_fields=common_exclude,
 )
+auditlog.register(
+    Contract,
+    exclude_fields=common_exclude,
+)
diff --git a/backend/tprm/serializers.py b/backend/tprm/serializers.py
index c695332bc5..4cbd3f4450 100644
--- a/backend/tprm/serializers.py
+++ b/backend/tprm/serializers.py
@@ -8,7 +8,7 @@
 from core.utils import RoleCodename, UserGroupCodename
 from iam.models import Folder, Role, RoleAssignment, UserGroup
 from django.contrib.auth import get_user_model
-from tprm.models import Entity, EntityAssessment, Representative, Solution
+from tprm.models import Entity, EntityAssessment, Representative, Solution, Contract
 from django.utils.translation import gettext_lazy as _
 
 import structlog
@@ -22,6 +22,7 @@ class EntityReadSerializer(BaseModelSerializer):
     folder = FieldsRelatedField()
     owned_folders = FieldsRelatedField(many=True)
     relationship = FieldsRelatedField(many=True)
+    contracts = FieldsRelatedField(many=True)
     legal_identifiers = serializers.SerializerMethodField()
 
     def get_legal_identifiers(self, obj):
@@ -276,6 +277,7 @@ class SolutionReadSerializer(BaseModelSerializer):
     provider_entity = FieldsRelatedField()
     recipient_entity = FieldsRelatedField()
     assets = FieldsRelatedField(many=True)
+    contracts = FieldsRelatedField(many=True)
 
     class Meta:
         model = Solution
@@ -286,3 +288,21 @@ class SolutionWriteSerializer(BaseModelSerializer):
     class Meta:
         model = Solution
         exclude = ["recipient_entity"]
+
+
+class ContractReadSerializer(BaseModelSerializer):
+    folder = FieldsRelatedField()
+    owner = FieldsRelatedField(many=True)
+    entities = FieldsRelatedField(many=True)
+    evidences = FieldsRelatedField(many=True)
+    solutions = FieldsRelatedField(many=True)
+
+    class Meta:
+        model = Contract
+        exclude = []
+
+
+class ContractWriteSerializer(BaseModelSerializer):
+    class Meta:
+        model = Contract
+        exclude = []
diff --git a/backend/tprm/views.py b/backend/tprm/views.py
index ee45cd57b3..fb5cfa9981 100644
--- a/backend/tprm/views.py
+++ b/backend/tprm/views.py
@@ -1,7 +1,7 @@
 from rest_framework.response import Response
 from iam.models import Folder, RoleAssignment, UserGroup
 from core.views import BaseModelViewSet as AbstractBaseModelViewSet
-from tprm.models import Entity, Representative, Solution, EntityAssessment
+from tprm.models import Entity, Representative, Solution, EntityAssessment, Contract
 from rest_framework.decorators import action
 import structlog
 
@@ -24,7 +24,13 @@ class EntityViewSet(BaseModelViewSet):
     """
 
     model = Entity
-    filterset_fields = ["name", "folder", "relationship", "relationship__name"]
+    filterset_fields = [
+        "name",
+        "folder",
+        "relationship",
+        "relationship__name",
+        "contracts",
+    ]
 
 
 class EntityAssessmentViewSet(BaseModelViewSet):
@@ -144,10 +150,23 @@ class SolutionViewSet(BaseModelViewSet):
     """
 
     model = Solution
-    filterset_fields = ["name", "provider_entity", "assets", "criticality"]
+    filterset_fields = ["name", "provider_entity", "assets", "criticality", "contracts"]
 
     def perform_create(self, serializer):
         serializer.save()
         solution = serializer.instance
         solution.recipient_entity = Entity.objects.get(builtin=True)
         solution.save()
+
+
+class ContractViewSet(BaseModelViewSet):
+    """
+    API endpoint that allows contracts to be viewed or edited.
+    """
+
+    model = Contract
+    filterset_fields = ["name", "folder", "entities", "status", "owner"]
+
+    @action(detail=False, name="Get status choices")
+    def status(self, request):
+        return Response(dict(Contract.Status.choices))
diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index 8933ceb877..6ae7bc3eeb 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -53,6 +53,8 @@
 	"associatedEntityAssessments": "Associated entity assessments",
 	"associatedRepresentatives": "Associated representatives",
 	"associatedSolutions": "Associated solutions",
+	"associatedContracts": "Associated contracts",
+	"associatedEntities": "Associated entities",
 	"associatedTaskTemplates": "Associated tasks",
 	"associatedObjectsCount": "Associated objects",
 	"home": "Home",
@@ -207,6 +209,8 @@
 	"existingControls": "Existing controls",
 	"strengthOfKnowledge": "Strength of knowledge",
 	"dueDate": "Due date",
+	"startDate": "Start date",
+	"endDate": "End date",
 	"attachment": "Attachment",
 	"observation": "Observation",
 	"observationHelpText": "Additional notes and comments in markdown format",
@@ -837,6 +841,9 @@
 	"solutionsLinkedToAssetHelpText": "Solutions associated with this asset",
 	"providerEntity": "Provider entity",
 	"addProduct": "Add product",
+	"contracts": "Contracts",
+	"contract": "Contract",
+	"addContract": "Add contract",
 	"representatives": "Representatives",
 	"representative": "Representative",
 	"addRepresentative": "Add representative",
diff --git a/frontend/src/lib/components/Forms/ModelForm.svelte b/frontend/src/lib/components/Forms/ModelForm.svelte
index 26da9efcc9..7cf81f4e0d 100644
--- a/frontend/src/lib/components/Forms/ModelForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm.svelte
@@ -23,6 +23,7 @@
 	import EntitiesForm from './ModelForm/EntityForm.svelte';
 	import EntityAssessmentForm from './ModelForm/EntityAssessmentForm.svelte';
 	import SolutionsForm from './ModelForm/SolutionForm.svelte';
+	import ContractsForm from './ModelForm/ContractForm.svelte';
 	import RepresentativesForm from './ModelForm/RepresentativeForm.svelte';
 	import FrameworksForm from './ModelForm/FrameworkForm.svelte';
 	import UsersForm from './ModelForm/UserForm.svelte';
@@ -453,6 +454,8 @@
 			/>
 		{:else if URLModel === 'solutions'}
 			<SolutionsForm {form} {model} {cacheLocks} {formDataCache} {initialData} {...rest} />
+		{:else if URLModel === 'contracts'}
+			<ContractsForm {form} {model} {cacheLocks} {formDataCache} {initialData} {...rest} />
 		{:else if URLModel === 'representatives'}
 			<RepresentativesForm {form} {model} {cacheLocks} {formDataCache} {data} {...rest} />
 		{:else if URLModel === 'frameworks'}
diff --git a/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte b/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
new file mode 100644
index 0000000000..11695e6ccc
--- /dev/null
+++ b/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
@@ -0,0 +1,113 @@
+<script lang="ts">
+	import AutocompleteSelect from '../AutocompleteSelect.svelte';
+	import TextField from '$lib/components/Forms/TextField.svelte';
+	import Select from '../Select.svelte';
+	import type { SuperValidated } from 'sveltekit-superforms';
+	import type { ModelInfo, CacheLock } from '$lib/utils/types';
+	import { m } from '$paraglide/messages';
+
+	interface Props {
+		form: SuperValidated<any>;
+		model: ModelInfo;
+		cacheLocks?: Record<string, CacheLock>;
+		formDataCache?: Record<string, any>;
+		initialData?: Record<string, any>;
+	}
+
+	let {
+		form,
+		model,
+		cacheLocks = {},
+		formDataCache = $bindable({}),
+		initialData = {}
+	}: Props = $props();
+</script>
+
+<AutocompleteSelect
+	{form}
+	field="folder"
+	optionsEndpoint="folders"
+	cacheLock={cacheLocks['folder']}
+	bind:cachedValue={formDataCache['folder']}
+	label={m.domain()}
+	hidden={initialData.folder}
+/>
+<TextField
+	{form}
+	field="ref_id"
+	label={m.refId()}
+	cacheLock={cacheLocks['ref_id']}
+	bind:cachedValue={formDataCache['ref_id']}
+/>
+<Select
+	{form}
+	field="status"
+	optionsEndpoint="contracts/status"
+	cacheLock={cacheLocks['status']}
+	bind:cachedValue={formDataCache['status']}
+	label={m.status()}
+/>
+<TextField
+	type="date"
+	{form}
+	field="start_date"
+	label={m.startDate()}
+	cacheLock={cacheLocks['start_date']}
+	bind:cachedValue={formDataCache['start_date']}
+/>
+<TextField
+	type="date"
+	{form}
+	field="end_date"
+	label={m.endDate()}
+	cacheLock={cacheLocks['end_date']}
+	bind:cachedValue={formDataCache['end_date']}
+/>
+<AutocompleteSelect
+	{form}
+	multiple
+	optionsEndpoint="users"
+	optionsLabelField="email"
+	field="owner"
+	cacheLock={cacheLocks['owner']}
+	bind:cachedValue={formDataCache['owner']}
+	label={m.owner()}
+/>
+<AutocompleteSelect
+	{form}
+	multiple
+	optionsEndpoint="entities"
+	field="entities"
+	cacheLock={cacheLocks['entities']}
+	bind:cachedValue={formDataCache['entities']}
+	label={m.entities()}
+/>
+<AutocompleteSelect
+	{form}
+	multiple
+	optionsEndpoint="solutions"
+	optionsExtraFields={[['provider_entity', 'str']]}
+	field="solutions"
+	cacheLock={cacheLocks['solutions']}
+	bind:cachedValue={formDataCache['solutions']}
+	label={m.solutions()}
+/>
+<AutocompleteSelect
+	{form}
+	multiple
+	optionsEndpoint="evidences"
+	optionsExtraFields={[['folder', 'str']]}
+	field="evidences"
+	cacheLock={cacheLocks['evidences']}
+	bind:cachedValue={formDataCache['evidences']}
+	label={m.evidences()}
+/>
+<AutocompleteSelect
+	{form}
+	multiple
+	field="filtering_labels"
+	optionsEndpoint="filtering-labels"
+	cacheLock={cacheLocks['filtering_labels']}
+	bind:cachedValue={formDataCache['filtering_labels']}
+	label={m.filteringLabels()}
+/>
diff --git a/frontend/src/lib/components/SideBar/navData.ts b/frontend/src/lib/components/SideBar/navData.ts
index 0adb44eaf4..c406188f6d 100644
--- a/frontend/src/lib/components/SideBar/navData.ts
+++ b/frontend/src/lib/components/SideBar/navData.ts
@@ -264,7 +264,7 @@ export const navData = {
 					name: 'tprmOverview',
 					fa_icon: 'fa-solid fa-gauge',
 					href: '/analytics/tprm',
-					permissions: ['view_entity', 'view_solution', 'view_entityassessment']
+					permissions: ['view_entity', 'view_solution', 'view_contract', 'view_entityassessment']
 				},
 				{
 					name: 'entities',
@@ -281,6 +281,11 @@ export const navData = {
 					fa_icon: 'fa-solid fa-box',
 					href: '/solutions'
 				},
+				{
+					name: 'contracts',
+					fa_icon: 'fa-solid fa-file-contract',
+					href: '/contracts'
+				},
 				{
 					name: 'entityAssessments',
 					fa_icon: 'fa-solid fa-clipboard-list',
diff --git a/frontend/src/lib/utils/crud.ts b/frontend/src/lib/utils/crud.ts
index 666b6eb31c..297d91a526 100644
--- a/frontend/src/lib/utils/crud.ts
+++ b/frontend/src/lib/utils/crud.ts
@@ -773,7 +773,8 @@ export const URL_MODEL_MAP: ModelMap = {
 		reverseForeignKeyFields: [
 			{ field: 'entity', urlModel: 'entity-assessments' },
 			{ field: 'entity', urlModel: 'representatives' },
-			{ field: 'provider_entity', urlModel: 'solutions' }
+			{ field: 'provider_entity', urlModel: 'solutions' },
+			{ field: 'entities', urlModel: 'contracts' }
 		],
 		foreignKeyFields: [
 			{ field: 'folder', urlModel: 'folders', urlParams: 'content_type=DO&content_type=GL' },
@@ -811,12 +812,32 @@ export const URL_MODEL_MAP: ModelMap = {
 		localNamePlural: 'solutions',
 		verboseName: 'Solution',
 		verboseNamePlural: 'Solutions',
+		reverseForeignKeyFields: [{ field: 'solutions', urlModel: 'contracts' }],
 		foreignKeyFields: [
 			{ field: 'provider_entity', urlModel: 'entities' },
 			{ field: 'recipient_entity', urlModel: 'entities' },
 			{ field: 'assets', urlModel: 'assets' }
 		]
 	},
+	contracts: {
+		name: 'contract',
+		localName: 'contract',
+		localNamePlural: 'contracts',
+		verboseName: 'Contract',
+		verboseNamePlural: 'Contracts',
+		reverseForeignKeyFields: [
+			{ field: 'contracts', urlModel: 'evidences', disableDelete: true },
+			{ field: 'contracts', urlModel: 'entities', disableDelete: true, disableCreate: true },
+			{ field: 'contracts', urlModel: 'solutions', disableDelete: true, disableCreate: true }
+		],
+		foreignKeyFields: [
+			{ field: 'folder', urlModel: 'folders' },
+			{ field: 'owner', urlModel: 'users' },
+			{ field: 'entities', urlModel: 'entities' },
+			{ field: 'evidences', urlModel: 'evidences' },
+			{ field: 'solutions', urlModel: 'solutions' }
+		]
+	},
 	representatives: {
 		name: 'representative',
 		localName: 'representative',
diff --git a/frontend/src/lib/utils/schemas.ts b/frontend/src/lib/utils/schemas.ts
index ad75a52b7d..4b16d38343 100644
--- a/frontend/src/lib/utils/schemas.ts
+++ b/frontend/src/lib/utils/schemas.ts
@@ -619,6 +619,20 @@ export const representativeSchema = z.object({
 	description: z.string().optional()
 });
 
+export const contractSchema = z.object({
+	...NameDescriptionMixin,
+	folder: z.string(),
+	filtering_labels: z.array(z.string()).optional(),
+	owner: z.array(z.string().optional()).optional(),
+	entities: z.array(z.string().optional()).optional(),
+	evidences: z.array(z.string().optional()).optional(),
+	solutions: z.array(z.string().optional()).optional(),
+	status: z.string().optional().default('draft'),
+	start_date: z.union([z.literal('').transform(() => null), z.string().date()]).nullish(),
+	end_date: z.union([z.literal('').transform(() => null), z.string().date()]).nullish(),
+	ref_id: z.string().optional()
+});
+
 export const vulnerabilitySchema = z.object({
 	...NameDescriptionMixin,
 	folder: z.string(),
@@ -1263,6 +1277,7 @@ const SCHEMA_MAP: Record<string, AnyZodObject> = {
 	'entity-assessments': EntityAssessmentSchema,
 	representatives: representativeSchema,
 	solutions: solutionSchema,
+	contracts: contractSchema,
 	vulnerabilities: vulnerabilitySchema,
 	'filtering-labels': FilteringLabelSchema,
 	'business-impact-analysis': BusinessImpactAnalysisSchema,
diff --git a/frontend/src/lib/utils/table.ts b/frontend/src/lib/utils/table.ts
index 837e65d61b..bfa43d5f3f 100644
--- a/frontend/src/lib/utils/table.ts
+++ b/frontend/src/lib/utils/table.ts
@@ -1016,6 +1016,18 @@ const EVIDENCE_STATUS_FILTER: ListViewFilterConfig = {
 	}
 };
 
+const CONTRACT_STATUS_FILTER: ListViewFilterConfig = {
+	component: AutocompleteSelect,
+	props: {
+		label: 'status',
+		optionsEndpoint: 'contracts/status',
+		optionsLabelField: 'label',
+		optionsValueField: 'value',
+		browserCache: 'force-cache',
+		multiple: true
+	}
+};
+
 const EVIDENCE_OWNER_FILTER: ListViewFilterConfig = {
 	component: AutocompleteSelect,
 	props: {
@@ -1496,6 +1508,14 @@ export const listViewFields = {
 			criticality: SOLUTION_CRITICALITY_FILTER
 		}
 	},
+	contracts: {
+		head: ['refId', 'name', 'description', 'status', 'startDate', 'endDate', 'entities'],
+		body: ['ref_id', 'name', 'description', 'status', 'start_date', 'end_date', 'entities'],
+		filters: {
+			status: CONTRACT_STATUS_FILTER,
+			entities: ENTITY_FILTER
+		}
+	},
 	representatives: {
 		head: ['email', 'entity', 'role'],
 		body: ['email', 'entity', 'role'],
diff --git a/frontend/src/lib/utils/types.ts b/frontend/src/lib/utils/types.ts
index ee7e6f3ff8..6d79ea7547 100644
--- a/frontend/src/lib/utils/types.ts
+++ b/frontend/src/lib/utils/types.ts
@@ -65,6 +65,7 @@ export const URL_MODEL = [
 	'entities',
 	'entity-assessments',
 	'solutions',
+	'contracts',
 	'representatives',
 	'vulnerabilities',
 	'filtering-labels',

From 6b0113841f1c9f822040f9d105dc9dff93516faa Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Fri, 7 Nov 2025 23:15:25 +0100
Subject: [PATCH 07/47] make Main editable

---
 .../components/DetailView/DetailView.svelte   |  3 ++-
 .../src/lib/components/Forms/ModelForm.svelte |  2 +-
 .../Forms/ModelForm/EntityForm.svelte         | 24 +++++++++++--------
 frontend/src/lib/utils/table.ts               |  4 ++--
 4 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/frontend/src/lib/components/DetailView/DetailView.svelte b/frontend/src/lib/components/DetailView/DetailView.svelte
index 93417683f9..e3ecc74587 100644
--- a/frontend/src/lib/components/DetailView/DetailView.svelte
+++ b/frontend/src/lib/components/DetailView/DetailView.svelte
@@ -263,7 +263,8 @@
 				!['Submitted', 'Accepted', 'Rejected', 'Revoked'].includes(data.data.state) &&
 				!data.data.urn &&
 				!data.data.builtin) ||
-			data?.urlModel === 'terminologies'
+			data?.urlModel === 'terminologies' ||
+			data?.urlModel === 'entities'
 		);
 	});
 
diff --git a/frontend/src/lib/components/Forms/ModelForm.svelte b/frontend/src/lib/components/Forms/ModelForm.svelte
index 7cf81f4e0d..d871425054 100644
--- a/frontend/src/lib/components/Forms/ModelForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm.svelte
@@ -441,7 +441,7 @@
 		{:else if URLModel === 'requirement-assessments'}
 			<RequirementAssessmentsForm {form} {model} {cacheLocks} {formDataCache} {context} {...rest} />
 		{:else if URLModel === 'entities'}
-			<EntitiesForm {form} {model} {cacheLocks} {formDataCache} {initialData} {...rest} />
+			<EntitiesForm {form} {model} {cacheLocks} {formDataCache} {initialData} {object} {...rest} />
 		{:else if URLModel === 'entity-assessments'}
 			<EntityAssessmentForm
 				{form}
diff --git a/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte b/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
index 77250959d5..44e41e1016 100644
--- a/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
@@ -13,6 +13,7 @@
 		cacheLocks?: Record<string, CacheLock>;
 		formDataCache?: Record<string, any>;
 		initialData?: Record<string, any>;
+		object?: any;
 	}
 
 	let {
@@ -20,7 +21,8 @@
 		model,
 		cacheLocks = {},
 		formDataCache = $bindable({}),
-		initialData = {}
+		initialData = {},
+		object = {}
 	}: Props = $props();
 </script>
 
@@ -49,15 +51,17 @@
 	label={m.domain()}
 	hidden={initialData.folder}
 />
-<AutocompleteSelect
-	{form}
-	optionsEndpoint="terminologies?field_path=entity.relationship"
-	field="relationship"
-	cacheLock={cacheLocks['relationship']}
-	bind:cachedValue={formDataCache['relationship']}
-	label={m.relationship()}
-	multiple
-/>
+{#if !object.builtin}
+	<AutocompleteSelect
+		{form}
+		optionsEndpoint="terminologies?field_path=entity.relationship"
+		field="relationship"
+		cacheLock={cacheLocks['relationship']}
+		bind:cachedValue={formDataCache['relationship']}
+		label={m.relationship()}
+		multiple
+	/>
+{/if}
 <LegalIdentifierField
 	{form}
 	field="legal_identifiers"
diff --git a/frontend/src/lib/utils/table.ts b/frontend/src/lib/utils/table.ts
index bfa43d5f3f..7b3bc9fcf6 100644
--- a/frontend/src/lib/utils/table.ts
+++ b/frontend/src/lib/utils/table.ts
@@ -1482,8 +1482,8 @@ export const listViewFields = {
 		}
 	},
 	entities: {
-		head: ['name', 'description', 'domain', 'relationship', 'ownedFolders'],
-		body: ['name', 'description', 'folder', 'relationship', 'owned_folders'],
+		head: ['refId', 'name', 'description', 'domain', 'relationship'],
+		body: ['ref_id', 'name', 'description', 'folder', 'relationship'],
 		filters: {
 			folder: DOMAIN_FILTER,
 			relationship: ENTITY_RELATIONSHIP_FILTER

From 2b8b2561668c4fa9527256ef126e71b92b7b2909 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Sat, 8 Nov 2025 09:12:34 +0100
Subject: [PATCH 08/47] wip for report generation

---
 backend/tprm/views.py                         |  85 +++++++++++++++
 frontend/messages/en.json                     |   3 +-
 .../src/lib/components/SideBar/navData.ts     |  11 ++
 .../(app)/(internal)/reports/+page.server.ts  |   9 ++
 .../(app)/(internal)/reports/+page.svelte     | 101 ++++++++++++++++++
 .../(internal)/reports/ReportTile.svelte      |  91 ++++++++++++++++
 .../(internal)/reports/dora-roi/+server.ts    |  25 +++++
 7 files changed, 324 insertions(+), 1 deletion(-)
 create mode 100644 frontend/src/routes/(app)/(internal)/reports/+page.server.ts
 create mode 100644 frontend/src/routes/(app)/(internal)/reports/+page.svelte
 create mode 100644 frontend/src/routes/(app)/(internal)/reports/ReportTile.svelte
 create mode 100644 frontend/src/routes/(app)/(internal)/reports/dora-roi/+server.ts

diff --git a/backend/tprm/views.py b/backend/tprm/views.py
index fb5cfa9981..81c6c168ce 100644
--- a/backend/tprm/views.py
+++ b/backend/tprm/views.py
@@ -9,6 +9,12 @@
 from rest_framework.response import Response
 
 from django.utils.formats import date_format
+from django.http import HttpResponse
+
+import csv
+import io
+import zipfile
+from datetime import datetime
 
 logger = structlog.get_logger(__name__)
 
@@ -32,6 +38,85 @@ class EntityViewSet(BaseModelViewSet):
         "contracts",
     ]
 
+    @action(detail=False, methods=["get"], name="Generate DORA ROI")
+    def generate_dora_roi(self, request):
+        """
+        Generate DORA Register of Information (ROI) as a zip file containing CSV data.
+        """
+        # Get viewable entities for the current user
+        (viewable_items, _, _) = RoleAssignment.get_accessible_object_ids(
+            folder=Folder.get_root_folder(),
+            user=request.user,
+            object_type=Entity,
+        )
+
+        # Create CSV in memory
+        csv_buffer = io.StringIO()
+        csv_writer = csv.writer(csv_buffer)
+
+        # Write CSV headers
+        csv_writer.writerow(
+            [
+                "Entity ID",
+                "Name",
+                "Description",
+                "Mission",
+                "Reference Link",
+                "Relationship Types",
+                "Legal Identifiers",
+                "Folder",
+                "Created At",
+                "Updated At",
+            ]
+        )
+
+        # Write entity data
+        for entity in Entity.objects.filter(id__in=viewable_items).select_related(
+            "folder"
+        ):
+            # Get relationship types as comma-separated string
+            relationships = ", ".join([str(rel) for rel in entity.relationship.all()])
+
+            # Format legal identifiers as string
+            legal_ids = (
+                ", ".join([f"{k}: {v}" for k, v in entity.legal_identifiers.items()])
+                if entity.legal_identifiers
+                else ""
+            )
+
+            csv_writer.writerow(
+                [
+                    str(entity.id),
+                    entity.name,
+                    entity.description or "",
+                    entity.mission or "",
+                    entity.reference_link or "",
+                    relationships,
+                    legal_ids,
+                    entity.folder.name if entity.folder else "",
+                    entity.created_at.strftime("%Y-%m-%d %H:%M:%S"),
+                    entity.updated_at.strftime("%Y-%m-%d %H:%M:%S"),
+                ]
+            )
+
+        # Create zip file in memory
+        zip_buffer = io.BytesIO()
+        with zipfile.ZipFile(zip_buffer, "w", zipfile.ZIP_DEFLATED) as zip_file:
+            # Add CSV to zip
+            zip_file.writestr(
+                "entities_register.csv", csv_buffer.getvalue().encode("utf-8")
+            )
+
+        # Prepare response
+        zip_buffer.seek(0)
+        timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
+        filename = f"DORA_ROI_{timestamp}.zip"
+
+        response = HttpResponse(zip_buffer.getvalue(), content_type="application/zip")
+        response["Content-Disposition"] = f'attachment; filename="{filename}"'
+
+        return response
+
 
 class EntityAssessmentViewSet(BaseModelViewSet):
     """
diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index 6ae7bc3eeb..b0ef9786c2 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -2622,5 +2622,6 @@
 	"impactValuesMustBeIncreasing": "Impact for '{current}' must be greater than '{previous}'. Values should increase across levels.",
 	"runningMonteCarloSimulations": "Running Monte Carlo simulations for quantitative risk analysis. This may take a moment...",
 	"probabilityRequirements": "All values must be provided and between 0 and 100 (e.g., 5, 20, 50, 90). Values must increase from top to bottom.",
-	"impactRequirements": "All values must be provided and greater than 0. Values must increase from top to bottom (e.g., Minor: 5,000 → Major: 50,000 → Critical: 500,000)."
+	"impactRequirements": "All values must be provided and greater than 0. Values must increase from top to bottom (e.g., Minor: 5,000 → Major: 50,000 → Critical: 500,000).",
+	"reports": "Reports"
 }
diff --git a/frontend/src/lib/components/SideBar/navData.ts b/frontend/src/lib/components/SideBar/navData.ts
index c406188f6d..c5ef209fef 100644
--- a/frontend/src/lib/components/SideBar/navData.ts
+++ b/frontend/src/lib/components/SideBar/navData.ts
@@ -26,6 +26,17 @@ export const navData = {
 						'view_riskassessment'
 					]
 				},
+				{
+					name: 'reports',
+					fa_icon: 'fa-solid fa-file-chart-column',
+					href: '/reports',
+					permissions: [
+						'view_perimeter',
+						'view_riskscenario',
+						'view_referencecontrol',
+						'view_riskassessment'
+					]
+				},
 				{
 					name: 'myAssignments',
 					fa_icon: 'fa-solid fa-list-check',
diff --git a/frontend/src/routes/(app)/(internal)/reports/+page.server.ts b/frontend/src/routes/(app)/(internal)/reports/+page.server.ts
new file mode 100644
index 0000000000..d3336eb8f0
--- /dev/null
+++ b/frontend/src/routes/(app)/(internal)/reports/+page.server.ts
@@ -0,0 +1,9 @@
+import type { PageServerLoad } from './$types';
+import { m } from '$paraglide/messages';
+
+export const load: PageServerLoad = async ({ locals }) => {
+	return {
+		user: locals.user,
+		title: m.reports()
+	};
+};
diff --git a/frontend/src/routes/(app)/(internal)/reports/+page.svelte b/frontend/src/routes/(app)/(internal)/reports/+page.svelte
new file mode 100644
index 0000000000..4fc990c631
--- /dev/null
+++ b/frontend/src/routes/(app)/(internal)/reports/+page.svelte
@@ -0,0 +1,101 @@
+<script lang="ts">
+	import { m } from '$paraglide/messages';
+	import type { PageData } from './$types';
+	import ReportTile from './ReportTile.svelte';
+
+	interface Props {
+		data: PageData;
+	}
+
+	let { data }: Props = $props();
+
+	interface ReportTileData {
+		id: string;
+		title: string;
+		description: string;
+		icon: string;
+		category: string;
+		onClick?: () => void;
+		href?: string;
+	}
+
+	// Available report tiles
+	const reportTiles: ReportTileData[] = [
+		{
+			id: 'dora-roi',
+			title: 'DORA Register of Information',
+			description: 'Generate DORA-compliant Register of Information (ROI) containing entity data required by the Digital Operational Resilience Act',
+			icon: 'fa-solid fa-building-shield',
+			category: 'compliance',
+			href: '/reports/dora-roi'
+		},
+		{
+			id: 'compliance-summary',
+			title: m.complianceSummaryReport ? m.complianceSummaryReport() : 'Compliance Summary Report',
+			description: m.complianceSummaryReportDesc ? m.complianceSummaryReportDesc() : 'Generate comprehensive compliance status across all frameworks',
+			icon: 'fa-solid fa-clipboard-check',
+			category: 'compliance'
+		},
+		{
+			id: 'incident-analysis',
+			title: m.incidentAnalysisReport ? m.incidentAnalysisReport() : 'Incident Analysis Report',
+			description: m.incidentAnalysisReportDesc ? m.incidentAnalysisReportDesc() : 'Comprehensive analysis of security incidents and trends',
+			icon: 'fa-solid fa-bug',
+			category: 'operations'
+		},
+		{
+			id: 'asset-inventory',
+			title: m.assetInventoryReport ? m.assetInventoryReport() : 'Asset Inventory Report',
+			description: m.assetInventoryReportDesc ? m.assetInventoryReportDesc() : 'Complete inventory of assets and their risk profiles',
+			icon: 'fa-solid fa-gem',
+			category: 'assets'
+		}
+	];
+
+	function handleTileClick(tile: ReportTileData): void {
+		if (tile.onClick) {
+			tile.onClick();
+		} else {
+			// Default action - will be implemented with backend
+			console.log(`Report tile clicked: ${tile.id}`);
+			// TODO: Navigate to report generation page or trigger report generation
+		}
+	}
+</script>
+
+<div class="px-4 py-6 space-y-6">
+	<!-- Header -->
+
+	<!-- Reports Grid with White Background -->
+	<div class="bg-white rounded-xl shadow-sm border border-gray-200 p-6">
+		<div class="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-6">
+			{#each reportTiles as tile}
+				<ReportTile
+					title={tile.title}
+					description={tile.description}
+					icon={tile.icon}
+					category={tile.category}
+					href={tile.href}
+					onclick={tile.href ? undefined : () => handleTileClick(tile)}
+				/>
+			{/each}
+		</div>
+	</div>
+
+	<!-- Info Section -->
+	<div class="bg-gradient-to-br from-gray-50 to-gray-100 rounded-xl border border-gray-200 p-6">
+		<div class="flex items-start gap-4">
+			<div class="flex-shrink-0">
+				<i class="fas fa-info-circle text-2xl text-blue-600"></i>
+			</div>
+			<div>
+				<h3 class="text-lg font-semibold text-gray-900 mb-2">
+					{m.aboutReports ? m.aboutReports() : 'About Reports'}
+				</h3>
+				<p class="text-gray-700">
+					{m.aboutReportsDescription ? m.aboutReportsDescription() : 'Reports provide a simple tools to generate specialized reports useful for key insights or required by authorities for specific standards.\nMore specialized capabilities will be added as we identify specific cases.'}
+				</p>
+			</div>
+		</div>
+	</div>
+</div>
diff --git a/frontend/src/routes/(app)/(internal)/reports/ReportTile.svelte b/frontend/src/routes/(app)/(internal)/reports/ReportTile.svelte
new file mode 100644
index 0000000000..10d9d5b8ee
--- /dev/null
+++ b/frontend/src/routes/(app)/(internal)/reports/ReportTile.svelte
@@ -0,0 +1,91 @@
+<script lang="ts">
+	import { m } from '$paraglide/messages';
+
+	interface Props {
+		title: string;
+		description: string;
+		icon: string;
+		category: string;
+		onclick?: () => void;
+		href?: string;
+	}
+
+	let { title, description, icon, category, onclick, href }: Props = $props();
+
+	function getCategoryColor(category: string): string {
+		const colors: Record<string, string> = {
+			compliance: 'bg-blue-50 border-blue-200 hover:border-blue-400',
+			risk: 'bg-red-50 border-red-200 hover:border-red-400',
+			governance: 'bg-green-50 border-green-200 hover:border-green-400',
+			operations: 'bg-yellow-50 border-yellow-200 hover:border-yellow-400',
+			assets: 'bg-purple-50 border-purple-200 hover:border-purple-400'
+		};
+		return colors[category] || 'bg-gray-50 border-gray-200 hover:border-gray-400';
+	}
+
+	function getCategoryIconColor(category: string): string {
+		const colors: Record<string, string> = {
+			compliance: 'text-blue-600',
+			risk: 'text-red-600',
+			governance: 'text-green-600',
+			operations: 'text-yellow-600',
+			assets: 'text-purple-600'
+		};
+		return colors[category] || 'text-gray-600';
+	}
+
+	const baseClasses = "block text-left p-6 rounded-lg border-2 transition-all duration-200 hover:shadow-lg transform hover:-translate-y-1 cursor-pointer";
+</script>
+
+{#if href}
+	<a
+		{href}
+		class="{baseClasses} {getCategoryColor(category)}"
+	>
+		<div class="flex items-start gap-4">
+			<div class="flex-shrink-0">
+				<div class="w-12 h-12 rounded-lg bg-white flex items-center justify-center shadow-sm">
+					<i class="{icon} text-2xl {getCategoryIconColor(category)}"></i>
+				</div>
+			</div>
+			<div class="flex-1 min-w-0">
+				<h3 class="text-lg font-semibold text-gray-900 mb-2">
+					{title}
+				</h3>
+				<p class="text-sm text-gray-600 leading-relaxed">
+					{description}
+				</p>
+				<div class="mt-4 flex items-center text-sm font-medium {getCategoryIconColor(category)}">
+					{m.generateReport ? m.generateReport() : 'Generate Report'}
+					<i class="fas fa-arrow-right ml-2 text-xs"></i>
+				</div>
+			</div>
+		</div>
+	</a>
+{:else}
+	<button
+		type="button"
+		class="{baseClasses} {getCategoryColor(category)}"
+		{onclick}
+	>
+		<div class="flex items-start gap-4">
+			<div class="flex-shrink-0">
+				<div class="w-12 h-12 rounded-lg bg-white flex items-center justify-center shadow-sm">
+					<i class="{icon} text-2xl {getCategoryIconColor(category)}"></i>
+				</div>
+			</div>
+			<div class="flex-1 min-w-0">
+				<h3 class="text-lg font-semibold text-gray-900 mb-2">
+					{title}
+				</h3>
+				<p class="text-sm text-gray-600 leading-relaxed">
+					{description}
+				</p>
+				<div class="mt-4 flex items-center text-sm font-medium {getCategoryIconColor(category)}">
+					{m.generateReport ? m.generateReport() : 'Generate Report'}
+					<i class="fas fa-arrow-right ml-2 text-xs"></i>
+				</div>
+			</div>
+		</div>
+	</button>
+{/if}
diff --git a/frontend/src/routes/(app)/(internal)/reports/dora-roi/+server.ts b/frontend/src/routes/(app)/(internal)/reports/dora-roi/+server.ts
new file mode 100644
index 0000000000..0193802d11
--- /dev/null
+++ b/frontend/src/routes/(app)/(internal)/reports/dora-roi/+server.ts
@@ -0,0 +1,25 @@
+import { BASE_API_URL } from '$lib/utils/constants';
+import { error } from '@sveltejs/kit';
+import type { RequestHandler } from './$types';
+
+export const GET: RequestHandler = async ({ fetch }) => {
+	const endpoint = `${BASE_API_URL}/entities/generate_dora_roi/`;
+
+	const res = await fetch(endpoint);
+	if (!res.ok) {
+		error(400, 'Error generating DORA ROI file');
+	}
+
+	// Extract filename from Content-Disposition header if available
+	const contentDisposition = res.headers.get('Content-Disposition');
+	const fileName = contentDisposition
+		? contentDisposition.split('filename=')[1]?.replace(/"/g, '')
+		: `DORA_ROI_${new Date().toISOString().split('T')[0]}.zip`;
+
+	return new Response(await res.blob(), {
+		headers: {
+			'Content-Type': 'application/zip',
+			'Content-Disposition': `attachment; filename="${fileName}"`
+		}
+	});
+};

From 1458c8062d146f39d5dc6ce046cb8bfca0b107e8 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Sat, 8 Nov 2025 09:55:22 +0100
Subject: [PATCH 09/47] fixup for tiles

---
 .../(app)/(internal)/reports/+page.svelte     | 14 ++++--
 .../(internal)/reports/ReportTile.svelte      | 49 ++++++++++++++-----
 2 files changed, 48 insertions(+), 15 deletions(-)

diff --git a/frontend/src/routes/(app)/(internal)/reports/+page.svelte b/frontend/src/routes/(app)/(internal)/reports/+page.svelte
index 4fc990c631..85beef7f16 100644
--- a/frontend/src/routes/(app)/(internal)/reports/+page.svelte
+++ b/frontend/src/routes/(app)/(internal)/reports/+page.svelte
@@ -17,6 +17,7 @@
 		category: string;
 		onClick?: () => void;
 		href?: string;
+		tags?: string[];
 	}
 
 	// Available report tiles
@@ -27,28 +28,32 @@
 			description: 'Generate DORA-compliant Register of Information (ROI) containing entity data required by the Digital Operational Resilience Act',
 			icon: 'fa-solid fa-building-shield',
 			category: 'compliance',
-			href: '/reports/dora-roi'
+			href: '/reports/dora-roi',
+			tags: ['DORA', 'Regulation', 'Entities']
 		},
 		{
 			id: 'compliance-summary',
 			title: m.complianceSummaryReport ? m.complianceSummaryReport() : 'Compliance Summary Report',
 			description: m.complianceSummaryReportDesc ? m.complianceSummaryReportDesc() : 'Generate comprehensive compliance status across all frameworks',
 			icon: 'fa-solid fa-clipboard-check',
-			category: 'compliance'
+			category: 'compliance',
+			tags: ['Compliance', 'Frameworks', 'Audits']
 		},
 		{
 			id: 'incident-analysis',
 			title: m.incidentAnalysisReport ? m.incidentAnalysisReport() : 'Incident Analysis Report',
 			description: m.incidentAnalysisReportDesc ? m.incidentAnalysisReportDesc() : 'Comprehensive analysis of security incidents and trends',
 			icon: 'fa-solid fa-bug',
-			category: 'operations'
+			category: 'operations',
+			tags: ['Incidents', 'Operations', 'Security']
 		},
 		{
 			id: 'asset-inventory',
 			title: m.assetInventoryReport ? m.assetInventoryReport() : 'Asset Inventory Report',
 			description: m.assetInventoryReportDesc ? m.assetInventoryReportDesc() : 'Complete inventory of assets and their risk profiles',
 			icon: 'fa-solid fa-gem',
-			category: 'assets'
+			category: 'assets',
+			tags: ['Assets', 'Inventory', 'Risk']
 		}
 	];
 
@@ -76,6 +81,7 @@
 					icon={tile.icon}
 					category={tile.category}
 					href={tile.href}
+					tags={tile.tags}
 					onclick={tile.href ? undefined : () => handleTileClick(tile)}
 				/>
 			{/each}
diff --git a/frontend/src/routes/(app)/(internal)/reports/ReportTile.svelte b/frontend/src/routes/(app)/(internal)/reports/ReportTile.svelte
index 10d9d5b8ee..a0bbf1f7c2 100644
--- a/frontend/src/routes/(app)/(internal)/reports/ReportTile.svelte
+++ b/frontend/src/routes/(app)/(internal)/reports/ReportTile.svelte
@@ -8,9 +8,10 @@
 		category: string;
 		onclick?: () => void;
 		href?: string;
+		tags?: string[];
 	}
 
-	let { title, description, icon, category, onclick, href }: Props = $props();
+	let { title, description, icon, category, onclick, href, tags = [] }: Props = $props();
 
 	function getCategoryColor(category: string): string {
 		const colors: Record<string, string> = {
@@ -48,16 +49,29 @@
 					<i class="{icon} text-2xl {getCategoryIconColor(category)}"></i>
 				</div>
 			</div>
-			<div class="flex-1 min-w-0">
+			<div class="flex-1 min-w-0 flex flex-col">
 				<h3 class="text-lg font-semibold text-gray-900 mb-2">
 					{title}
 				</h3>
-				<p class="text-sm text-gray-600 leading-relaxed">
+				<p class="text-sm text-gray-600 leading-relaxed mb-auto">
 					{description}
 				</p>
-				<div class="mt-4 flex items-center text-sm font-medium {getCategoryIconColor(category)}">
-					{m.generateReport ? m.generateReport() : 'Generate Report'}
-					<i class="fas fa-arrow-right ml-2 text-xs"></i>
+				<div class="mt-4">
+					<div class="flex items-center justify-between">
+						<div class="flex items-center text-sm font-medium {getCategoryIconColor(category)}">
+							{m.generateReport ? m.generateReport() : 'Generate Report'}
+							<i class="fas fa-arrow-right ml-2 text-xs"></i>
+						</div>
+					</div>
+					{#if tags.length > 0}
+						<div class="flex flex-wrap gap-1 mt-3">
+							{#each tags as tag}
+								<span class="inline-flex items-center px-1.5 py-0.5 rounded text-[10px] font-medium bg-gray-100 text-gray-600 border border-gray-200">
+									{tag}
+								</span>
+							{/each}
+						</div>
+					{/if}
 				</div>
 			</div>
 		</div>
@@ -74,16 +88,29 @@
 					<i class="{icon} text-2xl {getCategoryIconColor(category)}"></i>
 				</div>
 			</div>
-			<div class="flex-1 min-w-0">
+			<div class="flex-1 min-w-0 flex flex-col">
 				<h3 class="text-lg font-semibold text-gray-900 mb-2">
 					{title}
 				</h3>
-				<p class="text-sm text-gray-600 leading-relaxed">
+				<p class="text-sm text-gray-600 leading-relaxed mb-auto">
 					{description}
 				</p>
-				<div class="mt-4 flex items-center text-sm font-medium {getCategoryIconColor(category)}">
-					{m.generateReport ? m.generateReport() : 'Generate Report'}
-					<i class="fas fa-arrow-right ml-2 text-xs"></i>
+				<div class="mt-4">
+					<div class="flex items-center justify-between">
+						<div class="flex items-center text-sm font-medium {getCategoryIconColor(category)}">
+							{m.generateReport ? m.generateReport() : 'Generate Report'}
+							<i class="fas fa-arrow-right ml-2 text-xs"></i>
+						</div>
+					</div>
+					{#if tags.length > 0}
+						<div class="flex flex-wrap gap-1 mt-3">
+							{#each tags as tag}
+								<span class="inline-flex items-center px-1.5 py-0.5 rounded text-[10px] font-medium bg-gray-100 text-gray-600 border border-gray-200">
+									{tag}
+								</span>
+							{/each}
+						</div>
+					{/if}
 				</div>
 			</div>
 		</div>

From b9fb505e2a623d86c11b9f9327e86183995c48f8 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Sun, 9 Nov 2025 18:10:33 +0100
Subject: [PATCH 10/47] fix icon

---
 frontend/src/lib/components/SideBar/navData.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/src/lib/components/SideBar/navData.ts b/frontend/src/lib/components/SideBar/navData.ts
index c5ef209fef..65c12c01ed 100644
--- a/frontend/src/lib/components/SideBar/navData.ts
+++ b/frontend/src/lib/components/SideBar/navData.ts
@@ -28,7 +28,7 @@ export const navData = {
 				},
 				{
 					name: 'reports',
-					fa_icon: 'fa-solid fa-file-chart-column',
+					fa_icon: 'fas fa-file-invoice',
 					href: '/reports',
 					permissions: [
 						'view_perimeter',

From 6f00d656e9b0e903ba0121eb681dde66ea51abea Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Mon, 10 Nov 2025 08:48:32 +0100
Subject: [PATCH 11/47] update countries list

---
 backend/core/constants.py | 85 ++++++++++++++++++++++++++++++++-------
 1 file changed, 71 insertions(+), 14 deletions(-)

diff --git a/backend/core/constants.py b/backend/core/constants.py
index 632a5b1a38..cce45cf389 100644
--- a/backend/core/constants.py
+++ b/backend/core/constants.py
@@ -1,12 +1,17 @@
 COUNTRY_CHOICES = [
     ("AF", "Afghanistan"),
+    ("AX", "Åland Islands"),
     ("AL", "Albania"),
     ("DZ", "Algeria"),
+    ("AS", "American Samoa"),
     ("AD", "Andorra"),
     ("AO", "Angola"),
+    ("AI", "Anguilla"),
+    ("AQ", "Antarctica"),
     ("AG", "Antigua and Barbuda"),
     ("AR", "Argentina"),
     ("AM", "Armenia"),
+    ("AW", "Aruba"),
     ("AU", "Australia"),
     ("AT", "Austria"),
     ("AZ", "Azerbaijan"),
@@ -18,33 +23,42 @@
     ("BE", "Belgium"),
     ("BZ", "Belize"),
     ("BJ", "Benin"),
+    ("BM", "Bermuda"),
     ("BT", "Bhutan"),
-    ("BO", "Bolivia"),
+    ("BO", "Bolivia, Plurinational State of"),
+    ("BQ", "Bonaire, Sint Eustatius and Saba"),
     ("BA", "Bosnia and Herzegovina"),
     ("BW", "Botswana"),
+    ("BV", "Bouvet Island"),
     ("BR", "Brazil"),
+    ("IO", "British Indian Ocean Territory"),
     ("BN", "Brunei Darussalam"),
     ("BG", "Bulgaria"),
     ("BF", "Burkina Faso"),
     ("BI", "Burundi"),
-    ("CV", "Cabo Verde"),
     ("KH", "Cambodia"),
     ("CM", "Cameroon"),
     ("CA", "Canada"),
+    ("CV", "Cape Verde"),
+    ("KY", "Cayman Islands"),
     ("CF", "Central African Republic"),
     ("TD", "Chad"),
     ("CL", "Chile"),
     ("CN", "China"),
+    ("CX", "Christmas Island"),
+    ("CC", "Cocos (Keeling) Islands"),
     ("CO", "Colombia"),
     ("KM", "Comoros"),
     ("CG", "Congo"),
-    ("CD", "Congo, Democratic Republic of the"),
+    ("CD", "Congo, The Democratic Republic of the"),
+    ("CK", "Cook Islands"),
     ("CR", "Costa Rica"),
     ("CI", "Côte d'Ivoire"),
     ("HR", "Croatia"),
     ("CU", "Cuba"),
+    ("CW", "Curaçao"),
     ("CY", "Cyprus"),
-    ("CZ", "Czechia"),
+    ("CZ", "Czech Republic"),
     ("DK", "Denmark"),
     ("DJ", "Djibouti"),
     ("DM", "Dominica"),
@@ -55,41 +69,56 @@
     ("GQ", "Equatorial Guinea"),
     ("ER", "Eritrea"),
     ("EE", "Estonia"),
-    ("SZ", "Eswatini"),
     ("ET", "Ethiopia"),
+    ("FK", "Falkland Islands (Malvinas)"),
+    ("FO", "Faroe Islands"),
     ("FJ", "Fiji"),
     ("FI", "Finland"),
     ("FR", "France"),
+    ("GF", "French Guiana"),
+    ("PF", "French Polynesia"),
+    ("TF", "French Southern Territories"),
     ("GA", "Gabon"),
     ("GM", "Gambia"),
     ("GE", "Georgia"),
     ("DE", "Germany"),
     ("GH", "Ghana"),
+    ("GI", "Gibraltar"),
     ("GR", "Greece"),
+    ("GL", "Greenland"),
     ("GD", "Grenada"),
+    ("GP", "Guadeloupe"),
+    ("GU", "Guam"),
     ("GT", "Guatemala"),
+    ("GG", "Guernsey"),
     ("GN", "Guinea"),
     ("GW", "Guinea-Bissau"),
     ("GY", "Guyana"),
     ("HT", "Haiti"),
+    ("HM", "Heard Island and McDonald Islands"),
+    ("VA", "Holy See (Vatican City State)"),
     ("HN", "Honduras"),
+    ("HK", "Hong Kong"),
     ("HU", "Hungary"),
     ("IS", "Iceland"),
     ("IN", "India"),
     ("ID", "Indonesia"),
-    ("IR", "Iran (Islamic Republic of)"),
+    ("IR", "Iran, Islamic Republic of"),
     ("IQ", "Iraq"),
     ("IE", "Ireland"),
+    ("IM", "Isle of Man"),
     ("IL", "Israel"),
     ("IT", "Italy"),
     ("JM", "Jamaica"),
     ("JP", "Japan"),
+    ("JE", "Jersey"),
     ("JO", "Jordan"),
     ("KZ", "Kazakhstan"),
     ("KE", "Kenya"),
     ("KI", "Kiribati"),
-    ("KP", "Korea (Democratic People's Republic of)"),
-    ("KR", "Korea (Republic of)"),
+    ("KP", "Korea, Democratic People's Republic of"),
+    ("KR", "Korea, Republic of"),
+    ("XK", "Kosovo"),
     ("KW", "Kuwait"),
     ("KG", "Kyrgyzstan"),
     ("LA", "Lao People's Democratic Republic"),
@@ -101,6 +130,8 @@
     ("LI", "Liechtenstein"),
     ("LT", "Lithuania"),
     ("LU", "Luxembourg"),
+    ("MO", "Macao"),
+    ("MK", "North Macedonia"),
     ("MG", "Madagascar"),
     ("MW", "Malawi"),
     ("MY", "Malaysia"),
@@ -108,14 +139,17 @@
     ("ML", "Mali"),
     ("MT", "Malta"),
     ("MH", "Marshall Islands"),
+    ("MQ", "Martinique"),
     ("MR", "Mauritania"),
     ("MU", "Mauritius"),
+    ("YT", "Mayotte"),
     ("MX", "Mexico"),
-    ("FM", "Micronesia (Federated States of)"),
-    ("MD", "Moldova (Republic of)"),
+    ("FM", "Micronesia, Federated States of"),
+    ("MD", "Moldova, Republic of"),
     ("MC", "Monaco"),
     ("MN", "Mongolia"),
     ("ME", "Montenegro"),
+    ("MS", "Montserrat"),
     ("MA", "Morocco"),
     ("MZ", "Mozambique"),
     ("MM", "Myanmar"),
@@ -123,29 +157,39 @@
     ("NR", "Nauru"),
     ("NP", "Nepal"),
     ("NL", "Netherlands"),
+    ("NC", "New Caledonia"),
     ("NZ", "New Zealand"),
     ("NI", "Nicaragua"),
     ("NE", "Niger"),
     ("NG", "Nigeria"),
-    ("MK", "North Macedonia"),
+    ("NU", "Niue"),
+    ("NF", "Norfolk Island"),
+    ("MP", "Northern Mariana Islands"),
     ("NO", "Norway"),
     ("OM", "Oman"),
     ("PK", "Pakistan"),
     ("PW", "Palau"),
-    ("PS", "Palestine, State of"),
+    ("PS", "Palestinian Territory, Occupied"),
     ("PA", "Panama"),
     ("PG", "Papua New Guinea"),
     ("PY", "Paraguay"),
     ("PE", "Peru"),
     ("PH", "Philippines"),
+    ("PN", "Pitcairn"),
     ("PL", "Poland"),
     ("PT", "Portugal"),
+    ("PR", "Puerto Rico"),
     ("QA", "Qatar"),
+    ("RE", "Réunion"),
     ("RO", "Romania"),
     ("RU", "Russian Federation"),
     ("RW", "Rwanda"),
+    ("BL", "Saint Barthélemy"),
+    ("SH", "Saint Helena, Ascension and Tristan da Cunha"),
     ("KN", "Saint Kitts and Nevis"),
     ("LC", "Saint Lucia"),
+    ("MF", "Saint Martin (French part)"),
+    ("PM", "Saint Pierre and Miquelon"),
     ("VC", "Saint Vincent and the Grenadines"),
     ("WS", "Samoa"),
     ("SM", "San Marino"),
@@ -156,41 +200,54 @@
     ("SC", "Seychelles"),
     ("SL", "Sierra Leone"),
     ("SG", "Singapore"),
+    ("SX", "Sint Maarten (Dutch part)"),
     ("SK", "Slovakia"),
     ("SI", "Slovenia"),
     ("SB", "Solomon Islands"),
     ("SO", "Somalia"),
     ("ZA", "South Africa"),
+    ("GS", "South Georgia and the South Sandwich Islands"),
     ("SS", "South Sudan"),
     ("ES", "Spain"),
     ("LK", "Sri Lanka"),
     ("SD", "Sudan"),
     ("SR", "Suriname"),
+    ("SJ", "Svalbard and Jan Mayen"),
+    ("SZ", "Swaziland"),
     ("SE", "Sweden"),
     ("CH", "Switzerland"),
     ("SY", "Syrian Arab Republic"),
+    ("TW", "Taiwan, Province of China"),
     ("TJ", "Tajikistan"),
     ("TZ", "Tanzania, United Republic of"),
     ("TH", "Thailand"),
     ("TL", "Timor-Leste"),
     ("TG", "Togo"),
+    ("TK", "Tokelau"),
     ("TO", "Tonga"),
     ("TT", "Trinidad and Tobago"),
     ("TN", "Tunisia"),
     ("TR", "Türkiye"),
     ("TM", "Turkmenistan"),
+    ("TC", "Turks and Caicos Islands"),
     ("TV", "Tuvalu"),
     ("UG", "Uganda"),
     ("UA", "Ukraine"),
     ("AE", "United Arab Emirates"),
     ("GB", "United Kingdom"),
-    ("US", "United States of America"),
+    ("US", "United States"),
+    ("UM", "United States Minor Outlying Islands"),
     ("UY", "Uruguay"),
     ("UZ", "Uzbekistan"),
     ("VU", "Vanuatu"),
-    ("VE", "Venezuela (Bolivarian Republic of)"),
+    ("VE", "Venezuela, Bolivarian Republic of"),
     ("VN", "Viet Nam"),
+    ("VG", "Virgin Islands, British"),
+    ("VI", "Virgin Islands, U.S."),
+    ("WF", "Wallis and Futuna"),
+    ("EH", "Western Sahara"),
     ("YE", "Yemen"),
     ("ZM", "Zambia"),
     ("ZW", "Zimbabwe"),
+    ("x28", "Other Countries"),
 ]

From d3de3a2142b156341977f468dbff5995cfdec731 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Mon, 10 Nov 2025 17:12:46 +0100
Subject: [PATCH 12/47] extra fields on Entity, Solution and Contract

---
 backend/core/constants.py                     |  169 +++
 backend/core/dora.py                          |   90 ++
 ...0_alter_datacontractor_country_and_more.py |  532 ++++++++
 ...nual_expense_contract_currency_and_more.py | 1091 +++++++++++++++++
 backend/tprm/models.py                        |  103 ++
 backend/tprm/serializers.py                   |    7 +
 backend/tprm/views.py                         |   91 +-
 frontend/messages/en.json                     |   15 +-
 .../Forms/ModelForm/ContractForm.svelte       |   68 +-
 .../Forms/ModelForm/EntityForm.svelte         |   80 +-
 .../Forms/ModelForm/SolutionForm.svelte       |   17 +
 frontend/src/lib/utils/crud.ts                |   19 +-
 frontend/src/lib/utils/schemas.ts             |   20 +-
 13 files changed, 2285 insertions(+), 17 deletions(-)
 create mode 100644 backend/core/dora.py
 create mode 100644 backend/privacy/migrations/0010_alter_datacontractor_country_and_more.py
 create mode 100644 backend/tprm/migrations/0010_contract_annual_expense_contract_currency_and_more.py

diff --git a/backend/core/constants.py b/backend/core/constants.py
index cce45cf389..293920a1eb 100644
--- a/backend/core/constants.py
+++ b/backend/core/constants.py
@@ -251,3 +251,172 @@
     ("ZW", "Zimbabwe"),
     ("x28", "Other Countries"),
 ]
+
+CURRENCY_CHOICES = [
+    ("AED", "UAE Dirham"),
+    ("AFN", "Afghani"),
+    ("ALL", "Lek"),
+    ("AMD", "Armenian Dram"),
+    ("ANG", "Netherlands Antillean Guilder"),
+    ("AOA", "Kwanza"),
+    ("ARS", "Argentine Peso"),
+    ("AUD", "Australian Dollar"),
+    ("AWG", "Aruban Florin"),
+    ("AZN", "Azerbaijanian Manat"),
+    ("BAM", "Convertible Mark"),
+    ("BBD", "Barbados Dollar"),
+    ("BDT", "Taka"),
+    ("BGN", "Bulgarian Lev"),
+    ("BHD", "Bahraini Dinar"),
+    ("BIF", "Burundi Franc"),
+    ("BMD", "Bermudian Dollar"),
+    ("BND", "Brunei Dollar"),
+    ("BOB", "Boliviano"),
+    ("BOV", "Mvdol"),
+    ("BRL", "Brazilian Real"),
+    ("BSD", "Bahamian Dollar"),
+    ("BTN", "Ngultrum"),
+    ("BWP", "Pula"),
+    ("BYR", "Belarussian Ruble (2000 Series)"),
+    ("BYN", "Belarusian Ruble"),
+    ("BZD", "Belize Dollar"),
+    ("CAD", "Canadian Dollar"),
+    ("CDF", "Congolese Franc"),
+    ("CHE", "WIR Euro"),
+    ("CHF", "Swiss Franc"),
+    ("CHW", "WIR Franc"),
+    ("CLF", "Unidades de fomento"),
+    ("CLP", "Chilean Peso"),
+    ("CNY", "Yuan Renminbi"),
+    ("COP", "Colombian Peso"),
+    ("COU", "Unidad de Valor Real"),
+    ("CRC", "Costa Rican Colon"),
+    ("CUC", "Peso Convertible"),
+    ("CUP", "Cuban Peso"),
+    ("CVE", "Cape Verde Escudo"),
+    ("CZK", "Czech Koruna"),
+    ("DJF", "Djibouti Franc"),
+    ("DKK", "Danish Krone"),
+    ("DOP", "Dominican Peso"),
+    ("DZD", "Algerian Dinar"),
+    ("EGP", "Egyptian Pound"),
+    ("ERN", "Nakfa"),
+    ("ETB", "Ethiopian Birr"),
+    ("EUR", "Euro"),
+    ("FJD", "Fiji Dollar"),
+    ("FKP", "Falkland Islands Pound"),
+    ("GBP", "Pound Sterling"),
+    ("GEL", "Lari"),
+    ("GHS", "Ghana Cedi"),
+    ("GIP", "Gibraltar Pound"),
+    ("GMD", "Dalasi"),
+    ("GNF", "Guinea Franc"),
+    ("GTQ", "Quetzal"),
+    ("GYD", "Guyana Dollar"),
+    ("HKD", "Hong Kong Dollar"),
+    ("HNL", "Lempira"),
+    ("HTG", "Gourde"),
+    ("HUF", "Forint"),
+    ("IDR", "Rupiah"),
+    ("ILS", "New Israeli Sheqel"),
+    ("INR", "Indian Rupee"),
+    ("IQD", "Iraqi Dinar"),
+    ("IRR", "Iranian Rial"),
+    ("ISK", "Iceland Krona"),
+    ("JMD", "Jamaican Dollar"),
+    ("JOD", "Jordanian Dinar"),
+    ("JPY", "Yen"),
+    ("KES", "Kenyan Shilling"),
+    ("KGS", "Som"),
+    ("KHR", "Riel"),
+    ("KMF", "Comoro Franc"),
+    ("KPW", "North Korean Won"),
+    ("KRW", "Won"),
+    ("KWD", "Kuwaiti Dinar"),
+    ("KYD", "Cayman Islands Dollar"),
+    ("KZT", "Tenge"),
+    ("LAK", "Kip"),
+    ("LBP", "Lebanese Pound"),
+    ("LKR", "Sri Lanka Rupee"),
+    ("LRD", "Liberian Dollar"),
+    ("LSL", "Loti"),
+    ("LTL", "Lithuanian Litas"),
+    ("LVL", "Latvian Lats"),
+    ("LYD", "Libyan Dinar"),
+    ("MAD", "Moroccan Dirham"),
+    ("MDL", "Moldovan Leu"),
+    ("MGA", "Malagasy Ariary"),
+    ("MKD", "Denar"),
+    ("MMK", "Kyat"),
+    ("MNT", "Tugrik"),
+    ("MOP", "Pataca"),
+    ("MRO", "Ouguiya"),
+    ("MUR", "Mauritius Rupee"),
+    ("MVR", "Rufiyaa"),
+    ("MWK", "Kwacha"),
+    ("MXN", "Mexican Peso"),
+    ("MYR", "Malaysian Ringgit"),
+    ("MZN", "Mozambique Metical"),
+    ("NAD", "Namibia Dollar"),
+    ("NGN", "Naira"),
+    ("NIO", "Cordoba Oro"),
+    ("NOK", "Norwegian Krone"),
+    ("NPR", "Nepalese Rupee"),
+    ("NZD", "New Zealand Dollar"),
+    ("OMR", "Rial Omani"),
+    ("PAB", "Balboa"),
+    ("PEN", "Nuevo Sol"),
+    ("PGK", "Kina"),
+    ("PHP", "Philippine Peso"),
+    ("PKR", "Pakistan Rupee"),
+    ("PLN", "Zloty"),
+    ("PYG", "Guarani"),
+    ("QAR", "Qatari Rial"),
+    ("RON", "New Romanian Leu"),
+    ("RSD", "Serbian Dinar"),
+    ("RUB", "Russian Ruble"),
+    ("RWF", "Rwanda Franc"),
+    ("SAR", "Saudi Riyal"),
+    ("SBD", "Solomon Islands Dollar"),
+    ("SCR", "Seychelles Rupee"),
+    ("SDG", "Sudanese Pound"),
+    ("SEK", "Swedish Krona"),
+    ("SGD", "Singapore Dollar"),
+    ("SHP", "Saint Helena Pound"),
+    ("SLL", "Leone"),
+    ("SOS", "Somali Shilling"),
+    ("SRD", "Surinam Dollar"),
+    ("SSP", "South Sudanese Pound"),
+    ("STD", "Dobra"),
+    ("SVC", "El Salvador Colon"),
+    ("SYP", "Syrian Pound"),
+    ("SZL", "Lilangeni"),
+    ("THB", "Baht"),
+    ("TJS", "Somoni"),
+    ("TMT", "Turkmenistan New Manat"),
+    ("TND", "Tunisian Dinar"),
+    ("TOP", "Pa'anga"),
+    ("TRY", "Turkish Lira"),
+    ("TTD", "Trinidad and Tobago Dollar"),
+    ("TWD", "New Taiwan Dollar"),
+    ("TZS", "Tanzanian Shilling"),
+    ("UAH", "Hryvnia"),
+    ("UGX", "Uganda Shilling"),
+    ("USD", "US Dollar"),
+    ("UYI", "Uruguay Peso en Unidades Indexadas (URUIURUI)"),
+    ("UYU", "Peso Uruguayo"),
+    ("UZS", "Uzbekistan Sum"),
+    ("VEF", "Bolivar"),
+    ("VND", "Dong"),
+    ("VUV", "Vatu"),
+    ("WST", "Tala"),
+    ("XCD", "East Caribbean Dollar"),
+    ("YER", "Yemeni Rial"),
+    ("ZAR", "Rand"),
+    ("ZMK", "Zambian Kwacha (replaced January 1, 2013)"),
+    ("ZMW", "Zambian Kwacha"),
+    ("ZWL", "Zimbabwe Dollar"),
+    ("x46", "Other Currency (open axis tables)"),
+    ("XPF", "CFP Franc"),
+    ("CNH", "Off-shore Yuan Renminbi"),
+]
diff --git a/backend/core/dora.py b/backend/core/dora.py
new file mode 100644
index 0000000000..b71ed114e7
--- /dev/null
+++ b/backend/core/dora.py
@@ -0,0 +1,90 @@
+"""
+DORA (Digital Operational Resilience Act) specific constants
+"""
+
+DORA_ENTITY_TYPE_CHOICES = [
+    ("eba_CT:x12", "Credit institutions"),
+    ("eba_CT:x599", "Investment firms"),
+    ("eba_CT:x643", "Central counterparties (CCPs)"),
+    ("eba_CT:x639", "Asset management companies"),
+    ("eba_CT:x301", "Account information service providers"),
+    ("eba_CT:x302", "Electronic money institutions"),
+    ("eba_CT:x303", "Crypto-asset service providers"),
+    ("eba_CT:x304", "Central security depository"),
+    ("eba_CT:x305", "Trading venues"),
+    ("eba_CT:x306", "Trade repositories"),
+    ("eba_CT:x300", "Payment institution"),
+    ("eba_CT:x316", "Other financial entity"),
+    ("eba_CT:x315", "Securitisation repository"),
+    ("eba_CT:x314", "Crowdfunding service providers"),
+    ("eba_CT:x313", "Administrator of critical benchmarks"),
+    ("eba_CT:x312", "Credit rating agency"),
+    ("eba_CT:x311", "Institutions for occupational retirement provision"),
+    (
+        "eba_CT:x320",
+        "Insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries",
+    ),
+    ("eba_CT:x309", "Insurance and reinsurance undertakings"),
+    ("eba_CT:x308", "Data reporting service providers"),
+    ("eba_CT:x307", "Managers of alternative investment funds"),
+    (
+        "eba_CT:x318",
+        "Non-financial entity: Other than ICT intra-group service provider",
+    ),
+    ("eba_CT:x317", "Non-financial entity: ICT intra-group service provider"),
+    ("eba_CT:x310", "Issuers of asset-referenced tokens"),
+]
+
+DORA_ENTITY_HIERARCHY_CHOICES = [
+    ("eba_RP:x53", "Ultimate parent"),
+    ("eba_RP:x551", "Parent other than ultimate parent"),
+    ("eba_RP:x56", "Subsidiary"),
+    ("eba_RP:x21", "Entities other than entities of the group"),
+    ("eba_RP:x210", "Outsourcing"),
+]
+
+DORA_CONTRACTUAL_ARRANGEMENT_CHOICES = [
+    ("eba_CO:x1", "Standalone arrangement"),
+    ("eba_CO:x2", "Overarching arrangement"),
+    ("eba_CO:x3", "Subsequent or associated arrangement"),
+]
+
+TERMINATION_REASON_CHOICES = [
+    ("eba_CO:x4", "Termination not for cause: Expired and not renewed"),
+    (
+        "eba_CO:x5",
+        "Termination for cause: Provider in breach of applicable law, regulations or contractual provisions",
+    ),
+    (
+        "eba_CO:x6",
+        "Termination for cause: Identified impediments of the provider capable of altering the supported function",
+    ),
+    (
+        "eba_CO:x7",
+        "Termination for cause: Provider's weaknesses regarding the management and security of sensitive data or information",
+    ),
+    ("eba_CO:x8", "Termination: As requested by the competent authority"),
+    ("eba_CO:x9", "Other reasons for termination"),
+]
+
+DORA_ICT_SERVICE_CHOICES = [
+    ("eba_TA:S01", "ICT project management"),
+    ("eba_TA:S02", "ICT Development"),
+    ("eba_TA:S03", "ICT help desk and first level support"),
+    ("eba_TA:S04", "ICT security management services"),
+    ("eba_TA:S05", "Provision of data"),
+    ("eba_TA:S06", "Data analysis"),
+    ("eba_TA:S07", "ICT, facilities and hosting services (excluding Cloud services)"),
+    ("eba_TA:S08", "Computation"),
+    ("eba_TA:S09", "Non-Cloud Data storage"),
+    ("eba_TA:S10", "Telecom carrier"),
+    ("eba_TA:S11", "Network infrastructure"),
+    ("eba_TA:S12", "Hardware and physical devices"),
+    ("eba_TA:S13", "Software licencing (excluding SaaS)"),
+    ("eba_TA:S14", "ICT operation management (including maintenance)"),
+    ("eba_TA:S15", "ICT Consulting"),
+    ("eba_TA:S16", "ICT Risk management"),
+    ("eba_TA:S17", "Cloud services: IaaS"),
+    ("eba_TA:S18", "Cloud services: PaaS"),
+    ("eba_TA:S19", "Cloud services: SaaS"),
+]
diff --git a/backend/privacy/migrations/0010_alter_datacontractor_country_and_more.py b/backend/privacy/migrations/0010_alter_datacontractor_country_and_more.py
new file mode 100644
index 0000000000..d584cc3f2e
--- /dev/null
+++ b/backend/privacy/migrations/0010_alter_datacontractor_country_and_more.py
@@ -0,0 +1,532 @@
+# Generated by Django 5.2.7 on 2025-11-10 14:28
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("privacy", "0009_processing_assigned_to_databreach"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="datacontractor",
+            name="country",
+            field=models.CharField(
+                choices=[
+                    ("AF", "Afghanistan"),
+                    ("AX", "Åland Islands"),
+                    ("AL", "Albania"),
+                    ("DZ", "Algeria"),
+                    ("AS", "American Samoa"),
+                    ("AD", "Andorra"),
+                    ("AO", "Angola"),
+                    ("AI", "Anguilla"),
+                    ("AQ", "Antarctica"),
+                    ("AG", "Antigua and Barbuda"),
+                    ("AR", "Argentina"),
+                    ("AM", "Armenia"),
+                    ("AW", "Aruba"),
+                    ("AU", "Australia"),
+                    ("AT", "Austria"),
+                    ("AZ", "Azerbaijan"),
+                    ("BS", "Bahamas"),
+                    ("BH", "Bahrain"),
+                    ("BD", "Bangladesh"),
+                    ("BB", "Barbados"),
+                    ("BY", "Belarus"),
+                    ("BE", "Belgium"),
+                    ("BZ", "Belize"),
+                    ("BJ", "Benin"),
+                    ("BM", "Bermuda"),
+                    ("BT", "Bhutan"),
+                    ("BO", "Bolivia, Plurinational State of"),
+                    ("BQ", "Bonaire, Sint Eustatius and Saba"),
+                    ("BA", "Bosnia and Herzegovina"),
+                    ("BW", "Botswana"),
+                    ("BV", "Bouvet Island"),
+                    ("BR", "Brazil"),
+                    ("IO", "British Indian Ocean Territory"),
+                    ("BN", "Brunei Darussalam"),
+                    ("BG", "Bulgaria"),
+                    ("BF", "Burkina Faso"),
+                    ("BI", "Burundi"),
+                    ("KH", "Cambodia"),
+                    ("CM", "Cameroon"),
+                    ("CA", "Canada"),
+                    ("CV", "Cape Verde"),
+                    ("KY", "Cayman Islands"),
+                    ("CF", "Central African Republic"),
+                    ("TD", "Chad"),
+                    ("CL", "Chile"),
+                    ("CN", "China"),
+                    ("CX", "Christmas Island"),
+                    ("CC", "Cocos (Keeling) Islands"),
+                    ("CO", "Colombia"),
+                    ("KM", "Comoros"),
+                    ("CG", "Congo"),
+                    ("CD", "Congo, The Democratic Republic of the"),
+                    ("CK", "Cook Islands"),
+                    ("CR", "Costa Rica"),
+                    ("CI", "Côte d'Ivoire"),
+                    ("HR", "Croatia"),
+                    ("CU", "Cuba"),
+                    ("CW", "Curaçao"),
+                    ("CY", "Cyprus"),
+                    ("CZ", "Czech Republic"),
+                    ("DK", "Denmark"),
+                    ("DJ", "Djibouti"),
+                    ("DM", "Dominica"),
+                    ("DO", "Dominican Republic"),
+                    ("EC", "Ecuador"),
+                    ("EG", "Egypt"),
+                    ("SV", "El Salvador"),
+                    ("GQ", "Equatorial Guinea"),
+                    ("ER", "Eritrea"),
+                    ("EE", "Estonia"),
+                    ("ET", "Ethiopia"),
+                    ("FK", "Falkland Islands (Malvinas)"),
+                    ("FO", "Faroe Islands"),
+                    ("FJ", "Fiji"),
+                    ("FI", "Finland"),
+                    ("FR", "France"),
+                    ("GF", "French Guiana"),
+                    ("PF", "French Polynesia"),
+                    ("TF", "French Southern Territories"),
+                    ("GA", "Gabon"),
+                    ("GM", "Gambia"),
+                    ("GE", "Georgia"),
+                    ("DE", "Germany"),
+                    ("GH", "Ghana"),
+                    ("GI", "Gibraltar"),
+                    ("GR", "Greece"),
+                    ("GL", "Greenland"),
+                    ("GD", "Grenada"),
+                    ("GP", "Guadeloupe"),
+                    ("GU", "Guam"),
+                    ("GT", "Guatemala"),
+                    ("GG", "Guernsey"),
+                    ("GN", "Guinea"),
+                    ("GW", "Guinea-Bissau"),
+                    ("GY", "Guyana"),
+                    ("HT", "Haiti"),
+                    ("HM", "Heard Island and McDonald Islands"),
+                    ("VA", "Holy See (Vatican City State)"),
+                    ("HN", "Honduras"),
+                    ("HK", "Hong Kong"),
+                    ("HU", "Hungary"),
+                    ("IS", "Iceland"),
+                    ("IN", "India"),
+                    ("ID", "Indonesia"),
+                    ("IR", "Iran, Islamic Republic of"),
+                    ("IQ", "Iraq"),
+                    ("IE", "Ireland"),
+                    ("IM", "Isle of Man"),
+                    ("IL", "Israel"),
+                    ("IT", "Italy"),
+                    ("JM", "Jamaica"),
+                    ("JP", "Japan"),
+                    ("JE", "Jersey"),
+                    ("JO", "Jordan"),
+                    ("KZ", "Kazakhstan"),
+                    ("KE", "Kenya"),
+                    ("KI", "Kiribati"),
+                    ("KP", "Korea, Democratic People's Republic of"),
+                    ("KR", "Korea, Republic of"),
+                    ("XK", "Kosovo"),
+                    ("KW", "Kuwait"),
+                    ("KG", "Kyrgyzstan"),
+                    ("LA", "Lao People's Democratic Republic"),
+                    ("LV", "Latvia"),
+                    ("LB", "Lebanon"),
+                    ("LS", "Lesotho"),
+                    ("LR", "Liberia"),
+                    ("LY", "Libya"),
+                    ("LI", "Liechtenstein"),
+                    ("LT", "Lithuania"),
+                    ("LU", "Luxembourg"),
+                    ("MO", "Macao"),
+                    ("MK", "North Macedonia"),
+                    ("MG", "Madagascar"),
+                    ("MW", "Malawi"),
+                    ("MY", "Malaysia"),
+                    ("MV", "Maldives"),
+                    ("ML", "Mali"),
+                    ("MT", "Malta"),
+                    ("MH", "Marshall Islands"),
+                    ("MQ", "Martinique"),
+                    ("MR", "Mauritania"),
+                    ("MU", "Mauritius"),
+                    ("YT", "Mayotte"),
+                    ("MX", "Mexico"),
+                    ("FM", "Micronesia, Federated States of"),
+                    ("MD", "Moldova, Republic of"),
+                    ("MC", "Monaco"),
+                    ("MN", "Mongolia"),
+                    ("ME", "Montenegro"),
+                    ("MS", "Montserrat"),
+                    ("MA", "Morocco"),
+                    ("MZ", "Mozambique"),
+                    ("MM", "Myanmar"),
+                    ("NA", "Namibia"),
+                    ("NR", "Nauru"),
+                    ("NP", "Nepal"),
+                    ("NL", "Netherlands"),
+                    ("NC", "New Caledonia"),
+                    ("NZ", "New Zealand"),
+                    ("NI", "Nicaragua"),
+                    ("NE", "Niger"),
+                    ("NG", "Nigeria"),
+                    ("NU", "Niue"),
+                    ("NF", "Norfolk Island"),
+                    ("MP", "Northern Mariana Islands"),
+                    ("NO", "Norway"),
+                    ("OM", "Oman"),
+                    ("PK", "Pakistan"),
+                    ("PW", "Palau"),
+                    ("PS", "Palestinian Territory, Occupied"),
+                    ("PA", "Panama"),
+                    ("PG", "Papua New Guinea"),
+                    ("PY", "Paraguay"),
+                    ("PE", "Peru"),
+                    ("PH", "Philippines"),
+                    ("PN", "Pitcairn"),
+                    ("PL", "Poland"),
+                    ("PT", "Portugal"),
+                    ("PR", "Puerto Rico"),
+                    ("QA", "Qatar"),
+                    ("RE", "Réunion"),
+                    ("RO", "Romania"),
+                    ("RU", "Russian Federation"),
+                    ("RW", "Rwanda"),
+                    ("BL", "Saint Barthélemy"),
+                    ("SH", "Saint Helena, Ascension and Tristan da Cunha"),
+                    ("KN", "Saint Kitts and Nevis"),
+                    ("LC", "Saint Lucia"),
+                    ("MF", "Saint Martin (French part)"),
+                    ("PM", "Saint Pierre and Miquelon"),
+                    ("VC", "Saint Vincent and the Grenadines"),
+                    ("WS", "Samoa"),
+                    ("SM", "San Marino"),
+                    ("ST", "Sao Tome and Principe"),
+                    ("SA", "Saudi Arabia"),
+                    ("SN", "Senegal"),
+                    ("RS", "Serbia"),
+                    ("SC", "Seychelles"),
+                    ("SL", "Sierra Leone"),
+                    ("SG", "Singapore"),
+                    ("SX", "Sint Maarten (Dutch part)"),
+                    ("SK", "Slovakia"),
+                    ("SI", "Slovenia"),
+                    ("SB", "Solomon Islands"),
+                    ("SO", "Somalia"),
+                    ("ZA", "South Africa"),
+                    ("GS", "South Georgia and the South Sandwich Islands"),
+                    ("SS", "South Sudan"),
+                    ("ES", "Spain"),
+                    ("LK", "Sri Lanka"),
+                    ("SD", "Sudan"),
+                    ("SR", "Suriname"),
+                    ("SJ", "Svalbard and Jan Mayen"),
+                    ("SZ", "Swaziland"),
+                    ("SE", "Sweden"),
+                    ("CH", "Switzerland"),
+                    ("SY", "Syrian Arab Republic"),
+                    ("TW", "Taiwan, Province of China"),
+                    ("TJ", "Tajikistan"),
+                    ("TZ", "Tanzania, United Republic of"),
+                    ("TH", "Thailand"),
+                    ("TL", "Timor-Leste"),
+                    ("TG", "Togo"),
+                    ("TK", "Tokelau"),
+                    ("TO", "Tonga"),
+                    ("TT", "Trinidad and Tobago"),
+                    ("TN", "Tunisia"),
+                    ("TR", "Türkiye"),
+                    ("TM", "Turkmenistan"),
+                    ("TC", "Turks and Caicos Islands"),
+                    ("TV", "Tuvalu"),
+                    ("UG", "Uganda"),
+                    ("UA", "Ukraine"),
+                    ("AE", "United Arab Emirates"),
+                    ("GB", "United Kingdom"),
+                    ("US", "United States"),
+                    ("UM", "United States Minor Outlying Islands"),
+                    ("UY", "Uruguay"),
+                    ("UZ", "Uzbekistan"),
+                    ("VU", "Vanuatu"),
+                    ("VE", "Venezuela, Bolivarian Republic of"),
+                    ("VN", "Viet Nam"),
+                    ("VG", "Virgin Islands, British"),
+                    ("VI", "Virgin Islands, U.S."),
+                    ("WF", "Wallis and Futuna"),
+                    ("EH", "Western Sahara"),
+                    ("YE", "Yemen"),
+                    ("ZM", "Zambia"),
+                    ("ZW", "Zimbabwe"),
+                    ("x28", "Other Countries"),
+                ],
+                max_length=3,
+            ),
+        ),
+        migrations.AlterField(
+            model_name="datatransfer",
+            name="country",
+            field=models.CharField(
+                choices=[
+                    ("AF", "Afghanistan"),
+                    ("AX", "Åland Islands"),
+                    ("AL", "Albania"),
+                    ("DZ", "Algeria"),
+                    ("AS", "American Samoa"),
+                    ("AD", "Andorra"),
+                    ("AO", "Angola"),
+                    ("AI", "Anguilla"),
+                    ("AQ", "Antarctica"),
+                    ("AG", "Antigua and Barbuda"),
+                    ("AR", "Argentina"),
+                    ("AM", "Armenia"),
+                    ("AW", "Aruba"),
+                    ("AU", "Australia"),
+                    ("AT", "Austria"),
+                    ("AZ", "Azerbaijan"),
+                    ("BS", "Bahamas"),
+                    ("BH", "Bahrain"),
+                    ("BD", "Bangladesh"),
+                    ("BB", "Barbados"),
+                    ("BY", "Belarus"),
+                    ("BE", "Belgium"),
+                    ("BZ", "Belize"),
+                    ("BJ", "Benin"),
+                    ("BM", "Bermuda"),
+                    ("BT", "Bhutan"),
+                    ("BO", "Bolivia, Plurinational State of"),
+                    ("BQ", "Bonaire, Sint Eustatius and Saba"),
+                    ("BA", "Bosnia and Herzegovina"),
+                    ("BW", "Botswana"),
+                    ("BV", "Bouvet Island"),
+                    ("BR", "Brazil"),
+                    ("IO", "British Indian Ocean Territory"),
+                    ("BN", "Brunei Darussalam"),
+                    ("BG", "Bulgaria"),
+                    ("BF", "Burkina Faso"),
+                    ("BI", "Burundi"),
+                    ("KH", "Cambodia"),
+                    ("CM", "Cameroon"),
+                    ("CA", "Canada"),
+                    ("CV", "Cape Verde"),
+                    ("KY", "Cayman Islands"),
+                    ("CF", "Central African Republic"),
+                    ("TD", "Chad"),
+                    ("CL", "Chile"),
+                    ("CN", "China"),
+                    ("CX", "Christmas Island"),
+                    ("CC", "Cocos (Keeling) Islands"),
+                    ("CO", "Colombia"),
+                    ("KM", "Comoros"),
+                    ("CG", "Congo"),
+                    ("CD", "Congo, The Democratic Republic of the"),
+                    ("CK", "Cook Islands"),
+                    ("CR", "Costa Rica"),
+                    ("CI", "Côte d'Ivoire"),
+                    ("HR", "Croatia"),
+                    ("CU", "Cuba"),
+                    ("CW", "Curaçao"),
+                    ("CY", "Cyprus"),
+                    ("CZ", "Czech Republic"),
+                    ("DK", "Denmark"),
+                    ("DJ", "Djibouti"),
+                    ("DM", "Dominica"),
+                    ("DO", "Dominican Republic"),
+                    ("EC", "Ecuador"),
+                    ("EG", "Egypt"),
+                    ("SV", "El Salvador"),
+                    ("GQ", "Equatorial Guinea"),
+                    ("ER", "Eritrea"),
+                    ("EE", "Estonia"),
+                    ("ET", "Ethiopia"),
+                    ("FK", "Falkland Islands (Malvinas)"),
+                    ("FO", "Faroe Islands"),
+                    ("FJ", "Fiji"),
+                    ("FI", "Finland"),
+                    ("FR", "France"),
+                    ("GF", "French Guiana"),
+                    ("PF", "French Polynesia"),
+                    ("TF", "French Southern Territories"),
+                    ("GA", "Gabon"),
+                    ("GM", "Gambia"),
+                    ("GE", "Georgia"),
+                    ("DE", "Germany"),
+                    ("GH", "Ghana"),
+                    ("GI", "Gibraltar"),
+                    ("GR", "Greece"),
+                    ("GL", "Greenland"),
+                    ("GD", "Grenada"),
+                    ("GP", "Guadeloupe"),
+                    ("GU", "Guam"),
+                    ("GT", "Guatemala"),
+                    ("GG", "Guernsey"),
+                    ("GN", "Guinea"),
+                    ("GW", "Guinea-Bissau"),
+                    ("GY", "Guyana"),
+                    ("HT", "Haiti"),
+                    ("HM", "Heard Island and McDonald Islands"),
+                    ("VA", "Holy See (Vatican City State)"),
+                    ("HN", "Honduras"),
+                    ("HK", "Hong Kong"),
+                    ("HU", "Hungary"),
+                    ("IS", "Iceland"),
+                    ("IN", "India"),
+                    ("ID", "Indonesia"),
+                    ("IR", "Iran, Islamic Republic of"),
+                    ("IQ", "Iraq"),
+                    ("IE", "Ireland"),
+                    ("IM", "Isle of Man"),
+                    ("IL", "Israel"),
+                    ("IT", "Italy"),
+                    ("JM", "Jamaica"),
+                    ("JP", "Japan"),
+                    ("JE", "Jersey"),
+                    ("JO", "Jordan"),
+                    ("KZ", "Kazakhstan"),
+                    ("KE", "Kenya"),
+                    ("KI", "Kiribati"),
+                    ("KP", "Korea, Democratic People's Republic of"),
+                    ("KR", "Korea, Republic of"),
+                    ("XK", "Kosovo"),
+                    ("KW", "Kuwait"),
+                    ("KG", "Kyrgyzstan"),
+                    ("LA", "Lao People's Democratic Republic"),
+                    ("LV", "Latvia"),
+                    ("LB", "Lebanon"),
+                    ("LS", "Lesotho"),
+                    ("LR", "Liberia"),
+                    ("LY", "Libya"),
+                    ("LI", "Liechtenstein"),
+                    ("LT", "Lithuania"),
+                    ("LU", "Luxembourg"),
+                    ("MO", "Macao"),
+                    ("MK", "North Macedonia"),
+                    ("MG", "Madagascar"),
+                    ("MW", "Malawi"),
+                    ("MY", "Malaysia"),
+                    ("MV", "Maldives"),
+                    ("ML", "Mali"),
+                    ("MT", "Malta"),
+                    ("MH", "Marshall Islands"),
+                    ("MQ", "Martinique"),
+                    ("MR", "Mauritania"),
+                    ("MU", "Mauritius"),
+                    ("YT", "Mayotte"),
+                    ("MX", "Mexico"),
+                    ("FM", "Micronesia, Federated States of"),
+                    ("MD", "Moldova, Republic of"),
+                    ("MC", "Monaco"),
+                    ("MN", "Mongolia"),
+                    ("ME", "Montenegro"),
+                    ("MS", "Montserrat"),
+                    ("MA", "Morocco"),
+                    ("MZ", "Mozambique"),
+                    ("MM", "Myanmar"),
+                    ("NA", "Namibia"),
+                    ("NR", "Nauru"),
+                    ("NP", "Nepal"),
+                    ("NL", "Netherlands"),
+                    ("NC", "New Caledonia"),
+                    ("NZ", "New Zealand"),
+                    ("NI", "Nicaragua"),
+                    ("NE", "Niger"),
+                    ("NG", "Nigeria"),
+                    ("NU", "Niue"),
+                    ("NF", "Norfolk Island"),
+                    ("MP", "Northern Mariana Islands"),
+                    ("NO", "Norway"),
+                    ("OM", "Oman"),
+                    ("PK", "Pakistan"),
+                    ("PW", "Palau"),
+                    ("PS", "Palestinian Territory, Occupied"),
+                    ("PA", "Panama"),
+                    ("PG", "Papua New Guinea"),
+                    ("PY", "Paraguay"),
+                    ("PE", "Peru"),
+                    ("PH", "Philippines"),
+                    ("PN", "Pitcairn"),
+                    ("PL", "Poland"),
+                    ("PT", "Portugal"),
+                    ("PR", "Puerto Rico"),
+                    ("QA", "Qatar"),
+                    ("RE", "Réunion"),
+                    ("RO", "Romania"),
+                    ("RU", "Russian Federation"),
+                    ("RW", "Rwanda"),
+                    ("BL", "Saint Barthélemy"),
+                    ("SH", "Saint Helena, Ascension and Tristan da Cunha"),
+                    ("KN", "Saint Kitts and Nevis"),
+                    ("LC", "Saint Lucia"),
+                    ("MF", "Saint Martin (French part)"),
+                    ("PM", "Saint Pierre and Miquelon"),
+                    ("VC", "Saint Vincent and the Grenadines"),
+                    ("WS", "Samoa"),
+                    ("SM", "San Marino"),
+                    ("ST", "Sao Tome and Principe"),
+                    ("SA", "Saudi Arabia"),
+                    ("SN", "Senegal"),
+                    ("RS", "Serbia"),
+                    ("SC", "Seychelles"),
+                    ("SL", "Sierra Leone"),
+                    ("SG", "Singapore"),
+                    ("SX", "Sint Maarten (Dutch part)"),
+                    ("SK", "Slovakia"),
+                    ("SI", "Slovenia"),
+                    ("SB", "Solomon Islands"),
+                    ("SO", "Somalia"),
+                    ("ZA", "South Africa"),
+                    ("GS", "South Georgia and the South Sandwich Islands"),
+                    ("SS", "South Sudan"),
+                    ("ES", "Spain"),
+                    ("LK", "Sri Lanka"),
+                    ("SD", "Sudan"),
+                    ("SR", "Suriname"),
+                    ("SJ", "Svalbard and Jan Mayen"),
+                    ("SZ", "Swaziland"),
+                    ("SE", "Sweden"),
+                    ("CH", "Switzerland"),
+                    ("SY", "Syrian Arab Republic"),
+                    ("TW", "Taiwan, Province of China"),
+                    ("TJ", "Tajikistan"),
+                    ("TZ", "Tanzania, United Republic of"),
+                    ("TH", "Thailand"),
+                    ("TL", "Timor-Leste"),
+                    ("TG", "Togo"),
+                    ("TK", "Tokelau"),
+                    ("TO", "Tonga"),
+                    ("TT", "Trinidad and Tobago"),
+                    ("TN", "Tunisia"),
+                    ("TR", "Türkiye"),
+                    ("TM", "Turkmenistan"),
+                    ("TC", "Turks and Caicos Islands"),
+                    ("TV", "Tuvalu"),
+                    ("UG", "Uganda"),
+                    ("UA", "Ukraine"),
+                    ("AE", "United Arab Emirates"),
+                    ("GB", "United Kingdom"),
+                    ("US", "United States"),
+                    ("UM", "United States Minor Outlying Islands"),
+                    ("UY", "Uruguay"),
+                    ("UZ", "Uzbekistan"),
+                    ("VU", "Vanuatu"),
+                    ("VE", "Venezuela, Bolivarian Republic of"),
+                    ("VN", "Viet Nam"),
+                    ("VG", "Virgin Islands, British"),
+                    ("VI", "Virgin Islands, U.S."),
+                    ("WF", "Wallis and Futuna"),
+                    ("EH", "Western Sahara"),
+                    ("YE", "Yemen"),
+                    ("ZM", "Zambia"),
+                    ("ZW", "Zimbabwe"),
+                    ("x28", "Other Countries"),
+                ],
+                max_length=3,
+            ),
+        ),
+    ]
diff --git a/backend/tprm/migrations/0010_contract_annual_expense_contract_currency_and_more.py b/backend/tprm/migrations/0010_contract_annual_expense_contract_currency_and_more.py
new file mode 100644
index 0000000000..56b453b972
--- /dev/null
+++ b/backend/tprm/migrations/0010_contract_annual_expense_contract_currency_and_more.py
@@ -0,0 +1,1091 @@
+# Generated by Django 5.2.7 on 2025-11-10 14:28
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("tprm", "0009_contract"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="contract",
+            name="annual_expense",
+            field=models.FloatField(
+                blank=True,
+                help_text="Annual expense amount for this contract",
+                null=True,
+                verbose_name="Annual expense",
+            ),
+        ),
+        migrations.AddField(
+            model_name="contract",
+            name="currency",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("AED", "UAE Dirham"),
+                    ("AFN", "Afghani"),
+                    ("ALL", "Lek"),
+                    ("AMD", "Armenian Dram"),
+                    ("ANG", "Netherlands Antillean Guilder"),
+                    ("AOA", "Kwanza"),
+                    ("ARS", "Argentine Peso"),
+                    ("AUD", "Australian Dollar"),
+                    ("AWG", "Aruban Florin"),
+                    ("AZN", "Azerbaijanian Manat"),
+                    ("BAM", "Convertible Mark"),
+                    ("BBD", "Barbados Dollar"),
+                    ("BDT", "Taka"),
+                    ("BGN", "Bulgarian Lev"),
+                    ("BHD", "Bahraini Dinar"),
+                    ("BIF", "Burundi Franc"),
+                    ("BMD", "Bermudian Dollar"),
+                    ("BND", "Brunei Dollar"),
+                    ("BOB", "Boliviano"),
+                    ("BOV", "Mvdol"),
+                    ("BRL", "Brazilian Real"),
+                    ("BSD", "Bahamian Dollar"),
+                    ("BTN", "Ngultrum"),
+                    ("BWP", "Pula"),
+                    ("BYR", "Belarussian Ruble (2000 Series)"),
+                    ("BYN", "Belarusian Ruble"),
+                    ("BZD", "Belize Dollar"),
+                    ("CAD", "Canadian Dollar"),
+                    ("CDF", "Congolese Franc"),
+                    ("CHE", "WIR Euro"),
+                    ("CHF", "Swiss Franc"),
+                    ("CHW", "WIR Franc"),
+                    ("CLF", "Unidades de fomento"),
+                    ("CLP", "Chilean Peso"),
+                    ("CNY", "Yuan Renminbi"),
+                    ("COP", "Colombian Peso"),
+                    ("COU", "Unidad de Valor Real"),
+                    ("CRC", "Costa Rican Colon"),
+                    ("CUC", "Peso Convertible"),
+                    ("CUP", "Cuban Peso"),
+                    ("CVE", "Cape Verde Escudo"),
+                    ("CZK", "Czech Koruna"),
+                    ("DJF", "Djibouti Franc"),
+                    ("DKK", "Danish Krone"),
+                    ("DOP", "Dominican Peso"),
+                    ("DZD", "Algerian Dinar"),
+                    ("EGP", "Egyptian Pound"),
+                    ("ERN", "Nakfa"),
+                    ("ETB", "Ethiopian Birr"),
+                    ("EUR", "Euro"),
+                    ("FJD", "Fiji Dollar"),
+                    ("FKP", "Falkland Islands Pound"),
+                    ("GBP", "Pound Sterling"),
+                    ("GEL", "Lari"),
+                    ("GHS", "Ghana Cedi"),
+                    ("GIP", "Gibraltar Pound"),
+                    ("GMD", "Dalasi"),
+                    ("GNF", "Guinea Franc"),
+                    ("GTQ", "Quetzal"),
+                    ("GYD", "Guyana Dollar"),
+                    ("HKD", "Hong Kong Dollar"),
+                    ("HNL", "Lempira"),
+                    ("HTG", "Gourde"),
+                    ("HUF", "Forint"),
+                    ("IDR", "Rupiah"),
+                    ("ILS", "New Israeli Sheqel"),
+                    ("INR", "Indian Rupee"),
+                    ("IQD", "Iraqi Dinar"),
+                    ("IRR", "Iranian Rial"),
+                    ("ISK", "Iceland Krona"),
+                    ("JMD", "Jamaican Dollar"),
+                    ("JOD", "Jordanian Dinar"),
+                    ("JPY", "Yen"),
+                    ("KES", "Kenyan Shilling"),
+                    ("KGS", "Som"),
+                    ("KHR", "Riel"),
+                    ("KMF", "Comoro Franc"),
+                    ("KPW", "North Korean Won"),
+                    ("KRW", "Won"),
+                    ("KWD", "Kuwaiti Dinar"),
+                    ("KYD", "Cayman Islands Dollar"),
+                    ("KZT", "Tenge"),
+                    ("LAK", "Kip"),
+                    ("LBP", "Lebanese Pound"),
+                    ("LKR", "Sri Lanka Rupee"),
+                    ("LRD", "Liberian Dollar"),
+                    ("LSL", "Loti"),
+                    ("LTL", "Lithuanian Litas"),
+                    ("LVL", "Latvian Lats"),
+                    ("LYD", "Libyan Dinar"),
+                    ("MAD", "Moroccan Dirham"),
+                    ("MDL", "Moldovan Leu"),
+                    ("MGA", "Malagasy Ariary"),
+                    ("MKD", "Denar"),
+                    ("MMK", "Kyat"),
+                    ("MNT", "Tugrik"),
+                    ("MOP", "Pataca"),
+                    ("MRO", "Ouguiya"),
+                    ("MUR", "Mauritius Rupee"),
+                    ("MVR", "Rufiyaa"),
+                    ("MWK", "Kwacha"),
+                    ("MXN", "Mexican Peso"),
+                    ("MYR", "Malaysian Ringgit"),
+                    ("MZN", "Mozambique Metical"),
+                    ("NAD", "Namibia Dollar"),
+                    ("NGN", "Naira"),
+                    ("NIO", "Cordoba Oro"),
+                    ("NOK", "Norwegian Krone"),
+                    ("NPR", "Nepalese Rupee"),
+                    ("NZD", "New Zealand Dollar"),
+                    ("OMR", "Rial Omani"),
+                    ("PAB", "Balboa"),
+                    ("PEN", "Nuevo Sol"),
+                    ("PGK", "Kina"),
+                    ("PHP", "Philippine Peso"),
+                    ("PKR", "Pakistan Rupee"),
+                    ("PLN", "Zloty"),
+                    ("PYG", "Guarani"),
+                    ("QAR", "Qatari Rial"),
+                    ("RON", "New Romanian Leu"),
+                    ("RSD", "Serbian Dinar"),
+                    ("RUB", "Russian Ruble"),
+                    ("RWF", "Rwanda Franc"),
+                    ("SAR", "Saudi Riyal"),
+                    ("SBD", "Solomon Islands Dollar"),
+                    ("SCR", "Seychelles Rupee"),
+                    ("SDG", "Sudanese Pound"),
+                    ("SEK", "Swedish Krona"),
+                    ("SGD", "Singapore Dollar"),
+                    ("SHP", "Saint Helena Pound"),
+                    ("SLL", "Leone"),
+                    ("SOS", "Somali Shilling"),
+                    ("SRD", "Surinam Dollar"),
+                    ("SSP", "South Sudanese Pound"),
+                    ("STD", "Dobra"),
+                    ("SVC", "El Salvador Colon"),
+                    ("SYP", "Syrian Pound"),
+                    ("SZL", "Lilangeni"),
+                    ("THB", "Baht"),
+                    ("TJS", "Somoni"),
+                    ("TMT", "Turkmenistan New Manat"),
+                    ("TND", "Tunisian Dinar"),
+                    ("TOP", "Pa'anga"),
+                    ("TRY", "Turkish Lira"),
+                    ("TTD", "Trinidad and Tobago Dollar"),
+                    ("TWD", "New Taiwan Dollar"),
+                    ("TZS", "Tanzanian Shilling"),
+                    ("UAH", "Hryvnia"),
+                    ("UGX", "Uganda Shilling"),
+                    ("USD", "US Dollar"),
+                    ("UYI", "Uruguay Peso en Unidades Indexadas (URUIURUI)"),
+                    ("UYU", "Peso Uruguayo"),
+                    ("UZS", "Uzbekistan Sum"),
+                    ("VEF", "Bolivar"),
+                    ("VND", "Dong"),
+                    ("VUV", "Vatu"),
+                    ("WST", "Tala"),
+                    ("XCD", "East Caribbean Dollar"),
+                    ("YER", "Yemeni Rial"),
+                    ("ZAR", "Rand"),
+                    ("ZMK", "Zambian Kwacha (replaced January 1, 2013)"),
+                    ("ZMW", "Zambian Kwacha"),
+                    ("ZWL", "Zimbabwe Dollar"),
+                    ("x46", "Other Currency (open axis tables)"),
+                    ("XPF", "CFP Franc"),
+                    ("CNH", "Off-shore Yuan Renminbi"),
+                ],
+                help_text="Currency for contract expenses",
+                max_length=3,
+                verbose_name="Currency",
+            ),
+        ),
+        migrations.AddField(
+            model_name="contract",
+            name="dora_contractual_arrangement",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("eba_CO:x1", "Standalone arrangement"),
+                    ("eba_CO:x2", "Overarching arrangement"),
+                    ("eba_CO:x3", "Subsequent or associated arrangement"),
+                ],
+                help_text="DORA contractual arrangement type",
+                max_length=20,
+                verbose_name="DORA contractual arrangement",
+            ),
+        ),
+        migrations.AddField(
+            model_name="contract",
+            name="governing_law_country",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("AF", "Afghanistan"),
+                    ("AX", "Åland Islands"),
+                    ("AL", "Albania"),
+                    ("DZ", "Algeria"),
+                    ("AS", "American Samoa"),
+                    ("AD", "Andorra"),
+                    ("AO", "Angola"),
+                    ("AI", "Anguilla"),
+                    ("AQ", "Antarctica"),
+                    ("AG", "Antigua and Barbuda"),
+                    ("AR", "Argentina"),
+                    ("AM", "Armenia"),
+                    ("AW", "Aruba"),
+                    ("AU", "Australia"),
+                    ("AT", "Austria"),
+                    ("AZ", "Azerbaijan"),
+                    ("BS", "Bahamas"),
+                    ("BH", "Bahrain"),
+                    ("BD", "Bangladesh"),
+                    ("BB", "Barbados"),
+                    ("BY", "Belarus"),
+                    ("BE", "Belgium"),
+                    ("BZ", "Belize"),
+                    ("BJ", "Benin"),
+                    ("BM", "Bermuda"),
+                    ("BT", "Bhutan"),
+                    ("BO", "Bolivia, Plurinational State of"),
+                    ("BQ", "Bonaire, Sint Eustatius and Saba"),
+                    ("BA", "Bosnia and Herzegovina"),
+                    ("BW", "Botswana"),
+                    ("BV", "Bouvet Island"),
+                    ("BR", "Brazil"),
+                    ("IO", "British Indian Ocean Territory"),
+                    ("BN", "Brunei Darussalam"),
+                    ("BG", "Bulgaria"),
+                    ("BF", "Burkina Faso"),
+                    ("BI", "Burundi"),
+                    ("KH", "Cambodia"),
+                    ("CM", "Cameroon"),
+                    ("CA", "Canada"),
+                    ("CV", "Cape Verde"),
+                    ("KY", "Cayman Islands"),
+                    ("CF", "Central African Republic"),
+                    ("TD", "Chad"),
+                    ("CL", "Chile"),
+                    ("CN", "China"),
+                    ("CX", "Christmas Island"),
+                    ("CC", "Cocos (Keeling) Islands"),
+                    ("CO", "Colombia"),
+                    ("KM", "Comoros"),
+                    ("CG", "Congo"),
+                    ("CD", "Congo, The Democratic Republic of the"),
+                    ("CK", "Cook Islands"),
+                    ("CR", "Costa Rica"),
+                    ("CI", "Côte d'Ivoire"),
+                    ("HR", "Croatia"),
+                    ("CU", "Cuba"),
+                    ("CW", "Curaçao"),
+                    ("CY", "Cyprus"),
+                    ("CZ", "Czech Republic"),
+                    ("DK", "Denmark"),
+                    ("DJ", "Djibouti"),
+                    ("DM", "Dominica"),
+                    ("DO", "Dominican Republic"),
+                    ("EC", "Ecuador"),
+                    ("EG", "Egypt"),
+                    ("SV", "El Salvador"),
+                    ("GQ", "Equatorial Guinea"),
+                    ("ER", "Eritrea"),
+                    ("EE", "Estonia"),
+                    ("ET", "Ethiopia"),
+                    ("FK", "Falkland Islands (Malvinas)"),
+                    ("FO", "Faroe Islands"),
+                    ("FJ", "Fiji"),
+                    ("FI", "Finland"),
+                    ("FR", "France"),
+                    ("GF", "French Guiana"),
+                    ("PF", "French Polynesia"),
+                    ("TF", "French Southern Territories"),
+                    ("GA", "Gabon"),
+                    ("GM", "Gambia"),
+                    ("GE", "Georgia"),
+                    ("DE", "Germany"),
+                    ("GH", "Ghana"),
+                    ("GI", "Gibraltar"),
+                    ("GR", "Greece"),
+                    ("GL", "Greenland"),
+                    ("GD", "Grenada"),
+                    ("GP", "Guadeloupe"),
+                    ("GU", "Guam"),
+                    ("GT", "Guatemala"),
+                    ("GG", "Guernsey"),
+                    ("GN", "Guinea"),
+                    ("GW", "Guinea-Bissau"),
+                    ("GY", "Guyana"),
+                    ("HT", "Haiti"),
+                    ("HM", "Heard Island and McDonald Islands"),
+                    ("VA", "Holy See (Vatican City State)"),
+                    ("HN", "Honduras"),
+                    ("HK", "Hong Kong"),
+                    ("HU", "Hungary"),
+                    ("IS", "Iceland"),
+                    ("IN", "India"),
+                    ("ID", "Indonesia"),
+                    ("IR", "Iran, Islamic Republic of"),
+                    ("IQ", "Iraq"),
+                    ("IE", "Ireland"),
+                    ("IM", "Isle of Man"),
+                    ("IL", "Israel"),
+                    ("IT", "Italy"),
+                    ("JM", "Jamaica"),
+                    ("JP", "Japan"),
+                    ("JE", "Jersey"),
+                    ("JO", "Jordan"),
+                    ("KZ", "Kazakhstan"),
+                    ("KE", "Kenya"),
+                    ("KI", "Kiribati"),
+                    ("KP", "Korea, Democratic People's Republic of"),
+                    ("KR", "Korea, Republic of"),
+                    ("XK", "Kosovo"),
+                    ("KW", "Kuwait"),
+                    ("KG", "Kyrgyzstan"),
+                    ("LA", "Lao People's Democratic Republic"),
+                    ("LV", "Latvia"),
+                    ("LB", "Lebanon"),
+                    ("LS", "Lesotho"),
+                    ("LR", "Liberia"),
+                    ("LY", "Libya"),
+                    ("LI", "Liechtenstein"),
+                    ("LT", "Lithuania"),
+                    ("LU", "Luxembourg"),
+                    ("MO", "Macao"),
+                    ("MK", "North Macedonia"),
+                    ("MG", "Madagascar"),
+                    ("MW", "Malawi"),
+                    ("MY", "Malaysia"),
+                    ("MV", "Maldives"),
+                    ("ML", "Mali"),
+                    ("MT", "Malta"),
+                    ("MH", "Marshall Islands"),
+                    ("MQ", "Martinique"),
+                    ("MR", "Mauritania"),
+                    ("MU", "Mauritius"),
+                    ("YT", "Mayotte"),
+                    ("MX", "Mexico"),
+                    ("FM", "Micronesia, Federated States of"),
+                    ("MD", "Moldova, Republic of"),
+                    ("MC", "Monaco"),
+                    ("MN", "Mongolia"),
+                    ("ME", "Montenegro"),
+                    ("MS", "Montserrat"),
+                    ("MA", "Morocco"),
+                    ("MZ", "Mozambique"),
+                    ("MM", "Myanmar"),
+                    ("NA", "Namibia"),
+                    ("NR", "Nauru"),
+                    ("NP", "Nepal"),
+                    ("NL", "Netherlands"),
+                    ("NC", "New Caledonia"),
+                    ("NZ", "New Zealand"),
+                    ("NI", "Nicaragua"),
+                    ("NE", "Niger"),
+                    ("NG", "Nigeria"),
+                    ("NU", "Niue"),
+                    ("NF", "Norfolk Island"),
+                    ("MP", "Northern Mariana Islands"),
+                    ("NO", "Norway"),
+                    ("OM", "Oman"),
+                    ("PK", "Pakistan"),
+                    ("PW", "Palau"),
+                    ("PS", "Palestinian Territory, Occupied"),
+                    ("PA", "Panama"),
+                    ("PG", "Papua New Guinea"),
+                    ("PY", "Paraguay"),
+                    ("PE", "Peru"),
+                    ("PH", "Philippines"),
+                    ("PN", "Pitcairn"),
+                    ("PL", "Poland"),
+                    ("PT", "Portugal"),
+                    ("PR", "Puerto Rico"),
+                    ("QA", "Qatar"),
+                    ("RE", "Réunion"),
+                    ("RO", "Romania"),
+                    ("RU", "Russian Federation"),
+                    ("RW", "Rwanda"),
+                    ("BL", "Saint Barthélemy"),
+                    ("SH", "Saint Helena, Ascension and Tristan da Cunha"),
+                    ("KN", "Saint Kitts and Nevis"),
+                    ("LC", "Saint Lucia"),
+                    ("MF", "Saint Martin (French part)"),
+                    ("PM", "Saint Pierre and Miquelon"),
+                    ("VC", "Saint Vincent and the Grenadines"),
+                    ("WS", "Samoa"),
+                    ("SM", "San Marino"),
+                    ("ST", "Sao Tome and Principe"),
+                    ("SA", "Saudi Arabia"),
+                    ("SN", "Senegal"),
+                    ("RS", "Serbia"),
+                    ("SC", "Seychelles"),
+                    ("SL", "Sierra Leone"),
+                    ("SG", "Singapore"),
+                    ("SX", "Sint Maarten (Dutch part)"),
+                    ("SK", "Slovakia"),
+                    ("SI", "Slovenia"),
+                    ("SB", "Solomon Islands"),
+                    ("SO", "Somalia"),
+                    ("ZA", "South Africa"),
+                    ("GS", "South Georgia and the South Sandwich Islands"),
+                    ("SS", "South Sudan"),
+                    ("ES", "Spain"),
+                    ("LK", "Sri Lanka"),
+                    ("SD", "Sudan"),
+                    ("SR", "Suriname"),
+                    ("SJ", "Svalbard and Jan Mayen"),
+                    ("SZ", "Swaziland"),
+                    ("SE", "Sweden"),
+                    ("CH", "Switzerland"),
+                    ("SY", "Syrian Arab Republic"),
+                    ("TW", "Taiwan, Province of China"),
+                    ("TJ", "Tajikistan"),
+                    ("TZ", "Tanzania, United Republic of"),
+                    ("TH", "Thailand"),
+                    ("TL", "Timor-Leste"),
+                    ("TG", "Togo"),
+                    ("TK", "Tokelau"),
+                    ("TO", "Tonga"),
+                    ("TT", "Trinidad and Tobago"),
+                    ("TN", "Tunisia"),
+                    ("TR", "Türkiye"),
+                    ("TM", "Turkmenistan"),
+                    ("TC", "Turks and Caicos Islands"),
+                    ("TV", "Tuvalu"),
+                    ("UG", "Uganda"),
+                    ("UA", "Ukraine"),
+                    ("AE", "United Arab Emirates"),
+                    ("GB", "United Kingdom"),
+                    ("US", "United States"),
+                    ("UM", "United States Minor Outlying Islands"),
+                    ("UY", "Uruguay"),
+                    ("UZ", "Uzbekistan"),
+                    ("VU", "Vanuatu"),
+                    ("VE", "Venezuela, Bolivarian Republic of"),
+                    ("VN", "Viet Nam"),
+                    ("VG", "Virgin Islands, British"),
+                    ("VI", "Virgin Islands, U.S."),
+                    ("WF", "Wallis and Futuna"),
+                    ("EH", "Western Sahara"),
+                    ("YE", "Yemen"),
+                    ("ZM", "Zambia"),
+                    ("ZW", "Zimbabwe"),
+                    ("x28", "Other Countries"),
+                ],
+                help_text="Country whose law governs this contract",
+                max_length=3,
+                verbose_name="Governing law country",
+            ),
+        ),
+        migrations.AddField(
+            model_name="contract",
+            name="is_intragroup",
+            field=models.BooleanField(
+                default=False,
+                help_text="Whether this is an intragroup contract",
+                verbose_name="Is intragroup",
+            ),
+        ),
+        migrations.AddField(
+            model_name="contract",
+            name="overarching_contract",
+            field=models.ForeignKey(
+                blank=True,
+                help_text="Parent/overarching contract if this is a subordinate arrangement",
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="subordinate_contracts",
+                to="tprm.contract",
+                verbose_name="Overarching contract",
+            ),
+        ),
+        migrations.AddField(
+            model_name="contract",
+            name="termination_reason",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("eba_CO:x4", "Termination not for cause: Expired and not renewed"),
+                    (
+                        "eba_CO:x5",
+                        "Termination for cause: Provider in breach of applicable law, regulations or contractual provisions",
+                    ),
+                    (
+                        "eba_CO:x6",
+                        "Termination for cause: Identified impediments of the provider capable of altering the supported function",
+                    ),
+                    (
+                        "eba_CO:x7",
+                        "Termination for cause: Provider's weaknesses regarding the management and security of sensitive data or information",
+                    ),
+                    (
+                        "eba_CO:x8",
+                        "Termination: As requested by the competent authority",
+                    ),
+                    ("eba_CO:x9", "Other reasons for termination"),
+                ],
+                help_text="Reason for contract termination",
+                max_length=20,
+                verbose_name="Termination reason",
+            ),
+        ),
+        migrations.AddField(
+            model_name="entity",
+            name="country",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("AF", "Afghanistan"),
+                    ("AX", "Åland Islands"),
+                    ("AL", "Albania"),
+                    ("DZ", "Algeria"),
+                    ("AS", "American Samoa"),
+                    ("AD", "Andorra"),
+                    ("AO", "Angola"),
+                    ("AI", "Anguilla"),
+                    ("AQ", "Antarctica"),
+                    ("AG", "Antigua and Barbuda"),
+                    ("AR", "Argentina"),
+                    ("AM", "Armenia"),
+                    ("AW", "Aruba"),
+                    ("AU", "Australia"),
+                    ("AT", "Austria"),
+                    ("AZ", "Azerbaijan"),
+                    ("BS", "Bahamas"),
+                    ("BH", "Bahrain"),
+                    ("BD", "Bangladesh"),
+                    ("BB", "Barbados"),
+                    ("BY", "Belarus"),
+                    ("BE", "Belgium"),
+                    ("BZ", "Belize"),
+                    ("BJ", "Benin"),
+                    ("BM", "Bermuda"),
+                    ("BT", "Bhutan"),
+                    ("BO", "Bolivia, Plurinational State of"),
+                    ("BQ", "Bonaire, Sint Eustatius and Saba"),
+                    ("BA", "Bosnia and Herzegovina"),
+                    ("BW", "Botswana"),
+                    ("BV", "Bouvet Island"),
+                    ("BR", "Brazil"),
+                    ("IO", "British Indian Ocean Territory"),
+                    ("BN", "Brunei Darussalam"),
+                    ("BG", "Bulgaria"),
+                    ("BF", "Burkina Faso"),
+                    ("BI", "Burundi"),
+                    ("KH", "Cambodia"),
+                    ("CM", "Cameroon"),
+                    ("CA", "Canada"),
+                    ("CV", "Cape Verde"),
+                    ("KY", "Cayman Islands"),
+                    ("CF", "Central African Republic"),
+                    ("TD", "Chad"),
+                    ("CL", "Chile"),
+                    ("CN", "China"),
+                    ("CX", "Christmas Island"),
+                    ("CC", "Cocos (Keeling) Islands"),
+                    ("CO", "Colombia"),
+                    ("KM", "Comoros"),
+                    ("CG", "Congo"),
+                    ("CD", "Congo, The Democratic Republic of the"),
+                    ("CK", "Cook Islands"),
+                    ("CR", "Costa Rica"),
+                    ("CI", "Côte d'Ivoire"),
+                    ("HR", "Croatia"),
+                    ("CU", "Cuba"),
+                    ("CW", "Curaçao"),
+                    ("CY", "Cyprus"),
+                    ("CZ", "Czech Republic"),
+                    ("DK", "Denmark"),
+                    ("DJ", "Djibouti"),
+                    ("DM", "Dominica"),
+                    ("DO", "Dominican Republic"),
+                    ("EC", "Ecuador"),
+                    ("EG", "Egypt"),
+                    ("SV", "El Salvador"),
+                    ("GQ", "Equatorial Guinea"),
+                    ("ER", "Eritrea"),
+                    ("EE", "Estonia"),
+                    ("ET", "Ethiopia"),
+                    ("FK", "Falkland Islands (Malvinas)"),
+                    ("FO", "Faroe Islands"),
+                    ("FJ", "Fiji"),
+                    ("FI", "Finland"),
+                    ("FR", "France"),
+                    ("GF", "French Guiana"),
+                    ("PF", "French Polynesia"),
+                    ("TF", "French Southern Territories"),
+                    ("GA", "Gabon"),
+                    ("GM", "Gambia"),
+                    ("GE", "Georgia"),
+                    ("DE", "Germany"),
+                    ("GH", "Ghana"),
+                    ("GI", "Gibraltar"),
+                    ("GR", "Greece"),
+                    ("GL", "Greenland"),
+                    ("GD", "Grenada"),
+                    ("GP", "Guadeloupe"),
+                    ("GU", "Guam"),
+                    ("GT", "Guatemala"),
+                    ("GG", "Guernsey"),
+                    ("GN", "Guinea"),
+                    ("GW", "Guinea-Bissau"),
+                    ("GY", "Guyana"),
+                    ("HT", "Haiti"),
+                    ("HM", "Heard Island and McDonald Islands"),
+                    ("VA", "Holy See (Vatican City State)"),
+                    ("HN", "Honduras"),
+                    ("HK", "Hong Kong"),
+                    ("HU", "Hungary"),
+                    ("IS", "Iceland"),
+                    ("IN", "India"),
+                    ("ID", "Indonesia"),
+                    ("IR", "Iran, Islamic Republic of"),
+                    ("IQ", "Iraq"),
+                    ("IE", "Ireland"),
+                    ("IM", "Isle of Man"),
+                    ("IL", "Israel"),
+                    ("IT", "Italy"),
+                    ("JM", "Jamaica"),
+                    ("JP", "Japan"),
+                    ("JE", "Jersey"),
+                    ("JO", "Jordan"),
+                    ("KZ", "Kazakhstan"),
+                    ("KE", "Kenya"),
+                    ("KI", "Kiribati"),
+                    ("KP", "Korea, Democratic People's Republic of"),
+                    ("KR", "Korea, Republic of"),
+                    ("XK", "Kosovo"),
+                    ("KW", "Kuwait"),
+                    ("KG", "Kyrgyzstan"),
+                    ("LA", "Lao People's Democratic Republic"),
+                    ("LV", "Latvia"),
+                    ("LB", "Lebanon"),
+                    ("LS", "Lesotho"),
+                    ("LR", "Liberia"),
+                    ("LY", "Libya"),
+                    ("LI", "Liechtenstein"),
+                    ("LT", "Lithuania"),
+                    ("LU", "Luxembourg"),
+                    ("MO", "Macao"),
+                    ("MK", "North Macedonia"),
+                    ("MG", "Madagascar"),
+                    ("MW", "Malawi"),
+                    ("MY", "Malaysia"),
+                    ("MV", "Maldives"),
+                    ("ML", "Mali"),
+                    ("MT", "Malta"),
+                    ("MH", "Marshall Islands"),
+                    ("MQ", "Martinique"),
+                    ("MR", "Mauritania"),
+                    ("MU", "Mauritius"),
+                    ("YT", "Mayotte"),
+                    ("MX", "Mexico"),
+                    ("FM", "Micronesia, Federated States of"),
+                    ("MD", "Moldova, Republic of"),
+                    ("MC", "Monaco"),
+                    ("MN", "Mongolia"),
+                    ("ME", "Montenegro"),
+                    ("MS", "Montserrat"),
+                    ("MA", "Morocco"),
+                    ("MZ", "Mozambique"),
+                    ("MM", "Myanmar"),
+                    ("NA", "Namibia"),
+                    ("NR", "Nauru"),
+                    ("NP", "Nepal"),
+                    ("NL", "Netherlands"),
+                    ("NC", "New Caledonia"),
+                    ("NZ", "New Zealand"),
+                    ("NI", "Nicaragua"),
+                    ("NE", "Niger"),
+                    ("NG", "Nigeria"),
+                    ("NU", "Niue"),
+                    ("NF", "Norfolk Island"),
+                    ("MP", "Northern Mariana Islands"),
+                    ("NO", "Norway"),
+                    ("OM", "Oman"),
+                    ("PK", "Pakistan"),
+                    ("PW", "Palau"),
+                    ("PS", "Palestinian Territory, Occupied"),
+                    ("PA", "Panama"),
+                    ("PG", "Papua New Guinea"),
+                    ("PY", "Paraguay"),
+                    ("PE", "Peru"),
+                    ("PH", "Philippines"),
+                    ("PN", "Pitcairn"),
+                    ("PL", "Poland"),
+                    ("PT", "Portugal"),
+                    ("PR", "Puerto Rico"),
+                    ("QA", "Qatar"),
+                    ("RE", "Réunion"),
+                    ("RO", "Romania"),
+                    ("RU", "Russian Federation"),
+                    ("RW", "Rwanda"),
+                    ("BL", "Saint Barthélemy"),
+                    ("SH", "Saint Helena, Ascension and Tristan da Cunha"),
+                    ("KN", "Saint Kitts and Nevis"),
+                    ("LC", "Saint Lucia"),
+                    ("MF", "Saint Martin (French part)"),
+                    ("PM", "Saint Pierre and Miquelon"),
+                    ("VC", "Saint Vincent and the Grenadines"),
+                    ("WS", "Samoa"),
+                    ("SM", "San Marino"),
+                    ("ST", "Sao Tome and Principe"),
+                    ("SA", "Saudi Arabia"),
+                    ("SN", "Senegal"),
+                    ("RS", "Serbia"),
+                    ("SC", "Seychelles"),
+                    ("SL", "Sierra Leone"),
+                    ("SG", "Singapore"),
+                    ("SX", "Sint Maarten (Dutch part)"),
+                    ("SK", "Slovakia"),
+                    ("SI", "Slovenia"),
+                    ("SB", "Solomon Islands"),
+                    ("SO", "Somalia"),
+                    ("ZA", "South Africa"),
+                    ("GS", "South Georgia and the South Sandwich Islands"),
+                    ("SS", "South Sudan"),
+                    ("ES", "Spain"),
+                    ("LK", "Sri Lanka"),
+                    ("SD", "Sudan"),
+                    ("SR", "Suriname"),
+                    ("SJ", "Svalbard and Jan Mayen"),
+                    ("SZ", "Swaziland"),
+                    ("SE", "Sweden"),
+                    ("CH", "Switzerland"),
+                    ("SY", "Syrian Arab Republic"),
+                    ("TW", "Taiwan, Province of China"),
+                    ("TJ", "Tajikistan"),
+                    ("TZ", "Tanzania, United Republic of"),
+                    ("TH", "Thailand"),
+                    ("TL", "Timor-Leste"),
+                    ("TG", "Togo"),
+                    ("TK", "Tokelau"),
+                    ("TO", "Tonga"),
+                    ("TT", "Trinidad and Tobago"),
+                    ("TN", "Tunisia"),
+                    ("TR", "Türkiye"),
+                    ("TM", "Turkmenistan"),
+                    ("TC", "Turks and Caicos Islands"),
+                    ("TV", "Tuvalu"),
+                    ("UG", "Uganda"),
+                    ("UA", "Ukraine"),
+                    ("AE", "United Arab Emirates"),
+                    ("GB", "United Kingdom"),
+                    ("US", "United States"),
+                    ("UM", "United States Minor Outlying Islands"),
+                    ("UY", "Uruguay"),
+                    ("UZ", "Uzbekistan"),
+                    ("VU", "Vanuatu"),
+                    ("VE", "Venezuela, Bolivarian Republic of"),
+                    ("VN", "Viet Nam"),
+                    ("VG", "Virgin Islands, British"),
+                    ("VI", "Virgin Islands, U.S."),
+                    ("WF", "Wallis and Futuna"),
+                    ("EH", "Western Sahara"),
+                    ("YE", "Yemen"),
+                    ("ZM", "Zambia"),
+                    ("ZW", "Zimbabwe"),
+                    ("x28", "Other Countries"),
+                ],
+                help_text="Country where the entity is located",
+                max_length=3,
+                verbose_name="Country",
+            ),
+        ),
+        migrations.AddField(
+            model_name="entity",
+            name="currency",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("AED", "UAE Dirham"),
+                    ("AFN", "Afghani"),
+                    ("ALL", "Lek"),
+                    ("AMD", "Armenian Dram"),
+                    ("ANG", "Netherlands Antillean Guilder"),
+                    ("AOA", "Kwanza"),
+                    ("ARS", "Argentine Peso"),
+                    ("AUD", "Australian Dollar"),
+                    ("AWG", "Aruban Florin"),
+                    ("AZN", "Azerbaijanian Manat"),
+                    ("BAM", "Convertible Mark"),
+                    ("BBD", "Barbados Dollar"),
+                    ("BDT", "Taka"),
+                    ("BGN", "Bulgarian Lev"),
+                    ("BHD", "Bahraini Dinar"),
+                    ("BIF", "Burundi Franc"),
+                    ("BMD", "Bermudian Dollar"),
+                    ("BND", "Brunei Dollar"),
+                    ("BOB", "Boliviano"),
+                    ("BOV", "Mvdol"),
+                    ("BRL", "Brazilian Real"),
+                    ("BSD", "Bahamian Dollar"),
+                    ("BTN", "Ngultrum"),
+                    ("BWP", "Pula"),
+                    ("BYR", "Belarussian Ruble (2000 Series)"),
+                    ("BYN", "Belarusian Ruble"),
+                    ("BZD", "Belize Dollar"),
+                    ("CAD", "Canadian Dollar"),
+                    ("CDF", "Congolese Franc"),
+                    ("CHE", "WIR Euro"),
+                    ("CHF", "Swiss Franc"),
+                    ("CHW", "WIR Franc"),
+                    ("CLF", "Unidades de fomento"),
+                    ("CLP", "Chilean Peso"),
+                    ("CNY", "Yuan Renminbi"),
+                    ("COP", "Colombian Peso"),
+                    ("COU", "Unidad de Valor Real"),
+                    ("CRC", "Costa Rican Colon"),
+                    ("CUC", "Peso Convertible"),
+                    ("CUP", "Cuban Peso"),
+                    ("CVE", "Cape Verde Escudo"),
+                    ("CZK", "Czech Koruna"),
+                    ("DJF", "Djibouti Franc"),
+                    ("DKK", "Danish Krone"),
+                    ("DOP", "Dominican Peso"),
+                    ("DZD", "Algerian Dinar"),
+                    ("EGP", "Egyptian Pound"),
+                    ("ERN", "Nakfa"),
+                    ("ETB", "Ethiopian Birr"),
+                    ("EUR", "Euro"),
+                    ("FJD", "Fiji Dollar"),
+                    ("FKP", "Falkland Islands Pound"),
+                    ("GBP", "Pound Sterling"),
+                    ("GEL", "Lari"),
+                    ("GHS", "Ghana Cedi"),
+                    ("GIP", "Gibraltar Pound"),
+                    ("GMD", "Dalasi"),
+                    ("GNF", "Guinea Franc"),
+                    ("GTQ", "Quetzal"),
+                    ("GYD", "Guyana Dollar"),
+                    ("HKD", "Hong Kong Dollar"),
+                    ("HNL", "Lempira"),
+                    ("HTG", "Gourde"),
+                    ("HUF", "Forint"),
+                    ("IDR", "Rupiah"),
+                    ("ILS", "New Israeli Sheqel"),
+                    ("INR", "Indian Rupee"),
+                    ("IQD", "Iraqi Dinar"),
+                    ("IRR", "Iranian Rial"),
+                    ("ISK", "Iceland Krona"),
+                    ("JMD", "Jamaican Dollar"),
+                    ("JOD", "Jordanian Dinar"),
+                    ("JPY", "Yen"),
+                    ("KES", "Kenyan Shilling"),
+                    ("KGS", "Som"),
+                    ("KHR", "Riel"),
+                    ("KMF", "Comoro Franc"),
+                    ("KPW", "North Korean Won"),
+                    ("KRW", "Won"),
+                    ("KWD", "Kuwaiti Dinar"),
+                    ("KYD", "Cayman Islands Dollar"),
+                    ("KZT", "Tenge"),
+                    ("LAK", "Kip"),
+                    ("LBP", "Lebanese Pound"),
+                    ("LKR", "Sri Lanka Rupee"),
+                    ("LRD", "Liberian Dollar"),
+                    ("LSL", "Loti"),
+                    ("LTL", "Lithuanian Litas"),
+                    ("LVL", "Latvian Lats"),
+                    ("LYD", "Libyan Dinar"),
+                    ("MAD", "Moroccan Dirham"),
+                    ("MDL", "Moldovan Leu"),
+                    ("MGA", "Malagasy Ariary"),
+                    ("MKD", "Denar"),
+                    ("MMK", "Kyat"),
+                    ("MNT", "Tugrik"),
+                    ("MOP", "Pataca"),
+                    ("MRO", "Ouguiya"),
+                    ("MUR", "Mauritius Rupee"),
+                    ("MVR", "Rufiyaa"),
+                    ("MWK", "Kwacha"),
+                    ("MXN", "Mexican Peso"),
+                    ("MYR", "Malaysian Ringgit"),
+                    ("MZN", "Mozambique Metical"),
+                    ("NAD", "Namibia Dollar"),
+                    ("NGN", "Naira"),
+                    ("NIO", "Cordoba Oro"),
+                    ("NOK", "Norwegian Krone"),
+                    ("NPR", "Nepalese Rupee"),
+                    ("NZD", "New Zealand Dollar"),
+                    ("OMR", "Rial Omani"),
+                    ("PAB", "Balboa"),
+                    ("PEN", "Nuevo Sol"),
+                    ("PGK", "Kina"),
+                    ("PHP", "Philippine Peso"),
+                    ("PKR", "Pakistan Rupee"),
+                    ("PLN", "Zloty"),
+                    ("PYG", "Guarani"),
+                    ("QAR", "Qatari Rial"),
+                    ("RON", "New Romanian Leu"),
+                    ("RSD", "Serbian Dinar"),
+                    ("RUB", "Russian Ruble"),
+                    ("RWF", "Rwanda Franc"),
+                    ("SAR", "Saudi Riyal"),
+                    ("SBD", "Solomon Islands Dollar"),
+                    ("SCR", "Seychelles Rupee"),
+                    ("SDG", "Sudanese Pound"),
+                    ("SEK", "Swedish Krona"),
+                    ("SGD", "Singapore Dollar"),
+                    ("SHP", "Saint Helena Pound"),
+                    ("SLL", "Leone"),
+                    ("SOS", "Somali Shilling"),
+                    ("SRD", "Surinam Dollar"),
+                    ("SSP", "South Sudanese Pound"),
+                    ("STD", "Dobra"),
+                    ("SVC", "El Salvador Colon"),
+                    ("SYP", "Syrian Pound"),
+                    ("SZL", "Lilangeni"),
+                    ("THB", "Baht"),
+                    ("TJS", "Somoni"),
+                    ("TMT", "Turkmenistan New Manat"),
+                    ("TND", "Tunisian Dinar"),
+                    ("TOP", "Pa'anga"),
+                    ("TRY", "Turkish Lira"),
+                    ("TTD", "Trinidad and Tobago Dollar"),
+                    ("TWD", "New Taiwan Dollar"),
+                    ("TZS", "Tanzanian Shilling"),
+                    ("UAH", "Hryvnia"),
+                    ("UGX", "Uganda Shilling"),
+                    ("USD", "US Dollar"),
+                    ("UYI", "Uruguay Peso en Unidades Indexadas (URUIURUI)"),
+                    ("UYU", "Peso Uruguayo"),
+                    ("UZS", "Uzbekistan Sum"),
+                    ("VEF", "Bolivar"),
+                    ("VND", "Dong"),
+                    ("VUV", "Vatu"),
+                    ("WST", "Tala"),
+                    ("XCD", "East Caribbean Dollar"),
+                    ("YER", "Yemeni Rial"),
+                    ("ZAR", "Rand"),
+                    ("ZMK", "Zambian Kwacha (replaced January 1, 2013)"),
+                    ("ZMW", "Zambian Kwacha"),
+                    ("ZWL", "Zimbabwe Dollar"),
+                    ("x46", "Other Currency (open axis tables)"),
+                    ("XPF", "CFP Franc"),
+                    ("CNH", "Off-shore Yuan Renminbi"),
+                ],
+                help_text="Default currency for the entity",
+                max_length=3,
+                verbose_name="Currency",
+            ),
+        ),
+        migrations.AddField(
+            model_name="entity",
+            name="dora_assets_value",
+            field=models.FloatField(
+                blank=True,
+                help_text="Total assets value for DORA reporting",
+                null=True,
+                verbose_name="DORA assets value",
+            ),
+        ),
+        migrations.AddField(
+            model_name="entity",
+            name="dora_competent_authority",
+            field=models.CharField(
+                blank=True,
+                help_text="Competent authority overseeing this entity for DORA compliance",
+                max_length=255,
+                verbose_name="DORA competent authority",
+            ),
+        ),
+        migrations.AddField(
+            model_name="entity",
+            name="dora_entity_hierarchy",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("eba_RP:x53", "Ultimate parent"),
+                    ("eba_RP:x551", "Parent other than ultimate parent"),
+                    ("eba_RP:x56", "Subsidiary"),
+                    ("eba_RP:x21", "Entities other than entities of the group"),
+                    ("eba_RP:x210", "Outsourcing"),
+                ],
+                help_text="DORA entity hierarchy classification",
+                max_length=20,
+                verbose_name="DORA entity hierarchy",
+            ),
+        ),
+        migrations.AddField(
+            model_name="entity",
+            name="dora_entity_type",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("eba_CT:x12", "Credit institutions"),
+                    ("eba_CT:x599", "Investment firms"),
+                    ("eba_CT:x643", "Central counterparties (CCPs)"),
+                    ("eba_CT:x639", "Asset management companies"),
+                    ("eba_CT:x301", "Account information service providers"),
+                    ("eba_CT:x302", "Electronic money institutions"),
+                    ("eba_CT:x303", "Crypto-asset service providers"),
+                    ("eba_CT:x304", "Central security depository"),
+                    ("eba_CT:x305", "Trading venues"),
+                    ("eba_CT:x306", "Trade repositories"),
+                    ("eba_CT:x300", "Payment institution"),
+                    ("eba_CT:x316", "Other financial entity"),
+                    ("eba_CT:x315", "Securitisation repository"),
+                    ("eba_CT:x314", "Crowdfunding service providers"),
+                    ("eba_CT:x313", "Administrator of critical benchmarks"),
+                    ("eba_CT:x312", "Credit rating agency"),
+                    (
+                        "eba_CT:x311",
+                        "Institutions for occupational retirement provision",
+                    ),
+                    (
+                        "eba_CT:x320",
+                        "Insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries",
+                    ),
+                    ("eba_CT:x309", "Insurance and reinsurance undertakings"),
+                    ("eba_CT:x308", "Data reporting service providers"),
+                    ("eba_CT:x307", "Managers of alternative investment funds"),
+                    (
+                        "eba_CT:x318",
+                        "Non-financial entity: Other than ICT intra-group service provider",
+                    ),
+                    (
+                        "eba_CT:x317",
+                        "Non-financial entity: ICT intra-group service provider",
+                    ),
+                    ("eba_CT:x310", "Issuers of asset-referenced tokens"),
+                ],
+                help_text="DORA entity type classification",
+                max_length=20,
+                verbose_name="DORA entity type",
+            ),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="dora_ict_service_type",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("eba_TA:S01", "ICT project management"),
+                    ("eba_TA:S02", "ICT Development"),
+                    ("eba_TA:S03", "ICT help desk and first level support"),
+                    ("eba_TA:S04", "ICT security management services"),
+                    ("eba_TA:S05", "Provision of data"),
+                    ("eba_TA:S06", "Data analysis"),
+                    (
+                        "eba_TA:S07",
+                        "ICT, facilities and hosting services (excluding Cloud services)",
+                    ),
+                    ("eba_TA:S08", "Computation"),
+                    ("eba_TA:S09", "Non-Cloud Data storage"),
+                    ("eba_TA:S10", "Telecom carrier"),
+                    ("eba_TA:S11", "Network infrastructure"),
+                    ("eba_TA:S12", "Hardware and physical devices"),
+                    ("eba_TA:S13", "Software licencing (excluding SaaS)"),
+                    ("eba_TA:S14", "ICT operation management (including maintenance)"),
+                    ("eba_TA:S15", "ICT Consulting"),
+                    ("eba_TA:S16", "ICT Risk management"),
+                    ("eba_TA:S17", "Cloud services: IaaS"),
+                    ("eba_TA:S18", "Cloud services: PaaS"),
+                    ("eba_TA:S19", "Cloud services: SaaS"),
+                ],
+                help_text="DORA ICT service type classification",
+                max_length=20,
+                verbose_name="DORA ICT service type",
+            ),
+        ),
+    ]
diff --git a/backend/tprm/models.py b/backend/tprm/models.py
index b63f8a960b..aac29e7bbb 100644
--- a/backend/tprm/models.py
+++ b/backend/tprm/models.py
@@ -9,6 +9,14 @@
     Terminology,
     FilteringLabelMixin,
 )
+from core.constants import COUNTRY_CHOICES, CURRENCY_CHOICES
+from core.dora import (
+    DORA_ENTITY_TYPE_CHOICES,
+    DORA_ENTITY_HIERARCHY_CHOICES,
+    DORA_CONTRACTUAL_ARRANGEMENT_CHOICES,
+    TERMINATION_REASON_CHOICES,
+    DORA_ICT_SERVICE_CHOICES,
+)
 from iam.models import Folder, FolderMixin, PublishInRootFolderMixin
 from iam.views import User
 
@@ -46,6 +54,46 @@ class Entity(NameDescriptionMixin, FolderMixin, PublishInRootFolderMixin):
         verbose_name=_("Legal identifiers"),
         help_text=_("Legal identifiers (LEI, EUID, VAT, DUNS, etc.)"),
     )
+    country = models.CharField(
+        max_length=3,
+        choices=COUNTRY_CHOICES,
+        blank=True,
+        verbose_name=_("Country"),
+        help_text=_("Country where the entity is located"),
+    )
+    currency = models.CharField(
+        max_length=3,
+        choices=CURRENCY_CHOICES,
+        blank=True,
+        verbose_name=_("Currency"),
+        help_text=_("Default currency for the entity"),
+    )
+    dora_entity_type = models.CharField(
+        max_length=20,
+        choices=DORA_ENTITY_TYPE_CHOICES,
+        blank=True,
+        verbose_name=_("DORA entity type"),
+        help_text=_("DORA entity type classification"),
+    )
+    dora_entity_hierarchy = models.CharField(
+        max_length=20,
+        choices=DORA_ENTITY_HIERARCHY_CHOICES,
+        blank=True,
+        verbose_name=_("DORA entity hierarchy"),
+        help_text=_("DORA entity hierarchy classification"),
+    )
+    dora_assets_value = models.FloatField(
+        blank=True,
+        null=True,
+        verbose_name=_("DORA assets value"),
+        help_text=_("Total assets value for DORA reporting"),
+    )
+    dora_competent_authority = models.CharField(
+        max_length=255,
+        blank=True,
+        verbose_name=_("DORA competent authority"),
+        help_text=_("Competent authority overseeing this entity for DORA compliance"),
+    )
 
     fields_to_check = ["name"]
 
@@ -162,6 +210,13 @@ class Solution(NameDescriptionMixin):
         help_text=_("Assets related to the solution"),
         related_name="solutions",
     )
+    dora_ict_service_type = models.CharField(
+        max_length=20,
+        choices=DORA_ICT_SERVICE_CHOICES,
+        blank=True,
+        verbose_name=_("DORA ICT service type"),
+        help_text=_("DORA ICT service type classification"),
+    )
 
     fields_to_check = ["name"]
 
@@ -230,6 +285,54 @@ class Status(models.TextChoices):
         verbose_name=_("Reference ID"),
         help_text=_("Contract reference number or identifier"),
     )
+    dora_contractual_arrangement = models.CharField(
+        max_length=20,
+        choices=DORA_CONTRACTUAL_ARRANGEMENT_CHOICES,
+        blank=True,
+        verbose_name=_("DORA contractual arrangement"),
+        help_text=_("DORA contractual arrangement type"),
+    )
+    currency = models.CharField(
+        max_length=3,
+        choices=CURRENCY_CHOICES,
+        blank=True,
+        verbose_name=_("Currency"),
+        help_text=_("Currency for contract expenses"),
+    )
+    annual_expense = models.FloatField(
+        blank=True,
+        null=True,
+        verbose_name=_("Annual expense"),
+        help_text=_("Annual expense amount for this contract"),
+    )
+    termination_reason = models.CharField(
+        max_length=20,
+        choices=TERMINATION_REASON_CHOICES,
+        blank=True,
+        verbose_name=_("Termination reason"),
+        help_text=_("Reason for contract termination"),
+    )
+    is_intragroup = models.BooleanField(
+        default=False,
+        verbose_name=_("Is intragroup"),
+        help_text=_("Whether this is an intragroup contract"),
+    )
+    overarching_contract = models.ForeignKey(
+        "self",
+        on_delete=models.SET_NULL,
+        null=True,
+        blank=True,
+        related_name="subordinate_contracts",
+        verbose_name=_("Overarching contract"),
+        help_text=_("Parent/overarching contract if this is a subordinate arrangement"),
+    )
+    governing_law_country = models.CharField(
+        max_length=3,
+        choices=COUNTRY_CHOICES,
+        blank=True,
+        verbose_name=_("Governing law country"),
+        help_text=_("Country whose law governs this contract"),
+    )
 
     fields_to_check = ["name"]
 
diff --git a/backend/tprm/serializers.py b/backend/tprm/serializers.py
index 4cbd3f4450..2c8d48f3e7 100644
--- a/backend/tprm/serializers.py
+++ b/backend/tprm/serializers.py
@@ -57,6 +57,12 @@ class Meta:
             "mission",
             "reference_link",
             "owned_folders",
+            "country",
+            "currency",
+            "dora_entity_type",
+            "dora_entity_hierarchy",
+            "dora_assets_value",
+            "dora_competent_authority",
             "created_at",
             "updated_at",
         ]
@@ -296,6 +302,7 @@ class ContractReadSerializer(BaseModelSerializer):
     entities = FieldsRelatedField(many=True)
     evidences = FieldsRelatedField(many=True)
     solutions = FieldsRelatedField(many=True)
+    overarching_contract = FieldsRelatedField()
 
     class Meta:
         model = Contract
diff --git a/backend/tprm/views.py b/backend/tprm/views.py
index 81c6c168ce..2037473666 100644
--- a/backend/tprm/views.py
+++ b/backend/tprm/views.py
@@ -11,6 +11,15 @@
 from django.utils.formats import date_format
 from django.http import HttpResponse
 
+from core.constants import COUNTRY_CHOICES, CURRENCY_CHOICES
+from core.dora import (
+    DORA_ENTITY_TYPE_CHOICES,
+    DORA_ENTITY_HIERARCHY_CHOICES,
+    DORA_CONTRACTUAL_ARRANGEMENT_CHOICES,
+    TERMINATION_REASON_CHOICES,
+    DORA_ICT_SERVICE_CHOICES,
+)
+
 import csv
 import io
 import zipfile
@@ -36,6 +45,11 @@ class EntityViewSet(BaseModelViewSet):
         "relationship",
         "relationship__name",
         "contracts",
+        "country",
+        "currency",
+        "dora_entity_type",
+        "dora_entity_hierarchy",
+        "dora_competent_authority",
     ]
 
     @action(detail=False, methods=["get"], name="Generate DORA ROI")
@@ -64,6 +78,12 @@ def generate_dora_roi(self, request):
                 "Reference Link",
                 "Relationship Types",
                 "Legal Identifiers",
+                "Country",
+                "Currency",
+                "DORA Entity Type",
+                "DORA Entity Hierarchy",
+                "DORA Assets Value",
+                "DORA Competent Authority",
                 "Folder",
                 "Created At",
                 "Updated At",
@@ -93,6 +113,18 @@ def generate_dora_roi(self, request):
                     entity.reference_link or "",
                     relationships,
                     legal_ids,
+                    entity.country or "",
+                    entity.currency or "",
+                    entity.get_dora_entity_type_display()
+                    if entity.dora_entity_type
+                    else "",
+                    entity.get_dora_entity_hierarchy_display()
+                    if entity.dora_entity_hierarchy
+                    else "",
+                    entity.dora_assets_value
+                    if entity.dora_assets_value is not None
+                    else "",
+                    entity.dora_competent_authority or "",
                     entity.folder.name if entity.folder else "",
                     entity.created_at.strftime("%Y-%m-%d %H:%M:%S"),
                     entity.updated_at.strftime("%Y-%m-%d %H:%M:%S"),
@@ -117,6 +149,22 @@ def generate_dora_roi(self, request):
 
         return response
 
+    @action(detail=False, name="Get country choices")
+    def country(self, request):
+        return Response(dict(COUNTRY_CHOICES))
+
+    @action(detail=False, name="Get currency choices")
+    def currency(self, request):
+        return Response(dict(CURRENCY_CHOICES))
+
+    @action(detail=False, name="Get DORA entity type choices")
+    def dora_entity_type(self, request):
+        return Response(dict(DORA_ENTITY_TYPE_CHOICES))
+
+    @action(detail=False, name="Get DORA entity hierarchy choices")
+    def dora_entity_hierarchy(self, request):
+        return Response(dict(DORA_ENTITY_HIERARCHY_CHOICES))
+
 
 class EntityAssessmentViewSet(BaseModelViewSet):
     """
@@ -235,7 +283,14 @@ class SolutionViewSet(BaseModelViewSet):
     """
 
     model = Solution
-    filterset_fields = ["name", "provider_entity", "assets", "criticality", "contracts"]
+    filterset_fields = [
+        "name",
+        "provider_entity",
+        "assets",
+        "criticality",
+        "contracts",
+        "dora_ict_service_type",
+    ]
 
     def perform_create(self, serializer):
         serializer.save()
@@ -243,6 +298,10 @@ def perform_create(self, serializer):
         solution.recipient_entity = Entity.objects.get(builtin=True)
         solution.save()
 
+    @action(detail=False, name="Get DORA ICT service type choices")
+    def dora_ict_service_type(self, request):
+        return Response(dict(DORA_ICT_SERVICE_CHOICES))
+
 
 class ContractViewSet(BaseModelViewSet):
     """
@@ -250,8 +309,36 @@ class ContractViewSet(BaseModelViewSet):
     """
 
     model = Contract
-    filterset_fields = ["name", "folder", "entities", "status", "owner"]
+    filterset_fields = [
+        "name",
+        "folder",
+        "entities",
+        "status",
+        "owner",
+        "dora_contractual_arrangement",
+        "currency",
+        "termination_reason",
+        "is_intragroup",
+        "overarching_contract",
+        "governing_law_country",
+    ]
 
     @action(detail=False, name="Get status choices")
     def status(self, request):
         return Response(dict(Contract.Status.choices))
+
+    @action(detail=False, name="Get currency choices")
+    def currency(self, request):
+        return Response(dict(CURRENCY_CHOICES))
+
+    @action(detail=False, name="Get DORA contractual arrangement choices")
+    def dora_contractual_arrangement(self, request):
+        return Response(dict(DORA_CONTRACTUAL_ARRANGEMENT_CHOICES))
+
+    @action(detail=False, name="Get termination reason choices")
+    def termination_reason(self, request):
+        return Response(dict(TERMINATION_REASON_CHOICES))
+
+    @action(detail=False, name="Get governing law country choices")
+    def governing_law_country(self, request):
+        return Response(dict(COUNTRY_CHOICES))
diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index b0ef9786c2..317cfd3c84 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -2623,5 +2623,18 @@
 	"runningMonteCarloSimulations": "Running Monte Carlo simulations for quantitative risk analysis. This may take a moment...",
 	"probabilityRequirements": "All values must be provided and between 0 and 100 (e.g., 5, 20, 50, 90). Values must increase from top to bottom.",
 	"impactRequirements": "All values must be provided and greater than 0. Values must increase from top to bottom (e.g., Minor: 5,000 → Major: 50,000 → Critical: 500,000).",
-	"reports": "Reports"
+	"reports": "Reports",
+	"doraSpecific": "DORA specific",
+	"doraEntityType": "Entity Type",
+	"doraEntityHierarchy": "Entity Hierarchy",
+	"doraAssetsValue": "Value of total assets",
+	"doraCompetentAuthority": "Competent Authority",
+	"doraContractualArrangement": "Contract type",
+	"doraIctServiceType": "ICT Service Type",
+	"overarchingContract": "Overarching Contract",
+	"overarchingContractHelpText": "Only contracts with 'Overarching arrangement' type are shown. If the list is empty, create an overarching contract first.",
+	"annualExpense": "Annual Expense",
+	"terminationReason": "Termination Reason",
+	"governingLawCountry": "Governing Law Country",
+	"isIntragroup": "Is Intra-group"
 }
diff --git a/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte b/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
index 11695e6ccc..a939af782e 100644
--- a/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
@@ -1,7 +1,10 @@
 <script lang="ts">
 	import AutocompleteSelect from '../AutocompleteSelect.svelte';
 	import TextField from '$lib/components/Forms/TextField.svelte';
+	import NumberField from '$lib/components/Forms/NumberField.svelte';
 	import Select from '../Select.svelte';
+	import Checkbox from '$lib/components/Forms/Checkbox.svelte';
+	import Dropdown from '$lib/components/Dropdown/Dropdown.svelte';
 	import type { SuperValidated } from 'sveltekit-superforms';
 	import type { ModelInfo, CacheLock } from '$lib/utils/types';
 	import { m } from '$paraglide/messages';
@@ -100,7 +103,7 @@
 	field="evidences"
 	cacheLock={cacheLocks['evidences']}
 	bind:cachedValue={formDataCache['evidences']}
-	label={m.evidences()}
+	label={m.documents()}
 />
 <AutocompleteSelect
 	{form}
@@ -111,3 +114,66 @@
 	bind:cachedValue={formDataCache['filtering_labels']}
 	label={m.filteringLabels()}
 />
+
+<Dropdown
+	open={false}
+	style="hover:text-primary-700"
+	icon="fa-solid fa-ellipsis"
+	header={m.more()}
+>
+	<AutocompleteSelect
+		{form}
+		field="dora_contractual_arrangement"
+		options={model.selectOptions?.dora_contractual_arrangement}
+		label={m.doraContractualArrangement()}
+		cacheLock={cacheLocks['dora_contractual_arrangement']}
+		bind:cachedValue={formDataCache['dora_contractual_arrangement']}
+	/>
+	<AutocompleteSelect
+		{form}
+		field="overarching_contract"
+		optionsEndpoint="contracts?dora_contractual_arrangement=eba_CO:x2"
+		label={m.overarchingContract()}
+		helpText={m.overarchingContractHelpText()}
+		cacheLock={cacheLocks['overarching_contract']}
+		bind:cachedValue={formDataCache['overarching_contract']}
+	/>
+	<AutocompleteSelect
+		{form}
+		field="currency"
+		options={model.selectOptions?.currency}
+		label={m.currency()}
+		cacheLock={cacheLocks['currency']}
+		bind:cachedValue={formDataCache['currency']}
+	/>
+	<NumberField
+		{form}
+		field="annual_expense"
+		label={m.annualExpense()}
+		cacheLock={cacheLocks['annual_expense']}
+		bind:cachedValue={formDataCache['annual_expense']}
+	/>
+	<AutocompleteSelect
+		{form}
+		field="termination_reason"
+		options={model.selectOptions?.termination_reason}
+		label={m.terminationReason()}
+		cacheLock={cacheLocks['termination_reason']}
+		bind:cachedValue={formDataCache['termination_reason']}
+	/>
+	<AutocompleteSelect
+		{form}
+		field="governing_law_country"
+		options={model.selectOptions?.governing_law_country}
+		label={m.governingLawCountry()}
+		cacheLock={cacheLocks['governing_law_country']}
+		bind:cachedValue={formDataCache['governing_law_country']}
+	/>
+	<Checkbox
+		{form}
+		field="is_intragroup"
+		label={m.isIntragroup()}
+		cacheLock={cacheLocks['is_intragroup']}
+		bind:cachedValue={formDataCache['is_intragroup']}
+	/>
+</Dropdown>
diff --git a/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte b/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
index 44e41e1016..34b67232e1 100644
--- a/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
@@ -2,7 +2,9 @@
 	import AutocompleteSelect from '../AutocompleteSelect.svelte';
 	import TextArea from '$lib/components/Forms/TextArea.svelte';
 	import TextField from '$lib/components/Forms/TextField.svelte';
+	import NumberField from '$lib/components/Forms/NumberField.svelte';
 	import LegalIdentifierField from '../LegalIdentifierField.svelte';
+	import Dropdown from '$lib/components/Dropdown/Dropdown.svelte';
 	import type { SuperValidated } from 'sveltekit-superforms';
 	import type { ModelInfo, CacheLock } from '$lib/utils/types';
 	import { m } from '$paraglide/messages';
@@ -33,14 +35,6 @@
 	cacheLock={cacheLocks['mission']}
 	bind:cachedValue={formDataCache['mission']}
 />
-<TextField
-	{form}
-	field="reference_link"
-	label={m.referenceLink()}
-	helpText={m.linkHelpText()}
-	cacheLock={cacheLocks['reference_link']}
-	bind:cachedValue={formDataCache['reference_link']}
-/>
 <AutocompleteSelect
 	{form}
 	optionsEndpoint="folders?content_type=DO&content_type=GL"
@@ -68,3 +62,73 @@
 	cacheLock={cacheLocks['legal_identifiers']}
 	bind:cachedValue={formDataCache['legal_identifiers']}
 />
+
+<Dropdown
+	open={false}
+	style="hover:text-primary-700"
+	icon="fa-solid fa-ellipsis"
+	header={m.more()}
+>
+	<TextField
+		{form}
+		field="reference_link"
+		label={m.referenceLink()}
+		helpText={m.linkHelpText()}
+		cacheLock={cacheLocks['reference_link']}
+		bind:cachedValue={formDataCache['reference_link']}
+	/>
+	<AutocompleteSelect
+		{form}
+		field="country"
+		options={model.selectOptions?.country}
+		label={m.country()}
+		cacheLock={cacheLocks['country']}
+		bind:cachedValue={formDataCache['country']}
+	/>
+</Dropdown>
+
+<Dropdown
+	open={false}
+	style="hover:text-primary-700"
+	icon="fa-solid fa-scale-balanced"
+	header={m.doraSpecific()}
+>
+	<AutocompleteSelect
+		{form}
+		field="currency"
+		options={model.selectOptions?.currency}
+		label={m.currency()}
+		cacheLock={cacheLocks['currency']}
+		bind:cachedValue={formDataCache['currency']}
+	/>
+	<AutocompleteSelect
+		{form}
+		field="dora_entity_type"
+		options={model.selectOptions?.dora_entity_type}
+		label={m.doraEntityType()}
+		cacheLock={cacheLocks['dora_entity_type']}
+		bind:cachedValue={formDataCache['dora_entity_type']}
+	/>
+	<AutocompleteSelect
+		{form}
+		field="dora_entity_hierarchy"
+		options={model.selectOptions?.dora_entity_hierarchy}
+		label={m.doraEntityHierarchy()}
+		cacheLock={cacheLocks['dora_entity_hierarchy']}
+		bind:cachedValue={formDataCache['dora_entity_hierarchy']}
+	/>
+	<NumberField
+		{form}
+		field="dora_assets_value"
+		label={m.doraAssetsValue()}
+		cacheLock={cacheLocks['dora_assets_value']}
+		bind:cachedValue={formDataCache['dora_assets_value']}
+	/>
+	<TextField
+		{form}
+		field="dora_competent_authority"
+		label={m.doraCompetentAuthority()}
+		cacheLock={cacheLocks['dora_competent_authority']}
+		bind:cachedValue={formDataCache['dora_competent_authority']}
+	/>
+</Dropdown>
diff --git a/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte b/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
index 8d7eba91fa..da138f0c17 100644
--- a/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
@@ -1,6 +1,7 @@
 <script lang="ts">
 	import AutocompleteSelect from '../AutocompleteSelect.svelte';
 	import TextField from '$lib/components/Forms/TextField.svelte';
+	import Dropdown from '$lib/components/Dropdown/Dropdown.svelte';
 	import type { SuperValidated } from 'sveltekit-superforms';
 	import type { ModelInfo, CacheLock } from '$lib/utils/types';
 	import { m } from '$paraglide/messages';
@@ -66,3 +67,19 @@
 	bind:cachedValue={formDataCache['assets']}
 	label={m.assets()}
 />
+
+<Dropdown
+	open={false}
+	style="hover:text-primary-700"
+	icon="fa-solid fa-scale-balanced"
+	header={m.doraSpecific()}
+>
+	<AutocompleteSelect
+		{form}
+		field="dora_ict_service_type"
+		options={model.selectOptions?.dora_ict_service_type}
+		label={m.doraIctServiceType()}
+		cacheLock={cacheLocks['dora_ict_service_type']}
+		bind:cachedValue={formDataCache['dora_ict_service_type']}
+	/>
+</Dropdown>
diff --git a/frontend/src/lib/utils/crud.ts b/frontend/src/lib/utils/crud.ts
index 297d91a526..045dd15894 100644
--- a/frontend/src/lib/utils/crud.ts
+++ b/frontend/src/lib/utils/crud.ts
@@ -784,6 +784,12 @@ export const URL_MODEL_MAP: ModelMap = {
 				urlModel: 'terminologies',
 				urlParams: 'field_path=entity.relationship'
 			}
+		],
+		selectFields: [
+			{ field: 'country' },
+			{ field: 'currency' },
+			{ field: 'dora_entity_type' },
+			{ field: 'dora_entity_hierarchy' }
 		]
 	},
 	'entity-assessments': {
@@ -817,7 +823,8 @@ export const URL_MODEL_MAP: ModelMap = {
 			{ field: 'provider_entity', urlModel: 'entities' },
 			{ field: 'recipient_entity', urlModel: 'entities' },
 			{ field: 'assets', urlModel: 'assets' }
-		]
+		],
+		selectFields: [{ field: 'dora_ict_service_type' }]
 	},
 	contracts: {
 		name: 'contract',
@@ -835,7 +842,15 @@ export const URL_MODEL_MAP: ModelMap = {
 			{ field: 'owner', urlModel: 'users' },
 			{ field: 'entities', urlModel: 'entities' },
 			{ field: 'evidences', urlModel: 'evidences' },
-			{ field: 'solutions', urlModel: 'solutions' }
+			{ field: 'solutions', urlModel: 'solutions' },
+			{ field: 'overarching_contract', urlModel: 'contracts' }
+		],
+		selectFields: [
+			{ field: 'status' },
+			{ field: 'currency' },
+			{ field: 'dora_contractual_arrangement' },
+			{ field: 'termination_reason' },
+			{ field: 'governing_law_country' }
 		]
 	},
 	representatives: {
diff --git a/frontend/src/lib/utils/schemas.ts b/frontend/src/lib/utils/schemas.ts
index 4b16d38343..e48fd106fd 100644
--- a/frontend/src/lib/utils/schemas.ts
+++ b/frontend/src/lib/utils/schemas.ts
@@ -571,7 +571,13 @@ export const EntitiesSchema = z.object({
 		})
 		.optional(),
 	relationship: z.string().optional().array().optional(),
-	legal_identifiers: z.record(z.string()).optional()
+	legal_identifiers: z.record(z.string()).optional(),
+	country: z.string().optional(),
+	currency: z.string().optional(),
+	dora_entity_type: z.string().optional(),
+	dora_entity_hierarchy: z.string().optional(),
+	dora_assets_value: z.number().optional().nullable(),
+	dora_competent_authority: z.string().optional()
 });
 
 export const EntityAssessmentSchema = z.object({
@@ -605,7 +611,8 @@ export const solutionSchema = z.object({
 	provider_entity: z.string(),
 	ref_id: z.string().optional(),
 	criticality: z.number().optional(),
-	assets: z.string().uuid().optional().array().optional()
+	assets: z.string().uuid().optional().array().optional(),
+	dora_ict_service_type: z.string().optional()
 });
 
 export const representativeSchema = z.object({
@@ -630,7 +637,14 @@ export const contractSchema = z.object({
 	status: z.string().optional().default('draft'),
 	start_date: z.union([z.literal('').transform(() => null), z.string().date()]).nullish(),
 	end_date: z.union([z.literal('').transform(() => null), z.string().date()]).nullish(),
-	ref_id: z.string().optional()
+	ref_id: z.string().optional(),
+	dora_contractual_arrangement: z.string().optional(),
+	currency: z.string().optional(),
+	annual_expense: z.number().optional().nullable(),
+	termination_reason: z.string().optional(),
+	is_intragroup: z.boolean().optional().default(false),
+	overarching_contract: z.string().optional(),
+	governing_law_country: z.string().optional()
 });
 
 export const vulnerabilitySchema = z.object({

From a0cc4e3b4d9eabc380fcbcbcac5db9f0af2acb73 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Mon, 10 Nov 2025 17:13:14 +0100
Subject: [PATCH 13/47] fixup

---
 .../Forms/ModelForm/ContractForm.svelte       |  7 +-----
 .../Forms/ModelForm/EntityForm.svelte         |  7 +-----
 .../(app)/(internal)/reports/+page.svelte     | 19 +++++++++++-----
 .../(internal)/reports/ReportTile.svelte      | 22 +++++++++----------
 4 files changed, 26 insertions(+), 29 deletions(-)

diff --git a/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte b/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
index a939af782e..9793c173e2 100644
--- a/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
@@ -115,12 +115,7 @@
 	label={m.filteringLabels()}
 />
 
-<Dropdown
-	open={false}
-	style="hover:text-primary-700"
-	icon="fa-solid fa-ellipsis"
-	header={m.more()}
->
+<Dropdown open={false} style="hover:text-primary-700" icon="fa-solid fa-ellipsis" header={m.more()}>
 	<AutocompleteSelect
 		{form}
 		field="dora_contractual_arrangement"
diff --git a/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte b/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
index 34b67232e1..3f26f1f79e 100644
--- a/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
@@ -63,12 +63,7 @@
 	bind:cachedValue={formDataCache['legal_identifiers']}
 />
 
-<Dropdown
-	open={false}
-	style="hover:text-primary-700"
-	icon="fa-solid fa-ellipsis"
-	header={m.more()}
->
+<Dropdown open={false} style="hover:text-primary-700" icon="fa-solid fa-ellipsis" header={m.more()}>
 	<TextField
 		{form}
 		field="reference_link"
diff --git a/frontend/src/routes/(app)/(internal)/reports/+page.svelte b/frontend/src/routes/(app)/(internal)/reports/+page.svelte
index 85beef7f16..07c7c0d21b 100644
--- a/frontend/src/routes/(app)/(internal)/reports/+page.svelte
+++ b/frontend/src/routes/(app)/(internal)/reports/+page.svelte
@@ -25,7 +25,8 @@
 		{
 			id: 'dora-roi',
 			title: 'DORA Register of Information',
-			description: 'Generate DORA-compliant Register of Information (ROI) containing entity data required by the Digital Operational Resilience Act',
+			description:
+				'Generate DORA-compliant Register of Information (ROI) containing entity data required by the Digital Operational Resilience Act',
 			icon: 'fa-solid fa-building-shield',
 			category: 'compliance',
 			href: '/reports/dora-roi',
@@ -34,7 +35,9 @@
 		{
 			id: 'compliance-summary',
 			title: m.complianceSummaryReport ? m.complianceSummaryReport() : 'Compliance Summary Report',
-			description: m.complianceSummaryReportDesc ? m.complianceSummaryReportDesc() : 'Generate comprehensive compliance status across all frameworks',
+			description: m.complianceSummaryReportDesc
+				? m.complianceSummaryReportDesc()
+				: 'Generate comprehensive compliance status across all frameworks',
 			icon: 'fa-solid fa-clipboard-check',
 			category: 'compliance',
 			tags: ['Compliance', 'Frameworks', 'Audits']
@@ -42,7 +45,9 @@
 		{
 			id: 'incident-analysis',
 			title: m.incidentAnalysisReport ? m.incidentAnalysisReport() : 'Incident Analysis Report',
-			description: m.incidentAnalysisReportDesc ? m.incidentAnalysisReportDesc() : 'Comprehensive analysis of security incidents and trends',
+			description: m.incidentAnalysisReportDesc
+				? m.incidentAnalysisReportDesc()
+				: 'Comprehensive analysis of security incidents and trends',
 			icon: 'fa-solid fa-bug',
 			category: 'operations',
 			tags: ['Incidents', 'Operations', 'Security']
@@ -50,7 +55,9 @@
 		{
 			id: 'asset-inventory',
 			title: m.assetInventoryReport ? m.assetInventoryReport() : 'Asset Inventory Report',
-			description: m.assetInventoryReportDesc ? m.assetInventoryReportDesc() : 'Complete inventory of assets and their risk profiles',
+			description: m.assetInventoryReportDesc
+				? m.assetInventoryReportDesc()
+				: 'Complete inventory of assets and their risk profiles',
 			icon: 'fa-solid fa-gem',
 			category: 'assets',
 			tags: ['Assets', 'Inventory', 'Risk']
@@ -99,7 +106,9 @@
 					{m.aboutReports ? m.aboutReports() : 'About Reports'}
 				</h3>
 				<p class="text-gray-700">
-					{m.aboutReportsDescription ? m.aboutReportsDescription() : 'Reports provide a simple tools to generate specialized reports useful for key insights or required by authorities for specific standards.\nMore specialized capabilities will be added as we identify specific cases.'}
+					{m.aboutReportsDescription
+						? m.aboutReportsDescription()
+						: 'Reports provide a simple tools to generate specialized reports useful for key insights or required by authorities for specific standards.\nMore specialized capabilities will be added as we identify specific cases.'}
 				</p>
 			</div>
 		</div>
diff --git a/frontend/src/routes/(app)/(internal)/reports/ReportTile.svelte b/frontend/src/routes/(app)/(internal)/reports/ReportTile.svelte
index a0bbf1f7c2..eaf46daa91 100644
--- a/frontend/src/routes/(app)/(internal)/reports/ReportTile.svelte
+++ b/frontend/src/routes/(app)/(internal)/reports/ReportTile.svelte
@@ -35,14 +35,12 @@
 		return colors[category] || 'text-gray-600';
 	}
 
-	const baseClasses = "block text-left p-6 rounded-lg border-2 transition-all duration-200 hover:shadow-lg transform hover:-translate-y-1 cursor-pointer";
+	const baseClasses =
+		'block text-left p-6 rounded-lg border-2 transition-all duration-200 hover:shadow-lg transform hover:-translate-y-1 cursor-pointer';
 </script>
 
 {#if href}
-	<a
-		{href}
-		class="{baseClasses} {getCategoryColor(category)}"
-	>
+	<a {href} class="{baseClasses} {getCategoryColor(category)}">
 		<div class="flex items-start gap-4">
 			<div class="flex-shrink-0">
 				<div class="w-12 h-12 rounded-lg bg-white flex items-center justify-center shadow-sm">
@@ -66,7 +64,9 @@
 					{#if tags.length > 0}
 						<div class="flex flex-wrap gap-1 mt-3">
 							{#each tags as tag}
-								<span class="inline-flex items-center px-1.5 py-0.5 rounded text-[10px] font-medium bg-gray-100 text-gray-600 border border-gray-200">
+								<span
+									class="inline-flex items-center px-1.5 py-0.5 rounded text-[10px] font-medium bg-gray-100 text-gray-600 border border-gray-200"
+								>
 									{tag}
 								</span>
 							{/each}
@@ -77,11 +77,7 @@
 		</div>
 	</a>
 {:else}
-	<button
-		type="button"
-		class="{baseClasses} {getCategoryColor(category)}"
-		{onclick}
-	>
+	<button type="button" class="{baseClasses} {getCategoryColor(category)}" {onclick}>
 		<div class="flex items-start gap-4">
 			<div class="flex-shrink-0">
 				<div class="w-12 h-12 rounded-lg bg-white flex items-center justify-center shadow-sm">
@@ -105,7 +101,9 @@
 					{#if tags.length > 0}
 						<div class="flex flex-wrap gap-1 mt-3">
 							{#each tags as tag}
-								<span class="inline-flex items-center px-1.5 py-0.5 rounded text-[10px] font-medium bg-gray-100 text-gray-600 border border-gray-200">
+								<span
+									class="inline-flex items-center px-1.5 py-0.5 rounded text-[10px] font-medium bg-gray-100 text-gray-600 border border-gray-200"
+								>
 									{tag}
 								</span>
 							{/each}

From e299cad8bf1c9bffb343e586b6f9be03fc9d12bf Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Mon, 10 Nov 2025 20:07:05 +0100
Subject: [PATCH 14/47] update migration

---
 ...nual_expense_contract_currency_and_more.py | 644 +++++++++++++++++-
 1 file changed, 615 insertions(+), 29 deletions(-)

diff --git a/backend/tprm/migrations/0010_contract_annual_expense_contract_currency_and_more.py b/backend/tprm/migrations/0010_contract_annual_expense_contract_currency_and_more.py
index 56b453b972..e0abf8bab1 100644
--- a/backend/tprm/migrations/0010_contract_annual_expense_contract_currency_and_more.py
+++ b/backend/tprm/migrations/0010_contract_annual_expense_contract_currency_and_more.py
@@ -1,4 +1,4 @@
-# Generated by Django 5.2.7 on 2025-11-10 14:28
+# Generated by Django 5.2.7 on 2025-11-10 19:06
 
 import django.db.models.deletion
 from django.db import migrations, models
@@ -202,12 +202,12 @@ class Migration(migrations.Migration):
             model_name="contract",
             name="dora_contractual_arrangement",
             field=models.CharField(
-                blank=True,
                 choices=[
                     ("eba_CO:x1", "Standalone arrangement"),
                     ("eba_CO:x2", "Overarching arrangement"),
                     ("eba_CO:x3", "Subsequent or associated arrangement"),
                 ],
+                default="eba_CO:x1",
                 help_text="DORA contractual arrangement type",
                 max_length=20,
                 verbose_name="DORA contractual arrangement",
@@ -485,6 +485,26 @@ class Migration(migrations.Migration):
                 verbose_name="Is intragroup",
             ),
         ),
+        migrations.AddField(
+            model_name="contract",
+            name="notice_period_entity",
+            field=models.IntegerField(
+                blank=True,
+                help_text="Notice period in days for the financial entity",
+                null=True,
+                verbose_name="Notice period for entity (days)",
+            ),
+        ),
+        migrations.AddField(
+            model_name="contract",
+            name="notice_period_provider",
+            field=models.IntegerField(
+                blank=True,
+                help_text="Notice period in days for the ICT third-party service provider",
+                null=True,
+                verbose_name="Notice period for provider (days)",
+            ),
+        ),
         migrations.AddField(
             model_name="contract",
             name="overarching_contract",
@@ -1056,36 +1076,602 @@ class Migration(migrations.Migration):
         ),
         migrations.AddField(
             model_name="solution",
-            name="dora_ict_service_type",
+            name="data_location_processing",
             field=models.CharField(
                 blank=True,
                 choices=[
-                    ("eba_TA:S01", "ICT project management"),
-                    ("eba_TA:S02", "ICT Development"),
-                    ("eba_TA:S03", "ICT help desk and first level support"),
-                    ("eba_TA:S04", "ICT security management services"),
-                    ("eba_TA:S05", "Provision of data"),
-                    ("eba_TA:S06", "Data analysis"),
-                    (
-                        "eba_TA:S07",
-                        "ICT, facilities and hosting services (excluding Cloud services)",
-                    ),
-                    ("eba_TA:S08", "Computation"),
-                    ("eba_TA:S09", "Non-Cloud Data storage"),
-                    ("eba_TA:S10", "Telecom carrier"),
-                    ("eba_TA:S11", "Network infrastructure"),
-                    ("eba_TA:S12", "Hardware and physical devices"),
-                    ("eba_TA:S13", "Software licencing (excluding SaaS)"),
-                    ("eba_TA:S14", "ICT operation management (including maintenance)"),
-                    ("eba_TA:S15", "ICT Consulting"),
-                    ("eba_TA:S16", "ICT Risk management"),
-                    ("eba_TA:S17", "Cloud services: IaaS"),
-                    ("eba_TA:S18", "Cloud services: PaaS"),
-                    ("eba_TA:S19", "Cloud services: SaaS"),
-                ],
-                help_text="DORA ICT service type classification",
-                max_length=20,
-                verbose_name="DORA ICT service type",
+                    ("AF", "Afghanistan"),
+                    ("AX", "Åland Islands"),
+                    ("AL", "Albania"),
+                    ("DZ", "Algeria"),
+                    ("AS", "American Samoa"),
+                    ("AD", "Andorra"),
+                    ("AO", "Angola"),
+                    ("AI", "Anguilla"),
+                    ("AQ", "Antarctica"),
+                    ("AG", "Antigua and Barbuda"),
+                    ("AR", "Argentina"),
+                    ("AM", "Armenia"),
+                    ("AW", "Aruba"),
+                    ("AU", "Australia"),
+                    ("AT", "Austria"),
+                    ("AZ", "Azerbaijan"),
+                    ("BS", "Bahamas"),
+                    ("BH", "Bahrain"),
+                    ("BD", "Bangladesh"),
+                    ("BB", "Barbados"),
+                    ("BY", "Belarus"),
+                    ("BE", "Belgium"),
+                    ("BZ", "Belize"),
+                    ("BJ", "Benin"),
+                    ("BM", "Bermuda"),
+                    ("BT", "Bhutan"),
+                    ("BO", "Bolivia, Plurinational State of"),
+                    ("BQ", "Bonaire, Sint Eustatius and Saba"),
+                    ("BA", "Bosnia and Herzegovina"),
+                    ("BW", "Botswana"),
+                    ("BV", "Bouvet Island"),
+                    ("BR", "Brazil"),
+                    ("IO", "British Indian Ocean Territory"),
+                    ("BN", "Brunei Darussalam"),
+                    ("BG", "Bulgaria"),
+                    ("BF", "Burkina Faso"),
+                    ("BI", "Burundi"),
+                    ("KH", "Cambodia"),
+                    ("CM", "Cameroon"),
+                    ("CA", "Canada"),
+                    ("CV", "Cape Verde"),
+                    ("KY", "Cayman Islands"),
+                    ("CF", "Central African Republic"),
+                    ("TD", "Chad"),
+                    ("CL", "Chile"),
+                    ("CN", "China"),
+                    ("CX", "Christmas Island"),
+                    ("CC", "Cocos (Keeling) Islands"),
+                    ("CO", "Colombia"),
+                    ("KM", "Comoros"),
+                    ("CG", "Congo"),
+                    ("CD", "Congo, The Democratic Republic of the"),
+                    ("CK", "Cook Islands"),
+                    ("CR", "Costa Rica"),
+                    ("CI", "Côte d'Ivoire"),
+                    ("HR", "Croatia"),
+                    ("CU", "Cuba"),
+                    ("CW", "Curaçao"),
+                    ("CY", "Cyprus"),
+                    ("CZ", "Czech Republic"),
+                    ("DK", "Denmark"),
+                    ("DJ", "Djibouti"),
+                    ("DM", "Dominica"),
+                    ("DO", "Dominican Republic"),
+                    ("EC", "Ecuador"),
+                    ("EG", "Egypt"),
+                    ("SV", "El Salvador"),
+                    ("GQ", "Equatorial Guinea"),
+                    ("ER", "Eritrea"),
+                    ("EE", "Estonia"),
+                    ("ET", "Ethiopia"),
+                    ("FK", "Falkland Islands (Malvinas)"),
+                    ("FO", "Faroe Islands"),
+                    ("FJ", "Fiji"),
+                    ("FI", "Finland"),
+                    ("FR", "France"),
+                    ("GF", "French Guiana"),
+                    ("PF", "French Polynesia"),
+                    ("TF", "French Southern Territories"),
+                    ("GA", "Gabon"),
+                    ("GM", "Gambia"),
+                    ("GE", "Georgia"),
+                    ("DE", "Germany"),
+                    ("GH", "Ghana"),
+                    ("GI", "Gibraltar"),
+                    ("GR", "Greece"),
+                    ("GL", "Greenland"),
+                    ("GD", "Grenada"),
+                    ("GP", "Guadeloupe"),
+                    ("GU", "Guam"),
+                    ("GT", "Guatemala"),
+                    ("GG", "Guernsey"),
+                    ("GN", "Guinea"),
+                    ("GW", "Guinea-Bissau"),
+                    ("GY", "Guyana"),
+                    ("HT", "Haiti"),
+                    ("HM", "Heard Island and McDonald Islands"),
+                    ("VA", "Holy See (Vatican City State)"),
+                    ("HN", "Honduras"),
+                    ("HK", "Hong Kong"),
+                    ("HU", "Hungary"),
+                    ("IS", "Iceland"),
+                    ("IN", "India"),
+                    ("ID", "Indonesia"),
+                    ("IR", "Iran, Islamic Republic of"),
+                    ("IQ", "Iraq"),
+                    ("IE", "Ireland"),
+                    ("IM", "Isle of Man"),
+                    ("IL", "Israel"),
+                    ("IT", "Italy"),
+                    ("JM", "Jamaica"),
+                    ("JP", "Japan"),
+                    ("JE", "Jersey"),
+                    ("JO", "Jordan"),
+                    ("KZ", "Kazakhstan"),
+                    ("KE", "Kenya"),
+                    ("KI", "Kiribati"),
+                    ("KP", "Korea, Democratic People's Republic of"),
+                    ("KR", "Korea, Republic of"),
+                    ("XK", "Kosovo"),
+                    ("KW", "Kuwait"),
+                    ("KG", "Kyrgyzstan"),
+                    ("LA", "Lao People's Democratic Republic"),
+                    ("LV", "Latvia"),
+                    ("LB", "Lebanon"),
+                    ("LS", "Lesotho"),
+                    ("LR", "Liberia"),
+                    ("LY", "Libya"),
+                    ("LI", "Liechtenstein"),
+                    ("LT", "Lithuania"),
+                    ("LU", "Luxembourg"),
+                    ("MO", "Macao"),
+                    ("MK", "North Macedonia"),
+                    ("MG", "Madagascar"),
+                    ("MW", "Malawi"),
+                    ("MY", "Malaysia"),
+                    ("MV", "Maldives"),
+                    ("ML", "Mali"),
+                    ("MT", "Malta"),
+                    ("MH", "Marshall Islands"),
+                    ("MQ", "Martinique"),
+                    ("MR", "Mauritania"),
+                    ("MU", "Mauritius"),
+                    ("YT", "Mayotte"),
+                    ("MX", "Mexico"),
+                    ("FM", "Micronesia, Federated States of"),
+                    ("MD", "Moldova, Republic of"),
+                    ("MC", "Monaco"),
+                    ("MN", "Mongolia"),
+                    ("ME", "Montenegro"),
+                    ("MS", "Montserrat"),
+                    ("MA", "Morocco"),
+                    ("MZ", "Mozambique"),
+                    ("MM", "Myanmar"),
+                    ("NA", "Namibia"),
+                    ("NR", "Nauru"),
+                    ("NP", "Nepal"),
+                    ("NL", "Netherlands"),
+                    ("NC", "New Caledonia"),
+                    ("NZ", "New Zealand"),
+                    ("NI", "Nicaragua"),
+                    ("NE", "Niger"),
+                    ("NG", "Nigeria"),
+                    ("NU", "Niue"),
+                    ("NF", "Norfolk Island"),
+                    ("MP", "Northern Mariana Islands"),
+                    ("NO", "Norway"),
+                    ("OM", "Oman"),
+                    ("PK", "Pakistan"),
+                    ("PW", "Palau"),
+                    ("PS", "Palestinian Territory, Occupied"),
+                    ("PA", "Panama"),
+                    ("PG", "Papua New Guinea"),
+                    ("PY", "Paraguay"),
+                    ("PE", "Peru"),
+                    ("PH", "Philippines"),
+                    ("PN", "Pitcairn"),
+                    ("PL", "Poland"),
+                    ("PT", "Portugal"),
+                    ("PR", "Puerto Rico"),
+                    ("QA", "Qatar"),
+                    ("RE", "Réunion"),
+                    ("RO", "Romania"),
+                    ("RU", "Russian Federation"),
+                    ("RW", "Rwanda"),
+                    ("BL", "Saint Barthélemy"),
+                    ("SH", "Saint Helena, Ascension and Tristan da Cunha"),
+                    ("KN", "Saint Kitts and Nevis"),
+                    ("LC", "Saint Lucia"),
+                    ("MF", "Saint Martin (French part)"),
+                    ("PM", "Saint Pierre and Miquelon"),
+                    ("VC", "Saint Vincent and the Grenadines"),
+                    ("WS", "Samoa"),
+                    ("SM", "San Marino"),
+                    ("ST", "Sao Tome and Principe"),
+                    ("SA", "Saudi Arabia"),
+                    ("SN", "Senegal"),
+                    ("RS", "Serbia"),
+                    ("SC", "Seychelles"),
+                    ("SL", "Sierra Leone"),
+                    ("SG", "Singapore"),
+                    ("SX", "Sint Maarten (Dutch part)"),
+                    ("SK", "Slovakia"),
+                    ("SI", "Slovenia"),
+                    ("SB", "Solomon Islands"),
+                    ("SO", "Somalia"),
+                    ("ZA", "South Africa"),
+                    ("GS", "South Georgia and the South Sandwich Islands"),
+                    ("SS", "South Sudan"),
+                    ("ES", "Spain"),
+                    ("LK", "Sri Lanka"),
+                    ("SD", "Sudan"),
+                    ("SR", "Suriname"),
+                    ("SJ", "Svalbard and Jan Mayen"),
+                    ("SZ", "Swaziland"),
+                    ("SE", "Sweden"),
+                    ("CH", "Switzerland"),
+                    ("SY", "Syrian Arab Republic"),
+                    ("TW", "Taiwan, Province of China"),
+                    ("TJ", "Tajikistan"),
+                    ("TZ", "Tanzania, United Republic of"),
+                    ("TH", "Thailand"),
+                    ("TL", "Timor-Leste"),
+                    ("TG", "Togo"),
+                    ("TK", "Tokelau"),
+                    ("TO", "Tonga"),
+                    ("TT", "Trinidad and Tobago"),
+                    ("TN", "Tunisia"),
+                    ("TR", "Türkiye"),
+                    ("TM", "Turkmenistan"),
+                    ("TC", "Turks and Caicos Islands"),
+                    ("TV", "Tuvalu"),
+                    ("UG", "Uganda"),
+                    ("UA", "Ukraine"),
+                    ("AE", "United Arab Emirates"),
+                    ("GB", "United Kingdom"),
+                    ("US", "United States"),
+                    ("UM", "United States Minor Outlying Islands"),
+                    ("UY", "Uruguay"),
+                    ("UZ", "Uzbekistan"),
+                    ("VU", "Vanuatu"),
+                    ("VE", "Venezuela, Bolivarian Republic of"),
+                    ("VN", "Viet Nam"),
+                    ("VG", "Virgin Islands, British"),
+                    ("VI", "Virgin Islands, U.S."),
+                    ("WF", "Wallis and Futuna"),
+                    ("EH", "Western Sahara"),
+                    ("YE", "Yemen"),
+                    ("ZM", "Zambia"),
+                    ("ZW", "Zimbabwe"),
+                    ("x28", "Other Countries"),
+                ],
+                help_text="Country where data is processed/managed",
+                max_length=3,
+                verbose_name="Location of data processing",
+            ),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="data_location_storage",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("AF", "Afghanistan"),
+                    ("AX", "Åland Islands"),
+                    ("AL", "Albania"),
+                    ("DZ", "Algeria"),
+                    ("AS", "American Samoa"),
+                    ("AD", "Andorra"),
+                    ("AO", "Angola"),
+                    ("AI", "Anguilla"),
+                    ("AQ", "Antarctica"),
+                    ("AG", "Antigua and Barbuda"),
+                    ("AR", "Argentina"),
+                    ("AM", "Armenia"),
+                    ("AW", "Aruba"),
+                    ("AU", "Australia"),
+                    ("AT", "Austria"),
+                    ("AZ", "Azerbaijan"),
+                    ("BS", "Bahamas"),
+                    ("BH", "Bahrain"),
+                    ("BD", "Bangladesh"),
+                    ("BB", "Barbados"),
+                    ("BY", "Belarus"),
+                    ("BE", "Belgium"),
+                    ("BZ", "Belize"),
+                    ("BJ", "Benin"),
+                    ("BM", "Bermuda"),
+                    ("BT", "Bhutan"),
+                    ("BO", "Bolivia, Plurinational State of"),
+                    ("BQ", "Bonaire, Sint Eustatius and Saba"),
+                    ("BA", "Bosnia and Herzegovina"),
+                    ("BW", "Botswana"),
+                    ("BV", "Bouvet Island"),
+                    ("BR", "Brazil"),
+                    ("IO", "British Indian Ocean Territory"),
+                    ("BN", "Brunei Darussalam"),
+                    ("BG", "Bulgaria"),
+                    ("BF", "Burkina Faso"),
+                    ("BI", "Burundi"),
+                    ("KH", "Cambodia"),
+                    ("CM", "Cameroon"),
+                    ("CA", "Canada"),
+                    ("CV", "Cape Verde"),
+                    ("KY", "Cayman Islands"),
+                    ("CF", "Central African Republic"),
+                    ("TD", "Chad"),
+                    ("CL", "Chile"),
+                    ("CN", "China"),
+                    ("CX", "Christmas Island"),
+                    ("CC", "Cocos (Keeling) Islands"),
+                    ("CO", "Colombia"),
+                    ("KM", "Comoros"),
+                    ("CG", "Congo"),
+                    ("CD", "Congo, The Democratic Republic of the"),
+                    ("CK", "Cook Islands"),
+                    ("CR", "Costa Rica"),
+                    ("CI", "Côte d'Ivoire"),
+                    ("HR", "Croatia"),
+                    ("CU", "Cuba"),
+                    ("CW", "Curaçao"),
+                    ("CY", "Cyprus"),
+                    ("CZ", "Czech Republic"),
+                    ("DK", "Denmark"),
+                    ("DJ", "Djibouti"),
+                    ("DM", "Dominica"),
+                    ("DO", "Dominican Republic"),
+                    ("EC", "Ecuador"),
+                    ("EG", "Egypt"),
+                    ("SV", "El Salvador"),
+                    ("GQ", "Equatorial Guinea"),
+                    ("ER", "Eritrea"),
+                    ("EE", "Estonia"),
+                    ("ET", "Ethiopia"),
+                    ("FK", "Falkland Islands (Malvinas)"),
+                    ("FO", "Faroe Islands"),
+                    ("FJ", "Fiji"),
+                    ("FI", "Finland"),
+                    ("FR", "France"),
+                    ("GF", "French Guiana"),
+                    ("PF", "French Polynesia"),
+                    ("TF", "French Southern Territories"),
+                    ("GA", "Gabon"),
+                    ("GM", "Gambia"),
+                    ("GE", "Georgia"),
+                    ("DE", "Germany"),
+                    ("GH", "Ghana"),
+                    ("GI", "Gibraltar"),
+                    ("GR", "Greece"),
+                    ("GL", "Greenland"),
+                    ("GD", "Grenada"),
+                    ("GP", "Guadeloupe"),
+                    ("GU", "Guam"),
+                    ("GT", "Guatemala"),
+                    ("GG", "Guernsey"),
+                    ("GN", "Guinea"),
+                    ("GW", "Guinea-Bissau"),
+                    ("GY", "Guyana"),
+                    ("HT", "Haiti"),
+                    ("HM", "Heard Island and McDonald Islands"),
+                    ("VA", "Holy See (Vatican City State)"),
+                    ("HN", "Honduras"),
+                    ("HK", "Hong Kong"),
+                    ("HU", "Hungary"),
+                    ("IS", "Iceland"),
+                    ("IN", "India"),
+                    ("ID", "Indonesia"),
+                    ("IR", "Iran, Islamic Republic of"),
+                    ("IQ", "Iraq"),
+                    ("IE", "Ireland"),
+                    ("IM", "Isle of Man"),
+                    ("IL", "Israel"),
+                    ("IT", "Italy"),
+                    ("JM", "Jamaica"),
+                    ("JP", "Japan"),
+                    ("JE", "Jersey"),
+                    ("JO", "Jordan"),
+                    ("KZ", "Kazakhstan"),
+                    ("KE", "Kenya"),
+                    ("KI", "Kiribati"),
+                    ("KP", "Korea, Democratic People's Republic of"),
+                    ("KR", "Korea, Republic of"),
+                    ("XK", "Kosovo"),
+                    ("KW", "Kuwait"),
+                    ("KG", "Kyrgyzstan"),
+                    ("LA", "Lao People's Democratic Republic"),
+                    ("LV", "Latvia"),
+                    ("LB", "Lebanon"),
+                    ("LS", "Lesotho"),
+                    ("LR", "Liberia"),
+                    ("LY", "Libya"),
+                    ("LI", "Liechtenstein"),
+                    ("LT", "Lithuania"),
+                    ("LU", "Luxembourg"),
+                    ("MO", "Macao"),
+                    ("MK", "North Macedonia"),
+                    ("MG", "Madagascar"),
+                    ("MW", "Malawi"),
+                    ("MY", "Malaysia"),
+                    ("MV", "Maldives"),
+                    ("ML", "Mali"),
+                    ("MT", "Malta"),
+                    ("MH", "Marshall Islands"),
+                    ("MQ", "Martinique"),
+                    ("MR", "Mauritania"),
+                    ("MU", "Mauritius"),
+                    ("YT", "Mayotte"),
+                    ("MX", "Mexico"),
+                    ("FM", "Micronesia, Federated States of"),
+                    ("MD", "Moldova, Republic of"),
+                    ("MC", "Monaco"),
+                    ("MN", "Mongolia"),
+                    ("ME", "Montenegro"),
+                    ("MS", "Montserrat"),
+                    ("MA", "Morocco"),
+                    ("MZ", "Mozambique"),
+                    ("MM", "Myanmar"),
+                    ("NA", "Namibia"),
+                    ("NR", "Nauru"),
+                    ("NP", "Nepal"),
+                    ("NL", "Netherlands"),
+                    ("NC", "New Caledonia"),
+                    ("NZ", "New Zealand"),
+                    ("NI", "Nicaragua"),
+                    ("NE", "Niger"),
+                    ("NG", "Nigeria"),
+                    ("NU", "Niue"),
+                    ("NF", "Norfolk Island"),
+                    ("MP", "Northern Mariana Islands"),
+                    ("NO", "Norway"),
+                    ("OM", "Oman"),
+                    ("PK", "Pakistan"),
+                    ("PW", "Palau"),
+                    ("PS", "Palestinian Territory, Occupied"),
+                    ("PA", "Panama"),
+                    ("PG", "Papua New Guinea"),
+                    ("PY", "Paraguay"),
+                    ("PE", "Peru"),
+                    ("PH", "Philippines"),
+                    ("PN", "Pitcairn"),
+                    ("PL", "Poland"),
+                    ("PT", "Portugal"),
+                    ("PR", "Puerto Rico"),
+                    ("QA", "Qatar"),
+                    ("RE", "Réunion"),
+                    ("RO", "Romania"),
+                    ("RU", "Russian Federation"),
+                    ("RW", "Rwanda"),
+                    ("BL", "Saint Barthélemy"),
+                    ("SH", "Saint Helena, Ascension and Tristan da Cunha"),
+                    ("KN", "Saint Kitts and Nevis"),
+                    ("LC", "Saint Lucia"),
+                    ("MF", "Saint Martin (French part)"),
+                    ("PM", "Saint Pierre and Miquelon"),
+                    ("VC", "Saint Vincent and the Grenadines"),
+                    ("WS", "Samoa"),
+                    ("SM", "San Marino"),
+                    ("ST", "Sao Tome and Principe"),
+                    ("SA", "Saudi Arabia"),
+                    ("SN", "Senegal"),
+                    ("RS", "Serbia"),
+                    ("SC", "Seychelles"),
+                    ("SL", "Sierra Leone"),
+                    ("SG", "Singapore"),
+                    ("SX", "Sint Maarten (Dutch part)"),
+                    ("SK", "Slovakia"),
+                    ("SI", "Slovenia"),
+                    ("SB", "Solomon Islands"),
+                    ("SO", "Somalia"),
+                    ("ZA", "South Africa"),
+                    ("GS", "South Georgia and the South Sandwich Islands"),
+                    ("SS", "South Sudan"),
+                    ("ES", "Spain"),
+                    ("LK", "Sri Lanka"),
+                    ("SD", "Sudan"),
+                    ("SR", "Suriname"),
+                    ("SJ", "Svalbard and Jan Mayen"),
+                    ("SZ", "Swaziland"),
+                    ("SE", "Sweden"),
+                    ("CH", "Switzerland"),
+                    ("SY", "Syrian Arab Republic"),
+                    ("TW", "Taiwan, Province of China"),
+                    ("TJ", "Tajikistan"),
+                    ("TZ", "Tanzania, United Republic of"),
+                    ("TH", "Thailand"),
+                    ("TL", "Timor-Leste"),
+                    ("TG", "Togo"),
+                    ("TK", "Tokelau"),
+                    ("TO", "Tonga"),
+                    ("TT", "Trinidad and Tobago"),
+                    ("TN", "Tunisia"),
+                    ("TR", "Türkiye"),
+                    ("TM", "Turkmenistan"),
+                    ("TC", "Turks and Caicos Islands"),
+                    ("TV", "Tuvalu"),
+                    ("UG", "Uganda"),
+                    ("UA", "Ukraine"),
+                    ("AE", "United Arab Emirates"),
+                    ("GB", "United Kingdom"),
+                    ("US", "United States"),
+                    ("UM", "United States Minor Outlying Islands"),
+                    ("UY", "Uruguay"),
+                    ("UZ", "Uzbekistan"),
+                    ("VU", "Vanuatu"),
+                    ("VE", "Venezuela, Bolivarian Republic of"),
+                    ("VN", "Viet Nam"),
+                    ("VG", "Virgin Islands, British"),
+                    ("VI", "Virgin Islands, U.S."),
+                    ("WF", "Wallis and Futuna"),
+                    ("EH", "Western Sahara"),
+                    ("YE", "Yemen"),
+                    ("ZM", "Zambia"),
+                    ("ZW", "Zimbabwe"),
+                    ("x28", "Other Countries"),
+                ],
+                help_text="Country where data is stored",
+                max_length=3,
+                verbose_name="Location of data at rest",
+            ),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="dora_data_sensitiveness",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("eba_ZZ:x791", "Low"),
+                    ("eba_ZZ:x792", "Medium"),
+                    ("eba_ZZ:x793", "High"),
+                ],
+                help_text="Sensitiveness of the data stored",
+                max_length=20,
+                verbose_name="Data sensitiveness",
+            ),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="dora_ict_service_type",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("eba_TA:S01", "ICT project management"),
+                    ("eba_TA:S02", "ICT Development"),
+                    ("eba_TA:S03", "ICT help desk and first level support"),
+                    ("eba_TA:S04", "ICT security management services"),
+                    ("eba_TA:S05", "Provision of data"),
+                    ("eba_TA:S06", "Data analysis"),
+                    (
+                        "eba_TA:S07",
+                        "ICT, facilities and hosting services (excluding Cloud services)",
+                    ),
+                    ("eba_TA:S08", "Computation"),
+                    ("eba_TA:S09", "Non-Cloud Data storage"),
+                    ("eba_TA:S10", "Telecom carrier"),
+                    ("eba_TA:S11", "Network infrastructure"),
+                    ("eba_TA:S12", "Hardware and physical devices"),
+                    ("eba_TA:S13", "Software licencing (excluding SaaS)"),
+                    ("eba_TA:S14", "ICT operation management (including maintenance)"),
+                    ("eba_TA:S15", "ICT Consulting"),
+                    ("eba_TA:S16", "ICT Risk management"),
+                    ("eba_TA:S17", "Cloud services: IaaS"),
+                    ("eba_TA:S18", "Cloud services: PaaS"),
+                    ("eba_TA:S19", "Cloud services: SaaS"),
+                ],
+                help_text="DORA ICT service type classification",
+                max_length=20,
+                verbose_name="DORA ICT service type",
+            ),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="dora_reliance_level",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("eba_ZZ:x794", "Not significant"),
+                    ("eba_ZZ:x795", "Low reliance"),
+                    ("eba_ZZ:x796", "Material reliance"),
+                    ("eba_ZZ:x797", "Full reliance"),
+                ],
+                help_text="Level of reliance on the ICT service",
+                max_length=20,
+                verbose_name="Level of reliance",
+            ),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="storage_of_data",
+            field=models.BooleanField(
+                default=False,
+                help_text="Whether data is stored by the ICT service provider",
+                verbose_name="Storage of data",
             ),
         ),
     ]

From 7d45a7db7381162d3d4c581d85b2f32b4b495faa Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Mon, 10 Nov 2025 20:07:21 +0100
Subject: [PATCH 15/47] fixup

---
 backend/core/dora.py                          |  18 +
 backend/tprm/models.py                        |  49 +-
 backend/tprm/views.py                         | 450 +++++++++++++++---
 frontend/messages/en.json                     |   9 +-
 .../Forms/ModelForm/ContractForm.svelte       |  51 +-
 .../Forms/ModelForm/SolutionForm.svelte       |  40 ++
 frontend/src/lib/utils/crud.ts                |   8 +-
 frontend/src/lib/utils/schemas.ts             |  13 +-
 8 files changed, 542 insertions(+), 96 deletions(-)

diff --git a/backend/core/dora.py b/backend/core/dora.py
index b71ed114e7..4da2223913 100644
--- a/backend/core/dora.py
+++ b/backend/core/dora.py
@@ -88,3 +88,21 @@
     ("eba_TA:S18", "Cloud services: PaaS"),
     ("eba_TA:S19", "Cloud services: SaaS"),
 ]
+
+DORA_BINARY_CHOICES = [
+    ("eba_BT:x28", "Yes"),
+    ("eba_BT:x29", "No"),
+]
+
+DORA_RELIANCE_CHOICES = [
+    ("eba_ZZ:x794", "Not significant"),
+    ("eba_ZZ:x795", "Low reliance"),
+    ("eba_ZZ:x796", "Material reliance"),
+    ("eba_ZZ:x797", "Full reliance"),
+]
+
+DORA_SENSITIVENESS_CHOICES = [
+    ("eba_ZZ:x791", "Low"),
+    ("eba_ZZ:x792", "Medium"),
+    ("eba_ZZ:x793", "High"),
+]
diff --git a/backend/tprm/models.py b/backend/tprm/models.py
index aac29e7bbb..fd5a8ff030 100644
--- a/backend/tprm/models.py
+++ b/backend/tprm/models.py
@@ -16,6 +16,8 @@
     DORA_CONTRACTUAL_ARRANGEMENT_CHOICES,
     TERMINATION_REASON_CHOICES,
     DORA_ICT_SERVICE_CHOICES,
+    DORA_SENSITIVENESS_CHOICES,
+    DORA_RELIANCE_CHOICES,
 )
 from iam.models import Folder, FolderMixin, PublishInRootFolderMixin
 from iam.views import User
@@ -217,6 +219,39 @@ class Solution(NameDescriptionMixin):
         verbose_name=_("DORA ICT service type"),
         help_text=_("DORA ICT service type classification"),
     )
+    storage_of_data = models.BooleanField(
+        default=False,
+        verbose_name=_("Storage of data"),
+        help_text=_("Whether data is stored by the ICT service provider"),
+    )
+    data_location_storage = models.CharField(
+        max_length=3,
+        choices=COUNTRY_CHOICES,
+        blank=True,
+        verbose_name=_("Location of data at rest"),
+        help_text=_("Country where data is stored"),
+    )
+    data_location_processing = models.CharField(
+        max_length=3,
+        choices=COUNTRY_CHOICES,
+        blank=True,
+        verbose_name=_("Location of data processing"),
+        help_text=_("Country where data is processed/managed"),
+    )
+    dora_data_sensitiveness = models.CharField(
+        max_length=20,
+        choices=DORA_SENSITIVENESS_CHOICES,
+        blank=True,
+        verbose_name=_("Data sensitiveness"),
+        help_text=_("Sensitiveness of the data stored"),
+    )
+    dora_reliance_level = models.CharField(
+        max_length=20,
+        choices=DORA_RELIANCE_CHOICES,
+        blank=True,
+        verbose_name=_("Level of reliance"),
+        help_text=_("Level of reliance on the ICT service"),
+    )
 
     fields_to_check = ["name"]
 
@@ -288,7 +323,7 @@ class Status(models.TextChoices):
     dora_contractual_arrangement = models.CharField(
         max_length=20,
         choices=DORA_CONTRACTUAL_ARRANGEMENT_CHOICES,
-        blank=True,
+        default="eba_CO:x1",
         verbose_name=_("DORA contractual arrangement"),
         help_text=_("DORA contractual arrangement type"),
     )
@@ -333,6 +368,18 @@ class Status(models.TextChoices):
         verbose_name=_("Governing law country"),
         help_text=_("Country whose law governs this contract"),
     )
+    notice_period_entity = models.IntegerField(
+        blank=True,
+        null=True,
+        verbose_name=_("Notice period for entity (days)"),
+        help_text=_("Notice period in days for the financial entity"),
+    )
+    notice_period_provider = models.IntegerField(
+        blank=True,
+        null=True,
+        verbose_name=_("Notice period for provider (days)"),
+        help_text=_("Notice period in days for the ICT third-party service provider"),
+    )
 
     fields_to_check = ["name"]
 
diff --git a/backend/tprm/views.py b/backend/tprm/views.py
index 2037473666..1158b7df48 100644
--- a/backend/tprm/views.py
+++ b/backend/tprm/views.py
@@ -18,6 +18,8 @@
     DORA_CONTRACTUAL_ARRANGEMENT_CHOICES,
     TERMINATION_REASON_CHOICES,
     DORA_ICT_SERVICE_CHOICES,
+    DORA_SENSITIVENESS_CHOICES,
+    DORA_RELIANCE_CHOICES,
 )
 
 import csv
@@ -57,92 +59,373 @@ def generate_dora_roi(self, request):
         """
         Generate DORA Register of Information (ROI) as a zip file containing CSV data.
         """
-        # Get viewable entities for the current user
-        (viewable_items, _, _) = RoleAssignment.get_accessible_object_ids(
-            folder=Folder.get_root_folder(),
-            user=request.user,
-            object_type=Entity,
-        )
+        # Get the main entity
+        main_entity = Entity.get_main_entity()
 
-        # Create CSV in memory
-        csv_buffer = io.StringIO()
-        csv_writer = csv.writer(csv_buffer)
-
-        # Write CSV headers
-        csv_writer.writerow(
-            [
-                "Entity ID",
-                "Name",
-                "Description",
-                "Mission",
-                "Reference Link",
-                "Relationship Types",
-                "Legal Identifiers",
-                "Country",
-                "Currency",
-                "DORA Entity Type",
-                "DORA Entity Hierarchy",
-                "DORA Assets Value",
-                "DORA Competent Authority",
-                "Folder",
-                "Created At",
-                "Updated At",
-            ]
-        )
+        if not main_entity:
+            return HttpResponse("No main entity found", status=400)
 
-        # Write entity data
-        for entity in Entity.objects.filter(id__in=viewable_items).select_related(
-            "folder"
-        ):
-            # Get relationship types as comma-separated string
-            relationships = ", ".join([str(rel) for rel in entity.relationship.all()])
-
-            # Format legal identifiers as string
-            legal_ids = (
-                ", ".join([f"{k}: {v}" for k, v in entity.legal_identifiers.items()])
-                if entity.legal_identifiers
-                else ""
-            )
+        # Create zip file in memory
+        zip_buffer = io.BytesIO()
+        with zipfile.ZipFile(zip_buffer, "w", zipfile.ZIP_DEFLATED) as zip_file:
+            # Create b_01.01.csv - Main entity information
+            csv_buffer = io.StringIO()
+            csv_writer = csv.writer(csv_buffer)
 
+            # Write CSV headers
+            csv_writer.writerow(["c0010", "c0020", "c0030", "c0040", "c0050", "c0060"])
+
+            # Extract LEI from legal identifiers
+            lei = ""
+            if main_entity.legal_identifiers:
+                lei = main_entity.legal_identifiers.get("LEI", "")
+
+            # Format country with eba_GA: prefix
+            country = ""
+            if main_entity.country:
+                country = f"eba_GA:{main_entity.country}"
+
+            # Get current date for report
+            report_date = datetime.now().strftime("%Y-%m-%d")
+
+            # Write entity data
             csv_writer.writerow(
                 [
-                    str(entity.id),
-                    entity.name,
-                    entity.description or "",
-                    entity.mission or "",
-                    entity.reference_link or "",
-                    relationships,
-                    legal_ids,
-                    entity.country or "",
-                    entity.currency or "",
-                    entity.get_dora_entity_type_display()
-                    if entity.dora_entity_type
-                    else "",
-                    entity.get_dora_entity_hierarchy_display()
-                    if entity.dora_entity_hierarchy
-                    else "",
-                    entity.dora_assets_value
-                    if entity.dora_assets_value is not None
+                    lei,
+                    main_entity.name,
+                    country,
+                    main_entity.dora_entity_type or "",
+                    main_entity.dora_competent_authority or "",
+                    report_date,
+                ]
+            )
+
+            # Add CSV to zip in reports folder
+            zip_file.writestr(
+                "reports/b_01.01.csv", csv_buffer.getvalue().encode("utf-8")
+            )
+
+            # Create b_01.02.csv - Entity register
+            csv_buffer_02 = io.StringIO()
+            csv_writer_02 = csv.writer(csv_buffer_02)
+
+            # Write CSV headers
+            csv_writer_02.writerow(
+                [
+                    "c0010",
+                    "c0020",
+                    "c0030",
+                    "c0040",
+                    "c0050",
+                    "c0060",
+                    "c0070",
+                    "c0080",
+                    "c0090",
+                    "c0100",
+                    "c0110",
+                ]
+            )
+
+            # Write main entity data
+            lei_02 = ""
+            if main_entity.legal_identifiers:
+                lei_02 = main_entity.legal_identifiers.get("LEI", "")
+
+            country_02 = ""
+            if main_entity.country:
+                country_02 = f"eba_GA:{main_entity.country}"
+
+            # Format currency with eba_CU: prefix
+            currency_02 = ""
+            if main_entity.currency:
+                currency_02 = f"eba_CU:{main_entity.currency}"
+
+            # Format dates, use 2999-12-31 as default for mandatory fields
+            last_update = (
+                main_entity.updated_at.strftime("%Y-%m-%d")
+                if main_entity.updated_at
+                else "2999-12-31"
+            )
+            integration_date = (
+                main_entity.created_at.strftime("%Y-%m-%d")
+                if main_entity.created_at
+                else "2999-12-31"
+            )
+            deletion_date = (
+                "2999-12-31"  # Empty for active entities, use far future date
+            )
+
+            csv_writer_02.writerow(
+                [
+                    lei_02,
+                    main_entity.name,
+                    country_02,
+                    main_entity.dora_entity_type or "",
+                    main_entity.dora_entity_hierarchy or "",
+                    "",  # LEI of parent entity - not yet implemented
+                    last_update,
+                    integration_date,
+                    deletion_date,
+                    currency_02,
+                    main_entity.dora_assets_value
+                    if main_entity.dora_assets_value is not None
                     else "",
-                    entity.dora_competent_authority or "",
-                    entity.folder.name if entity.folder else "",
-                    entity.created_at.strftime("%Y-%m-%d %H:%M:%S"),
-                    entity.updated_at.strftime("%Y-%m-%d %H:%M:%S"),
                 ]
             )
 
-        # Create zip file in memory
-        zip_buffer = io.BytesIO()
-        with zipfile.ZipFile(zip_buffer, "w", zipfile.ZIP_DEFLATED) as zip_file:
-            # Add CSV to zip
+            # Add CSV to zip in reports folder
             zip_file.writestr(
-                "entities_register.csv", csv_buffer.getvalue().encode("utf-8")
+                "reports/b_01.02.csv", csv_buffer_02.getvalue().encode("utf-8")
+            )
+
+            # Create b_01.03.csv - Branches register (placeholder)
+            csv_buffer_03 = io.StringIO()
+            csv_writer_03 = csv.writer(csv_buffer_03)
+
+            # Write CSV headers
+            csv_writer_03.writerow(
+                [
+                    "c0010",
+                    "c0020",
+                    "c0030",
+                    "c0040",
+                ]
+            )
+
+            # Placeholder - no branch data yet
+            # Future implementation will include branches
+
+            # Add CSV to zip in reports folder
+            zip_file.writestr(
+                "reports/b_01.03.csv", csv_buffer_03.getvalue().encode("utf-8")
+            )
+
+            # Create b_02.01.csv - Contractual arrangements register
+            csv_buffer_0201 = io.StringIO()
+            csv_writer_0201 = csv.writer(csv_buffer_0201)
+
+            # Write CSV headers
+            csv_writer_0201.writerow(
+                [
+                    "c0010",
+                    "c0020",
+                    "c0030",
+                    "c0040",
+                    "c0050",
+                ]
+            )
+
+            # Get viewable contracts for the current user
+            (viewable_contracts, _, _) = RoleAssignment.get_accessible_object_ids(
+                folder=Folder.get_root_folder(),
+                user=request.user,
+                object_type=Contract,
+            )
+
+            # Write contract data
+            for contract in Contract.objects.filter(
+                id__in=viewable_contracts
+            ).select_related("overarching_contract"):
+                # Contract reference number
+                contract_ref = contract.ref_id or str(contract.id)
+
+                # Type of contractual arrangement
+                arrangement_type = contract.dora_contractual_arrangement or ""
+
+                # Overarching contract reference
+                overarching_ref = ""
+                if contract.overarching_contract:
+                    overarching_ref = contract.overarching_contract.ref_id or str(
+                        contract.overarching_contract.id
+                    )
+
+                # Currency with eba_CU: prefix
+                currency_contract = ""
+                if contract.currency:
+                    currency_contract = f"eba_CU:{contract.currency}"
+
+                # Annual expense
+                annual_expense = (
+                    contract.annual_expense
+                    if contract.annual_expense is not None
+                    else ""
+                )
+
+                csv_writer_0201.writerow(
+                    [
+                        contract_ref,
+                        arrangement_type,
+                        overarching_ref,
+                        currency_contract,
+                        annual_expense,
+                    ]
+                )
+
+            # Add CSV to zip in reports folder
+            zip_file.writestr(
+                "reports/b_02.01.csv", csv_buffer_0201.getvalue().encode("utf-8")
+            )
+
+            # Create b_02.02.csv - Contractual arrangements details
+            csv_buffer_0202 = io.StringIO()
+            csv_writer_0202 = csv.writer(csv_buffer_0202)
+
+            # Write CSV headers
+            csv_writer_0202.writerow(
+                [
+                    "c0010",
+                    "c0020",
+                    "c0030",
+                    "c0040",
+                    "c0050",
+                    "c0060",
+                    "c0070",
+                    "c0080",
+                    "c0090",
+                    "c0100",
+                    "c0110",
+                    "c0120",
+                    "c0130",
+                    "c0140",
+                    "c0150",
+                    "c0160",
+                    "c0170",
+                    "c0180",
+                ]
+            )
+
+            # Get main entity LEI
+            main_entity_lei = ""
+            if main_entity.legal_identifiers:
+                main_entity_lei = main_entity.legal_identifiers.get("LEI", "")
+
+            # Write contract-solution relationship data
+            for contract in Contract.objects.filter(
+                id__in=viewable_contracts
+            ).prefetch_related("solutions__provider_entity"):
+                # For each solution in the contract
+                for solution in contract.solutions.all():
+                    # Contract reference number
+                    contract_ref = contract.ref_id or str(contract.id)
+
+                    # Provider entity LEI
+                    provider_lei = ""
+                    provider_country = ""
+                    if solution.provider_entity:
+                        if solution.provider_entity.legal_identifiers:
+                            provider_lei = (
+                                solution.provider_entity.legal_identifiers.get(
+                                    "LEI", ""
+                                )
+                            )
+                        if solution.provider_entity.country:
+                            provider_country = (
+                                f"eba_GA:{solution.provider_entity.country}"
+                            )
+
+                    # Type of code (determine from legal identifiers)
+                    code_type = "LEI" if provider_lei else ""
+
+                    # Function identifier - using criticality as placeholder
+                    function_id = ""
+
+                    # ICT service type
+                    ict_service_type = solution.dora_ict_service_type or ""
+
+                    # Dates
+                    start_date = (
+                        contract.start_date.strftime("%Y-%m-%d")
+                        if contract.start_date
+                        else "2999-12-31"
+                    )
+                    end_date = (
+                        contract.end_date.strftime("%Y-%m-%d")
+                        if contract.end_date
+                        else "2999-12-31"
+                    )
+
+                    # Termination reason
+                    termination_reason = contract.termination_reason or ""
+
+                    # Notice periods
+                    notice_period_entity = (
+                        contract.notice_period_entity
+                        if contract.notice_period_entity is not None
+                        else ""
+                    )
+                    notice_period_provider = (
+                        contract.notice_period_provider
+                        if contract.notice_period_provider is not None
+                        else ""
+                    )
+
+                    # Governing law country
+                    governing_law = ""
+                    if contract.governing_law_country:
+                        governing_law = f"eba_GA:{contract.governing_law_country}"
+
+                    # Data storage and processing from solution
+                    storage_of_data = (
+                        "eba_BT:x28" if solution.storage_of_data else "eba_BT:x29"
+                    )
+
+                    data_location_storage = ""
+                    if solution.data_location_storage:
+                        data_location_storage = (
+                            f"eba_GA:{solution.data_location_storage}"
+                        )
+
+                    data_location_processing = ""
+                    if solution.data_location_processing:
+                        data_location_processing = (
+                            f"eba_GA:{solution.data_location_processing}"
+                        )
+
+                    data_sensitiveness = solution.dora_data_sensitiveness or ""
+                    reliance_level = solution.dora_reliance_level or ""
+
+                    csv_writer_0202.writerow(
+                        [
+                            contract_ref,
+                            main_entity_lei,
+                            provider_lei,
+                            code_type,
+                            function_id,
+                            ict_service_type,
+                            start_date,
+                            end_date,
+                            termination_reason,
+                            notice_period_entity,
+                            notice_period_provider,
+                            governing_law,
+                            provider_country,
+                            storage_of_data,
+                            data_location_storage,
+                            data_location_processing,
+                            data_sensitiveness,
+                            reliance_level,
+                        ]
+                    )
+
+            # Add CSV to zip in reports folder
+            zip_file.writestr(
+                "reports/b_02.02.csv", csv_buffer_0202.getvalue().encode("utf-8")
             )
 
         # Prepare response
         zip_buffer.seek(0)
-        timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
-        filename = f"DORA_ROI_{timestamp}.zip"
+
+        # Extract LEI for filename
+        lei = ""
+        if main_entity.legal_identifiers:
+            lei = main_entity.legal_identifiers.get("LEI", "")
+
+        # Use LEI in filename, fallback to timestamp if no LEI
+        if lei:
+            filename = f"LEI_{lei}_DORA_ROI.zip"
+        else:
+            timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
+            filename = f"DORA_ROI_{timestamp}.zip"
 
         response = HttpResponse(zip_buffer.getvalue(), content_type="application/zip")
         response["Content-Disposition"] = f'attachment; filename="{filename}"'
@@ -290,8 +573,29 @@ class SolutionViewSet(BaseModelViewSet):
         "criticality",
         "contracts",
         "dora_ict_service_type",
+        "storage_of_data",
+        "data_location_storage",
+        "data_location_processing",
+        "dora_data_sensitiveness",
+        "dora_reliance_level",
     ]
 
+    @action(detail=False, name="Get data location storage choices")
+    def data_location_storage(self, request):
+        return Response(dict(COUNTRY_CHOICES))
+
+    @action(detail=False, name="Get data location processing choices")
+    def data_location_processing(self, request):
+        return Response(dict(COUNTRY_CHOICES))
+
+    @action(detail=False, name="Get data sensitiveness choices")
+    def dora_data_sensitiveness(self, request):
+        return Response(dict(DORA_SENSITIVENESS_CHOICES))
+
+    @action(detail=False, name="Get reliance level choices")
+    def dora_reliance_level(self, request):
+        return Response(dict(DORA_RELIANCE_CHOICES))
+
     def perform_create(self, serializer):
         serializer.save()
         solution = serializer.instance
@@ -321,6 +625,8 @@ class ContractViewSet(BaseModelViewSet):
         "is_intragroup",
         "overarching_contract",
         "governing_law_country",
+        "notice_period_entity",
+        "notice_period_provider",
     ]
 
     @action(detail=False, name="Get status choices")
diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index 317cfd3c84..52a680fc96 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -2636,5 +2636,12 @@
 	"annualExpense": "Annual Expense",
 	"terminationReason": "Termination Reason",
 	"governingLawCountry": "Governing Law Country",
-	"isIntragroup": "Is Intra-group"
+	"isIntragroup": "Is Intra-group",
+	"noticePeriodEntity": "Notice Period for Entity (days)",
+	"noticePeriodProvider": "Notice Period for Provider (days)",
+	"storageOfData": "Is storing data",
+	"dataLocationStorage": "Location of Data at Rest",
+	"dataLocationProcessing": "Location of Data during Processing",
+	"doraDataSensitiveness": "Data Sensitiveness",
+	"doraRelianceLevel": "Level of Reliance"
 }
diff --git a/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte b/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
index 9793c173e2..7f358c9bd9 100644
--- a/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
@@ -2,7 +2,6 @@
 	import AutocompleteSelect from '../AutocompleteSelect.svelte';
 	import TextField from '$lib/components/Forms/TextField.svelte';
 	import NumberField from '$lib/components/Forms/NumberField.svelte';
-	import Select from '../Select.svelte';
 	import Checkbox from '$lib/components/Forms/Checkbox.svelte';
 	import Dropdown from '$lib/components/Dropdown/Dropdown.svelte';
 	import type { SuperValidated } from 'sveltekit-superforms';
@@ -42,14 +41,23 @@
 	cacheLock={cacheLocks['ref_id']}
 	bind:cachedValue={formDataCache['ref_id']}
 />
-<Select
+<AutocompleteSelect
 	{form}
 	field="status"
-	optionsEndpoint="contracts/status"
+	options={model.selectOptions?.status}
 	cacheLock={cacheLocks['status']}
 	bind:cachedValue={formDataCache['status']}
 	label={m.status()}
 />
+<AutocompleteSelect
+	{form}
+	field="dora_contractual_arrangement"
+	options={model.selectOptions?.dora_contractual_arrangement}
+	label={m.doraContractualArrangement()}
+	nullable={false}
+	cacheLock={cacheLocks['dora_contractual_arrangement']}
+	bind:cachedValue={formDataCache['dora_contractual_arrangement']}
+/>
 <TextField
 	type="date"
 	{form}
@@ -66,16 +74,6 @@
 	cacheLock={cacheLocks['end_date']}
 	bind:cachedValue={formDataCache['end_date']}
 />
-<AutocompleteSelect
-	{form}
-	multiple
-	optionsEndpoint="users"
-	optionsLabelField="email"
-	field="owner"
-	cacheLock={cacheLocks['owner']}
-	bind:cachedValue={formDataCache['owner']}
-	label={m.owner()}
-/>
 <AutocompleteSelect
 	{form}
 	multiple
@@ -118,16 +116,19 @@
 <Dropdown open={false} style="hover:text-primary-700" icon="fa-solid fa-ellipsis" header={m.more()}>
 	<AutocompleteSelect
 		{form}
-		field="dora_contractual_arrangement"
-		options={model.selectOptions?.dora_contractual_arrangement}
-		label={m.doraContractualArrangement()}
-		cacheLock={cacheLocks['dora_contractual_arrangement']}
-		bind:cachedValue={formDataCache['dora_contractual_arrangement']}
+		multiple
+		optionsEndpoint="users"
+		optionsLabelField="email"
+		field="owner"
+		cacheLock={cacheLocks['owner']}
+		bind:cachedValue={formDataCache['owner']}
+		label={m.owner()}
 	/>
 	<AutocompleteSelect
 		{form}
 		field="overarching_contract"
 		optionsEndpoint="contracts?dora_contractual_arrangement=eba_CO:x2"
+		optionsExtraFields={[['folder', 'str']]}
 		label={m.overarchingContract()}
 		helpText={m.overarchingContractHelpText()}
 		cacheLock={cacheLocks['overarching_contract']}
@@ -164,6 +165,20 @@
 		cacheLock={cacheLocks['governing_law_country']}
 		bind:cachedValue={formDataCache['governing_law_country']}
 	/>
+	<NumberField
+		{form}
+		field="notice_period_entity"
+		label={m.noticePeriodEntity()}
+		cacheLock={cacheLocks['notice_period_entity']}
+		bind:cachedValue={formDataCache['notice_period_entity']}
+	/>
+	<NumberField
+		{form}
+		field="notice_period_provider"
+		label={m.noticePeriodProvider()}
+		cacheLock={cacheLocks['notice_period_provider']}
+		bind:cachedValue={formDataCache['notice_period_provider']}
+	/>
 	<Checkbox
 		{form}
 		field="is_intragroup"
diff --git a/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte b/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
index da138f0c17..2499d34c8b 100644
--- a/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
@@ -2,6 +2,7 @@
 	import AutocompleteSelect from '../AutocompleteSelect.svelte';
 	import TextField from '$lib/components/Forms/TextField.svelte';
 	import Dropdown from '$lib/components/Dropdown/Dropdown.svelte';
+	import Checkbox from '$lib/components/Forms/Checkbox.svelte';
 	import type { SuperValidated } from 'sveltekit-superforms';
 	import type { ModelInfo, CacheLock } from '$lib/utils/types';
 	import { m } from '$paraglide/messages';
@@ -82,4 +83,43 @@
 		cacheLock={cacheLocks['dora_ict_service_type']}
 		bind:cachedValue={formDataCache['dora_ict_service_type']}
 	/>
+	<Checkbox
+		{form}
+		field="storage_of_data"
+		label={m.storageOfData()}
+		cacheLock={cacheLocks['storage_of_data']}
+		bind:cachedValue={formDataCache['storage_of_data']}
+	/>
+	<AutocompleteSelect
+		{form}
+		field="data_location_storage"
+		options={model.selectOptions?.data_location_storage}
+		label={m.dataLocationStorage()}
+		cacheLock={cacheLocks['data_location_storage']}
+		bind:cachedValue={formDataCache['data_location_storage']}
+	/>
+	<AutocompleteSelect
+		{form}
+		field="data_location_processing"
+		options={model.selectOptions?.data_location_processing}
+		label={m.dataLocationProcessing()}
+		cacheLock={cacheLocks['data_location_processing']}
+		bind:cachedValue={formDataCache['data_location_processing']}
+	/>
+	<AutocompleteSelect
+		{form}
+		field="dora_data_sensitiveness"
+		options={model.selectOptions?.dora_data_sensitiveness}
+		label={m.doraDataSensitiveness()}
+		cacheLock={cacheLocks['dora_data_sensitiveness']}
+		bind:cachedValue={formDataCache['dora_data_sensitiveness']}
+	/>
+	<AutocompleteSelect
+		{form}
+		field="dora_reliance_level"
+		options={model.selectOptions?.dora_reliance_level}
+		label={m.doraRelianceLevel()}
+		cacheLock={cacheLocks['dora_reliance_level']}
+		bind:cachedValue={formDataCache['dora_reliance_level']}
+	/>
 </Dropdown>
diff --git a/frontend/src/lib/utils/crud.ts b/frontend/src/lib/utils/crud.ts
index 045dd15894..24a71b5a28 100644
--- a/frontend/src/lib/utils/crud.ts
+++ b/frontend/src/lib/utils/crud.ts
@@ -824,7 +824,13 @@ export const URL_MODEL_MAP: ModelMap = {
 			{ field: 'recipient_entity', urlModel: 'entities' },
 			{ field: 'assets', urlModel: 'assets' }
 		],
-		selectFields: [{ field: 'dora_ict_service_type' }]
+		selectFields: [
+			{ field: 'dora_ict_service_type' },
+			{ field: 'data_location_storage' },
+			{ field: 'data_location_processing' },
+			{ field: 'dora_data_sensitiveness' },
+			{ field: 'dora_reliance_level' }
+		]
 	},
 	contracts: {
 		name: 'contract',
diff --git a/frontend/src/lib/utils/schemas.ts b/frontend/src/lib/utils/schemas.ts
index e48fd106fd..5628512622 100644
--- a/frontend/src/lib/utils/schemas.ts
+++ b/frontend/src/lib/utils/schemas.ts
@@ -612,7 +612,12 @@ export const solutionSchema = z.object({
 	ref_id: z.string().optional(),
 	criticality: z.number().optional(),
 	assets: z.string().uuid().optional().array().optional(),
-	dora_ict_service_type: z.string().optional()
+	dora_ict_service_type: z.string().optional(),
+	storage_of_data: z.boolean().optional().default(false),
+	data_location_storage: z.string().optional(),
+	data_location_processing: z.string().optional(),
+	dora_data_sensitiveness: z.string().optional(),
+	dora_reliance_level: z.string().optional()
 });
 
 export const representativeSchema = z.object({
@@ -638,13 +643,15 @@ export const contractSchema = z.object({
 	start_date: z.union([z.literal('').transform(() => null), z.string().date()]).nullish(),
 	end_date: z.union([z.literal('').transform(() => null), z.string().date()]).nullish(),
 	ref_id: z.string().optional(),
-	dora_contractual_arrangement: z.string().optional(),
+	dora_contractual_arrangement: z.string().default('eba_CO:x1'),
 	currency: z.string().optional(),
 	annual_expense: z.number().optional().nullable(),
 	termination_reason: z.string().optional(),
 	is_intragroup: z.boolean().optional().default(false),
 	overarching_contract: z.string().optional(),
-	governing_law_country: z.string().optional()
+	governing_law_country: z.string().optional(),
+	notice_period_entity: z.number().optional().nullable(),
+	notice_period_provider: z.number().optional().nullable()
 });
 
 export const vulnerabilitySchema = z.object({

From 6dc8721c1d86564901d0fc16d5f9857fcd3dbeef Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Mon, 10 Nov 2025 20:16:04 +0100
Subject: [PATCH 16/47] limit contract form for now

---
 frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte | 2 --
 1 file changed, 2 deletions(-)

diff --git a/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte b/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
index 7f358c9bd9..d9104c1869 100644
--- a/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
@@ -76,7 +76,6 @@
 />
 <AutocompleteSelect
 	{form}
-	multiple
 	optionsEndpoint="entities"
 	field="entities"
 	cacheLock={cacheLocks['entities']}
@@ -85,7 +84,6 @@
 />
 <AutocompleteSelect
 	{form}
-	multiple
 	optionsEndpoint="solutions"
 	optionsExtraFields={[['provider_entity', 'str']]}
 	field="solutions"

From 31a7cf0f44c5def3c59fc7ac94104b48202ea582 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Mon, 10 Nov 2025 20:35:36 +0100
Subject: [PATCH 17/47] merge migrations

---
 ...ntity_country_entity_currency_and_more.py} | 1210 +++++++++--------
 .../0008_entity_legal_identifiers.py          |   22 -
 backend/tprm/migrations/0009_contract.py      |  139 --
 3 files changed, 670 insertions(+), 701 deletions(-)
 rename backend/tprm/migrations/{0010_contract_annual_expense_contract_currency_and_more.py => 0008_entity_country_entity_currency_and_more.py} (60%)
 delete mode 100644 backend/tprm/migrations/0008_entity_legal_identifiers.py
 delete mode 100644 backend/tprm/migrations/0009_contract.py

diff --git a/backend/tprm/migrations/0010_contract_annual_expense_contract_currency_and_more.py b/backend/tprm/migrations/0008_entity_country_entity_currency_and_more.py
similarity index 60%
rename from backend/tprm/migrations/0010_contract_annual_expense_contract_currency_and_more.py
rename to backend/tprm/migrations/0008_entity_country_entity_currency_and_more.py
index e0abf8bab1..87afaaf9d8 100644
--- a/backend/tprm/migrations/0010_contract_annual_expense_contract_currency_and_more.py
+++ b/backend/tprm/migrations/0008_entity_country_entity_currency_and_more.py
@@ -1,553 +1,21 @@
-# Generated by Django 5.2.7 on 2025-11-10 19:06
+# Generated by Django 5.2.7 on 2025-11-10 19:34
 
 import django.db.models.deletion
+import iam.models
+import uuid
+from django.conf import settings
 from django.db import migrations, models
 
 
 class Migration(migrations.Migration):
     dependencies = [
-        ("tprm", "0009_contract"),
+        ("core", "0112_asset_is_critical"),
+        ("iam", "0016_folder_filtering_labels"),
+        ("tprm", "0007_entity_relationship"),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
     ]
 
     operations = [
-        migrations.AddField(
-            model_name="contract",
-            name="annual_expense",
-            field=models.FloatField(
-                blank=True,
-                help_text="Annual expense amount for this contract",
-                null=True,
-                verbose_name="Annual expense",
-            ),
-        ),
-        migrations.AddField(
-            model_name="contract",
-            name="currency",
-            field=models.CharField(
-                blank=True,
-                choices=[
-                    ("AED", "UAE Dirham"),
-                    ("AFN", "Afghani"),
-                    ("ALL", "Lek"),
-                    ("AMD", "Armenian Dram"),
-                    ("ANG", "Netherlands Antillean Guilder"),
-                    ("AOA", "Kwanza"),
-                    ("ARS", "Argentine Peso"),
-                    ("AUD", "Australian Dollar"),
-                    ("AWG", "Aruban Florin"),
-                    ("AZN", "Azerbaijanian Manat"),
-                    ("BAM", "Convertible Mark"),
-                    ("BBD", "Barbados Dollar"),
-                    ("BDT", "Taka"),
-                    ("BGN", "Bulgarian Lev"),
-                    ("BHD", "Bahraini Dinar"),
-                    ("BIF", "Burundi Franc"),
-                    ("BMD", "Bermudian Dollar"),
-                    ("BND", "Brunei Dollar"),
-                    ("BOB", "Boliviano"),
-                    ("BOV", "Mvdol"),
-                    ("BRL", "Brazilian Real"),
-                    ("BSD", "Bahamian Dollar"),
-                    ("BTN", "Ngultrum"),
-                    ("BWP", "Pula"),
-                    ("BYR", "Belarussian Ruble (2000 Series)"),
-                    ("BYN", "Belarusian Ruble"),
-                    ("BZD", "Belize Dollar"),
-                    ("CAD", "Canadian Dollar"),
-                    ("CDF", "Congolese Franc"),
-                    ("CHE", "WIR Euro"),
-                    ("CHF", "Swiss Franc"),
-                    ("CHW", "WIR Franc"),
-                    ("CLF", "Unidades de fomento"),
-                    ("CLP", "Chilean Peso"),
-                    ("CNY", "Yuan Renminbi"),
-                    ("COP", "Colombian Peso"),
-                    ("COU", "Unidad de Valor Real"),
-                    ("CRC", "Costa Rican Colon"),
-                    ("CUC", "Peso Convertible"),
-                    ("CUP", "Cuban Peso"),
-                    ("CVE", "Cape Verde Escudo"),
-                    ("CZK", "Czech Koruna"),
-                    ("DJF", "Djibouti Franc"),
-                    ("DKK", "Danish Krone"),
-                    ("DOP", "Dominican Peso"),
-                    ("DZD", "Algerian Dinar"),
-                    ("EGP", "Egyptian Pound"),
-                    ("ERN", "Nakfa"),
-                    ("ETB", "Ethiopian Birr"),
-                    ("EUR", "Euro"),
-                    ("FJD", "Fiji Dollar"),
-                    ("FKP", "Falkland Islands Pound"),
-                    ("GBP", "Pound Sterling"),
-                    ("GEL", "Lari"),
-                    ("GHS", "Ghana Cedi"),
-                    ("GIP", "Gibraltar Pound"),
-                    ("GMD", "Dalasi"),
-                    ("GNF", "Guinea Franc"),
-                    ("GTQ", "Quetzal"),
-                    ("GYD", "Guyana Dollar"),
-                    ("HKD", "Hong Kong Dollar"),
-                    ("HNL", "Lempira"),
-                    ("HTG", "Gourde"),
-                    ("HUF", "Forint"),
-                    ("IDR", "Rupiah"),
-                    ("ILS", "New Israeli Sheqel"),
-                    ("INR", "Indian Rupee"),
-                    ("IQD", "Iraqi Dinar"),
-                    ("IRR", "Iranian Rial"),
-                    ("ISK", "Iceland Krona"),
-                    ("JMD", "Jamaican Dollar"),
-                    ("JOD", "Jordanian Dinar"),
-                    ("JPY", "Yen"),
-                    ("KES", "Kenyan Shilling"),
-                    ("KGS", "Som"),
-                    ("KHR", "Riel"),
-                    ("KMF", "Comoro Franc"),
-                    ("KPW", "North Korean Won"),
-                    ("KRW", "Won"),
-                    ("KWD", "Kuwaiti Dinar"),
-                    ("KYD", "Cayman Islands Dollar"),
-                    ("KZT", "Tenge"),
-                    ("LAK", "Kip"),
-                    ("LBP", "Lebanese Pound"),
-                    ("LKR", "Sri Lanka Rupee"),
-                    ("LRD", "Liberian Dollar"),
-                    ("LSL", "Loti"),
-                    ("LTL", "Lithuanian Litas"),
-                    ("LVL", "Latvian Lats"),
-                    ("LYD", "Libyan Dinar"),
-                    ("MAD", "Moroccan Dirham"),
-                    ("MDL", "Moldovan Leu"),
-                    ("MGA", "Malagasy Ariary"),
-                    ("MKD", "Denar"),
-                    ("MMK", "Kyat"),
-                    ("MNT", "Tugrik"),
-                    ("MOP", "Pataca"),
-                    ("MRO", "Ouguiya"),
-                    ("MUR", "Mauritius Rupee"),
-                    ("MVR", "Rufiyaa"),
-                    ("MWK", "Kwacha"),
-                    ("MXN", "Mexican Peso"),
-                    ("MYR", "Malaysian Ringgit"),
-                    ("MZN", "Mozambique Metical"),
-                    ("NAD", "Namibia Dollar"),
-                    ("NGN", "Naira"),
-                    ("NIO", "Cordoba Oro"),
-                    ("NOK", "Norwegian Krone"),
-                    ("NPR", "Nepalese Rupee"),
-                    ("NZD", "New Zealand Dollar"),
-                    ("OMR", "Rial Omani"),
-                    ("PAB", "Balboa"),
-                    ("PEN", "Nuevo Sol"),
-                    ("PGK", "Kina"),
-                    ("PHP", "Philippine Peso"),
-                    ("PKR", "Pakistan Rupee"),
-                    ("PLN", "Zloty"),
-                    ("PYG", "Guarani"),
-                    ("QAR", "Qatari Rial"),
-                    ("RON", "New Romanian Leu"),
-                    ("RSD", "Serbian Dinar"),
-                    ("RUB", "Russian Ruble"),
-                    ("RWF", "Rwanda Franc"),
-                    ("SAR", "Saudi Riyal"),
-                    ("SBD", "Solomon Islands Dollar"),
-                    ("SCR", "Seychelles Rupee"),
-                    ("SDG", "Sudanese Pound"),
-                    ("SEK", "Swedish Krona"),
-                    ("SGD", "Singapore Dollar"),
-                    ("SHP", "Saint Helena Pound"),
-                    ("SLL", "Leone"),
-                    ("SOS", "Somali Shilling"),
-                    ("SRD", "Surinam Dollar"),
-                    ("SSP", "South Sudanese Pound"),
-                    ("STD", "Dobra"),
-                    ("SVC", "El Salvador Colon"),
-                    ("SYP", "Syrian Pound"),
-                    ("SZL", "Lilangeni"),
-                    ("THB", "Baht"),
-                    ("TJS", "Somoni"),
-                    ("TMT", "Turkmenistan New Manat"),
-                    ("TND", "Tunisian Dinar"),
-                    ("TOP", "Pa'anga"),
-                    ("TRY", "Turkish Lira"),
-                    ("TTD", "Trinidad and Tobago Dollar"),
-                    ("TWD", "New Taiwan Dollar"),
-                    ("TZS", "Tanzanian Shilling"),
-                    ("UAH", "Hryvnia"),
-                    ("UGX", "Uganda Shilling"),
-                    ("USD", "US Dollar"),
-                    ("UYI", "Uruguay Peso en Unidades Indexadas (URUIURUI)"),
-                    ("UYU", "Peso Uruguayo"),
-                    ("UZS", "Uzbekistan Sum"),
-                    ("VEF", "Bolivar"),
-                    ("VND", "Dong"),
-                    ("VUV", "Vatu"),
-                    ("WST", "Tala"),
-                    ("XCD", "East Caribbean Dollar"),
-                    ("YER", "Yemeni Rial"),
-                    ("ZAR", "Rand"),
-                    ("ZMK", "Zambian Kwacha (replaced January 1, 2013)"),
-                    ("ZMW", "Zambian Kwacha"),
-                    ("ZWL", "Zimbabwe Dollar"),
-                    ("x46", "Other Currency (open axis tables)"),
-                    ("XPF", "CFP Franc"),
-                    ("CNH", "Off-shore Yuan Renminbi"),
-                ],
-                help_text="Currency for contract expenses",
-                max_length=3,
-                verbose_name="Currency",
-            ),
-        ),
-        migrations.AddField(
-            model_name="contract",
-            name="dora_contractual_arrangement",
-            field=models.CharField(
-                choices=[
-                    ("eba_CO:x1", "Standalone arrangement"),
-                    ("eba_CO:x2", "Overarching arrangement"),
-                    ("eba_CO:x3", "Subsequent or associated arrangement"),
-                ],
-                default="eba_CO:x1",
-                help_text="DORA contractual arrangement type",
-                max_length=20,
-                verbose_name="DORA contractual arrangement",
-            ),
-        ),
-        migrations.AddField(
-            model_name="contract",
-            name="governing_law_country",
-            field=models.CharField(
-                blank=True,
-                choices=[
-                    ("AF", "Afghanistan"),
-                    ("AX", "Åland Islands"),
-                    ("AL", "Albania"),
-                    ("DZ", "Algeria"),
-                    ("AS", "American Samoa"),
-                    ("AD", "Andorra"),
-                    ("AO", "Angola"),
-                    ("AI", "Anguilla"),
-                    ("AQ", "Antarctica"),
-                    ("AG", "Antigua and Barbuda"),
-                    ("AR", "Argentina"),
-                    ("AM", "Armenia"),
-                    ("AW", "Aruba"),
-                    ("AU", "Australia"),
-                    ("AT", "Austria"),
-                    ("AZ", "Azerbaijan"),
-                    ("BS", "Bahamas"),
-                    ("BH", "Bahrain"),
-                    ("BD", "Bangladesh"),
-                    ("BB", "Barbados"),
-                    ("BY", "Belarus"),
-                    ("BE", "Belgium"),
-                    ("BZ", "Belize"),
-                    ("BJ", "Benin"),
-                    ("BM", "Bermuda"),
-                    ("BT", "Bhutan"),
-                    ("BO", "Bolivia, Plurinational State of"),
-                    ("BQ", "Bonaire, Sint Eustatius and Saba"),
-                    ("BA", "Bosnia and Herzegovina"),
-                    ("BW", "Botswana"),
-                    ("BV", "Bouvet Island"),
-                    ("BR", "Brazil"),
-                    ("IO", "British Indian Ocean Territory"),
-                    ("BN", "Brunei Darussalam"),
-                    ("BG", "Bulgaria"),
-                    ("BF", "Burkina Faso"),
-                    ("BI", "Burundi"),
-                    ("KH", "Cambodia"),
-                    ("CM", "Cameroon"),
-                    ("CA", "Canada"),
-                    ("CV", "Cape Verde"),
-                    ("KY", "Cayman Islands"),
-                    ("CF", "Central African Republic"),
-                    ("TD", "Chad"),
-                    ("CL", "Chile"),
-                    ("CN", "China"),
-                    ("CX", "Christmas Island"),
-                    ("CC", "Cocos (Keeling) Islands"),
-                    ("CO", "Colombia"),
-                    ("KM", "Comoros"),
-                    ("CG", "Congo"),
-                    ("CD", "Congo, The Democratic Republic of the"),
-                    ("CK", "Cook Islands"),
-                    ("CR", "Costa Rica"),
-                    ("CI", "Côte d'Ivoire"),
-                    ("HR", "Croatia"),
-                    ("CU", "Cuba"),
-                    ("CW", "Curaçao"),
-                    ("CY", "Cyprus"),
-                    ("CZ", "Czech Republic"),
-                    ("DK", "Denmark"),
-                    ("DJ", "Djibouti"),
-                    ("DM", "Dominica"),
-                    ("DO", "Dominican Republic"),
-                    ("EC", "Ecuador"),
-                    ("EG", "Egypt"),
-                    ("SV", "El Salvador"),
-                    ("GQ", "Equatorial Guinea"),
-                    ("ER", "Eritrea"),
-                    ("EE", "Estonia"),
-                    ("ET", "Ethiopia"),
-                    ("FK", "Falkland Islands (Malvinas)"),
-                    ("FO", "Faroe Islands"),
-                    ("FJ", "Fiji"),
-                    ("FI", "Finland"),
-                    ("FR", "France"),
-                    ("GF", "French Guiana"),
-                    ("PF", "French Polynesia"),
-                    ("TF", "French Southern Territories"),
-                    ("GA", "Gabon"),
-                    ("GM", "Gambia"),
-                    ("GE", "Georgia"),
-                    ("DE", "Germany"),
-                    ("GH", "Ghana"),
-                    ("GI", "Gibraltar"),
-                    ("GR", "Greece"),
-                    ("GL", "Greenland"),
-                    ("GD", "Grenada"),
-                    ("GP", "Guadeloupe"),
-                    ("GU", "Guam"),
-                    ("GT", "Guatemala"),
-                    ("GG", "Guernsey"),
-                    ("GN", "Guinea"),
-                    ("GW", "Guinea-Bissau"),
-                    ("GY", "Guyana"),
-                    ("HT", "Haiti"),
-                    ("HM", "Heard Island and McDonald Islands"),
-                    ("VA", "Holy See (Vatican City State)"),
-                    ("HN", "Honduras"),
-                    ("HK", "Hong Kong"),
-                    ("HU", "Hungary"),
-                    ("IS", "Iceland"),
-                    ("IN", "India"),
-                    ("ID", "Indonesia"),
-                    ("IR", "Iran, Islamic Republic of"),
-                    ("IQ", "Iraq"),
-                    ("IE", "Ireland"),
-                    ("IM", "Isle of Man"),
-                    ("IL", "Israel"),
-                    ("IT", "Italy"),
-                    ("JM", "Jamaica"),
-                    ("JP", "Japan"),
-                    ("JE", "Jersey"),
-                    ("JO", "Jordan"),
-                    ("KZ", "Kazakhstan"),
-                    ("KE", "Kenya"),
-                    ("KI", "Kiribati"),
-                    ("KP", "Korea, Democratic People's Republic of"),
-                    ("KR", "Korea, Republic of"),
-                    ("XK", "Kosovo"),
-                    ("KW", "Kuwait"),
-                    ("KG", "Kyrgyzstan"),
-                    ("LA", "Lao People's Democratic Republic"),
-                    ("LV", "Latvia"),
-                    ("LB", "Lebanon"),
-                    ("LS", "Lesotho"),
-                    ("LR", "Liberia"),
-                    ("LY", "Libya"),
-                    ("LI", "Liechtenstein"),
-                    ("LT", "Lithuania"),
-                    ("LU", "Luxembourg"),
-                    ("MO", "Macao"),
-                    ("MK", "North Macedonia"),
-                    ("MG", "Madagascar"),
-                    ("MW", "Malawi"),
-                    ("MY", "Malaysia"),
-                    ("MV", "Maldives"),
-                    ("ML", "Mali"),
-                    ("MT", "Malta"),
-                    ("MH", "Marshall Islands"),
-                    ("MQ", "Martinique"),
-                    ("MR", "Mauritania"),
-                    ("MU", "Mauritius"),
-                    ("YT", "Mayotte"),
-                    ("MX", "Mexico"),
-                    ("FM", "Micronesia, Federated States of"),
-                    ("MD", "Moldova, Republic of"),
-                    ("MC", "Monaco"),
-                    ("MN", "Mongolia"),
-                    ("ME", "Montenegro"),
-                    ("MS", "Montserrat"),
-                    ("MA", "Morocco"),
-                    ("MZ", "Mozambique"),
-                    ("MM", "Myanmar"),
-                    ("NA", "Namibia"),
-                    ("NR", "Nauru"),
-                    ("NP", "Nepal"),
-                    ("NL", "Netherlands"),
-                    ("NC", "New Caledonia"),
-                    ("NZ", "New Zealand"),
-                    ("NI", "Nicaragua"),
-                    ("NE", "Niger"),
-                    ("NG", "Nigeria"),
-                    ("NU", "Niue"),
-                    ("NF", "Norfolk Island"),
-                    ("MP", "Northern Mariana Islands"),
-                    ("NO", "Norway"),
-                    ("OM", "Oman"),
-                    ("PK", "Pakistan"),
-                    ("PW", "Palau"),
-                    ("PS", "Palestinian Territory, Occupied"),
-                    ("PA", "Panama"),
-                    ("PG", "Papua New Guinea"),
-                    ("PY", "Paraguay"),
-                    ("PE", "Peru"),
-                    ("PH", "Philippines"),
-                    ("PN", "Pitcairn"),
-                    ("PL", "Poland"),
-                    ("PT", "Portugal"),
-                    ("PR", "Puerto Rico"),
-                    ("QA", "Qatar"),
-                    ("RE", "Réunion"),
-                    ("RO", "Romania"),
-                    ("RU", "Russian Federation"),
-                    ("RW", "Rwanda"),
-                    ("BL", "Saint Barthélemy"),
-                    ("SH", "Saint Helena, Ascension and Tristan da Cunha"),
-                    ("KN", "Saint Kitts and Nevis"),
-                    ("LC", "Saint Lucia"),
-                    ("MF", "Saint Martin (French part)"),
-                    ("PM", "Saint Pierre and Miquelon"),
-                    ("VC", "Saint Vincent and the Grenadines"),
-                    ("WS", "Samoa"),
-                    ("SM", "San Marino"),
-                    ("ST", "Sao Tome and Principe"),
-                    ("SA", "Saudi Arabia"),
-                    ("SN", "Senegal"),
-                    ("RS", "Serbia"),
-                    ("SC", "Seychelles"),
-                    ("SL", "Sierra Leone"),
-                    ("SG", "Singapore"),
-                    ("SX", "Sint Maarten (Dutch part)"),
-                    ("SK", "Slovakia"),
-                    ("SI", "Slovenia"),
-                    ("SB", "Solomon Islands"),
-                    ("SO", "Somalia"),
-                    ("ZA", "South Africa"),
-                    ("GS", "South Georgia and the South Sandwich Islands"),
-                    ("SS", "South Sudan"),
-                    ("ES", "Spain"),
-                    ("LK", "Sri Lanka"),
-                    ("SD", "Sudan"),
-                    ("SR", "Suriname"),
-                    ("SJ", "Svalbard and Jan Mayen"),
-                    ("SZ", "Swaziland"),
-                    ("SE", "Sweden"),
-                    ("CH", "Switzerland"),
-                    ("SY", "Syrian Arab Republic"),
-                    ("TW", "Taiwan, Province of China"),
-                    ("TJ", "Tajikistan"),
-                    ("TZ", "Tanzania, United Republic of"),
-                    ("TH", "Thailand"),
-                    ("TL", "Timor-Leste"),
-                    ("TG", "Togo"),
-                    ("TK", "Tokelau"),
-                    ("TO", "Tonga"),
-                    ("TT", "Trinidad and Tobago"),
-                    ("TN", "Tunisia"),
-                    ("TR", "Türkiye"),
-                    ("TM", "Turkmenistan"),
-                    ("TC", "Turks and Caicos Islands"),
-                    ("TV", "Tuvalu"),
-                    ("UG", "Uganda"),
-                    ("UA", "Ukraine"),
-                    ("AE", "United Arab Emirates"),
-                    ("GB", "United Kingdom"),
-                    ("US", "United States"),
-                    ("UM", "United States Minor Outlying Islands"),
-                    ("UY", "Uruguay"),
-                    ("UZ", "Uzbekistan"),
-                    ("VU", "Vanuatu"),
-                    ("VE", "Venezuela, Bolivarian Republic of"),
-                    ("VN", "Viet Nam"),
-                    ("VG", "Virgin Islands, British"),
-                    ("VI", "Virgin Islands, U.S."),
-                    ("WF", "Wallis and Futuna"),
-                    ("EH", "Western Sahara"),
-                    ("YE", "Yemen"),
-                    ("ZM", "Zambia"),
-                    ("ZW", "Zimbabwe"),
-                    ("x28", "Other Countries"),
-                ],
-                help_text="Country whose law governs this contract",
-                max_length=3,
-                verbose_name="Governing law country",
-            ),
-        ),
-        migrations.AddField(
-            model_name="contract",
-            name="is_intragroup",
-            field=models.BooleanField(
-                default=False,
-                help_text="Whether this is an intragroup contract",
-                verbose_name="Is intragroup",
-            ),
-        ),
-        migrations.AddField(
-            model_name="contract",
-            name="notice_period_entity",
-            field=models.IntegerField(
-                blank=True,
-                help_text="Notice period in days for the financial entity",
-                null=True,
-                verbose_name="Notice period for entity (days)",
-            ),
-        ),
-        migrations.AddField(
-            model_name="contract",
-            name="notice_period_provider",
-            field=models.IntegerField(
-                blank=True,
-                help_text="Notice period in days for the ICT third-party service provider",
-                null=True,
-                verbose_name="Notice period for provider (days)",
-            ),
-        ),
-        migrations.AddField(
-            model_name="contract",
-            name="overarching_contract",
-            field=models.ForeignKey(
-                blank=True,
-                help_text="Parent/overarching contract if this is a subordinate arrangement",
-                null=True,
-                on_delete=django.db.models.deletion.SET_NULL,
-                related_name="subordinate_contracts",
-                to="tprm.contract",
-                verbose_name="Overarching contract",
-            ),
-        ),
-        migrations.AddField(
-            model_name="contract",
-            name="termination_reason",
-            field=models.CharField(
-                blank=True,
-                choices=[
-                    ("eba_CO:x4", "Termination not for cause: Expired and not renewed"),
-                    (
-                        "eba_CO:x5",
-                        "Termination for cause: Provider in breach of applicable law, regulations or contractual provisions",
-                    ),
-                    (
-                        "eba_CO:x6",
-                        "Termination for cause: Identified impediments of the provider capable of altering the supported function",
-                    ),
-                    (
-                        "eba_CO:x7",
-                        "Termination for cause: Provider's weaknesses regarding the management and security of sensitive data or information",
-                    ),
-                    (
-                        "eba_CO:x8",
-                        "Termination: As requested by the competent authority",
-                    ),
-                    ("eba_CO:x9", "Other reasons for termination"),
-                ],
-                help_text="Reason for contract termination",
-                max_length=20,
-                verbose_name="Termination reason",
-            ),
-        ),
         migrations.AddField(
             model_name="entity",
             name="country",
@@ -1074,6 +542,16 @@ class Migration(migrations.Migration):
                 verbose_name="DORA entity type",
             ),
         ),
+        migrations.AddField(
+            model_name="entity",
+            name="legal_identifiers",
+            field=models.JSONField(
+                blank=True,
+                default=dict,
+                help_text="Legal identifiers (LEI, EUID, VAT, DUNS, etc.)",
+                verbose_name="Legal identifiers",
+            ),
+        ),
         migrations.AddField(
             model_name="solution",
             name="data_location_processing",
@@ -1674,4 +1152,656 @@ class Migration(migrations.Migration):
                 verbose_name="Storage of data",
             ),
         ),
+        migrations.CreateModel(
+            name="Contract",
+            fields=[
+                (
+                    "id",
+                    models.UUIDField(
+                        default=uuid.uuid4,
+                        editable=False,
+                        primary_key=True,
+                        serialize=False,
+                    ),
+                ),
+                (
+                    "created_at",
+                    models.DateTimeField(auto_now_add=True, verbose_name="Created at"),
+                ),
+                (
+                    "updated_at",
+                    models.DateTimeField(auto_now=True, verbose_name="Updated at"),
+                ),
+                (
+                    "is_published",
+                    models.BooleanField(default=False, verbose_name="published"),
+                ),
+                ("name", models.CharField(max_length=200, verbose_name="Name")),
+                (
+                    "description",
+                    models.TextField(blank=True, null=True, verbose_name="Description"),
+                ),
+                (
+                    "status",
+                    models.CharField(
+                        choices=[
+                            ("draft", "Draft"),
+                            ("active", "Active"),
+                            ("expired", "Expired"),
+                            ("terminated", "Terminated"),
+                        ],
+                        default="draft",
+                        max_length=20,
+                        verbose_name="Status",
+                    ),
+                ),
+                (
+                    "start_date",
+                    models.DateField(blank=True, null=True, verbose_name="Start date"),
+                ),
+                (
+                    "end_date",
+                    models.DateField(blank=True, null=True, verbose_name="End date"),
+                ),
+                (
+                    "ref_id",
+                    models.CharField(
+                        blank=True,
+                        help_text="Contract reference number or identifier",
+                        max_length=255,
+                        verbose_name="Reference ID",
+                    ),
+                ),
+                (
+                    "dora_contractual_arrangement",
+                    models.CharField(
+                        choices=[
+                            ("eba_CO:x1", "Standalone arrangement"),
+                            ("eba_CO:x2", "Overarching arrangement"),
+                            ("eba_CO:x3", "Subsequent or associated arrangement"),
+                        ],
+                        default="eba_CO:x1",
+                        help_text="DORA contractual arrangement type",
+                        max_length=20,
+                        verbose_name="DORA contractual arrangement",
+                    ),
+                ),
+                (
+                    "currency",
+                    models.CharField(
+                        blank=True,
+                        choices=[
+                            ("AED", "UAE Dirham"),
+                            ("AFN", "Afghani"),
+                            ("ALL", "Lek"),
+                            ("AMD", "Armenian Dram"),
+                            ("ANG", "Netherlands Antillean Guilder"),
+                            ("AOA", "Kwanza"),
+                            ("ARS", "Argentine Peso"),
+                            ("AUD", "Australian Dollar"),
+                            ("AWG", "Aruban Florin"),
+                            ("AZN", "Azerbaijanian Manat"),
+                            ("BAM", "Convertible Mark"),
+                            ("BBD", "Barbados Dollar"),
+                            ("BDT", "Taka"),
+                            ("BGN", "Bulgarian Lev"),
+                            ("BHD", "Bahraini Dinar"),
+                            ("BIF", "Burundi Franc"),
+                            ("BMD", "Bermudian Dollar"),
+                            ("BND", "Brunei Dollar"),
+                            ("BOB", "Boliviano"),
+                            ("BOV", "Mvdol"),
+                            ("BRL", "Brazilian Real"),
+                            ("BSD", "Bahamian Dollar"),
+                            ("BTN", "Ngultrum"),
+                            ("BWP", "Pula"),
+                            ("BYR", "Belarussian Ruble (2000 Series)"),
+                            ("BYN", "Belarusian Ruble"),
+                            ("BZD", "Belize Dollar"),
+                            ("CAD", "Canadian Dollar"),
+                            ("CDF", "Congolese Franc"),
+                            ("CHE", "WIR Euro"),
+                            ("CHF", "Swiss Franc"),
+                            ("CHW", "WIR Franc"),
+                            ("CLF", "Unidades de fomento"),
+                            ("CLP", "Chilean Peso"),
+                            ("CNY", "Yuan Renminbi"),
+                            ("COP", "Colombian Peso"),
+                            ("COU", "Unidad de Valor Real"),
+                            ("CRC", "Costa Rican Colon"),
+                            ("CUC", "Peso Convertible"),
+                            ("CUP", "Cuban Peso"),
+                            ("CVE", "Cape Verde Escudo"),
+                            ("CZK", "Czech Koruna"),
+                            ("DJF", "Djibouti Franc"),
+                            ("DKK", "Danish Krone"),
+                            ("DOP", "Dominican Peso"),
+                            ("DZD", "Algerian Dinar"),
+                            ("EGP", "Egyptian Pound"),
+                            ("ERN", "Nakfa"),
+                            ("ETB", "Ethiopian Birr"),
+                            ("EUR", "Euro"),
+                            ("FJD", "Fiji Dollar"),
+                            ("FKP", "Falkland Islands Pound"),
+                            ("GBP", "Pound Sterling"),
+                            ("GEL", "Lari"),
+                            ("GHS", "Ghana Cedi"),
+                            ("GIP", "Gibraltar Pound"),
+                            ("GMD", "Dalasi"),
+                            ("GNF", "Guinea Franc"),
+                            ("GTQ", "Quetzal"),
+                            ("GYD", "Guyana Dollar"),
+                            ("HKD", "Hong Kong Dollar"),
+                            ("HNL", "Lempira"),
+                            ("HTG", "Gourde"),
+                            ("HUF", "Forint"),
+                            ("IDR", "Rupiah"),
+                            ("ILS", "New Israeli Sheqel"),
+                            ("INR", "Indian Rupee"),
+                            ("IQD", "Iraqi Dinar"),
+                            ("IRR", "Iranian Rial"),
+                            ("ISK", "Iceland Krona"),
+                            ("JMD", "Jamaican Dollar"),
+                            ("JOD", "Jordanian Dinar"),
+                            ("JPY", "Yen"),
+                            ("KES", "Kenyan Shilling"),
+                            ("KGS", "Som"),
+                            ("KHR", "Riel"),
+                            ("KMF", "Comoro Franc"),
+                            ("KPW", "North Korean Won"),
+                            ("KRW", "Won"),
+                            ("KWD", "Kuwaiti Dinar"),
+                            ("KYD", "Cayman Islands Dollar"),
+                            ("KZT", "Tenge"),
+                            ("LAK", "Kip"),
+                            ("LBP", "Lebanese Pound"),
+                            ("LKR", "Sri Lanka Rupee"),
+                            ("LRD", "Liberian Dollar"),
+                            ("LSL", "Loti"),
+                            ("LTL", "Lithuanian Litas"),
+                            ("LVL", "Latvian Lats"),
+                            ("LYD", "Libyan Dinar"),
+                            ("MAD", "Moroccan Dirham"),
+                            ("MDL", "Moldovan Leu"),
+                            ("MGA", "Malagasy Ariary"),
+                            ("MKD", "Denar"),
+                            ("MMK", "Kyat"),
+                            ("MNT", "Tugrik"),
+                            ("MOP", "Pataca"),
+                            ("MRO", "Ouguiya"),
+                            ("MUR", "Mauritius Rupee"),
+                            ("MVR", "Rufiyaa"),
+                            ("MWK", "Kwacha"),
+                            ("MXN", "Mexican Peso"),
+                            ("MYR", "Malaysian Ringgit"),
+                            ("MZN", "Mozambique Metical"),
+                            ("NAD", "Namibia Dollar"),
+                            ("NGN", "Naira"),
+                            ("NIO", "Cordoba Oro"),
+                            ("NOK", "Norwegian Krone"),
+                            ("NPR", "Nepalese Rupee"),
+                            ("NZD", "New Zealand Dollar"),
+                            ("OMR", "Rial Omani"),
+                            ("PAB", "Balboa"),
+                            ("PEN", "Nuevo Sol"),
+                            ("PGK", "Kina"),
+                            ("PHP", "Philippine Peso"),
+                            ("PKR", "Pakistan Rupee"),
+                            ("PLN", "Zloty"),
+                            ("PYG", "Guarani"),
+                            ("QAR", "Qatari Rial"),
+                            ("RON", "New Romanian Leu"),
+                            ("RSD", "Serbian Dinar"),
+                            ("RUB", "Russian Ruble"),
+                            ("RWF", "Rwanda Franc"),
+                            ("SAR", "Saudi Riyal"),
+                            ("SBD", "Solomon Islands Dollar"),
+                            ("SCR", "Seychelles Rupee"),
+                            ("SDG", "Sudanese Pound"),
+                            ("SEK", "Swedish Krona"),
+                            ("SGD", "Singapore Dollar"),
+                            ("SHP", "Saint Helena Pound"),
+                            ("SLL", "Leone"),
+                            ("SOS", "Somali Shilling"),
+                            ("SRD", "Surinam Dollar"),
+                            ("SSP", "South Sudanese Pound"),
+                            ("STD", "Dobra"),
+                            ("SVC", "El Salvador Colon"),
+                            ("SYP", "Syrian Pound"),
+                            ("SZL", "Lilangeni"),
+                            ("THB", "Baht"),
+                            ("TJS", "Somoni"),
+                            ("TMT", "Turkmenistan New Manat"),
+                            ("TND", "Tunisian Dinar"),
+                            ("TOP", "Pa'anga"),
+                            ("TRY", "Turkish Lira"),
+                            ("TTD", "Trinidad and Tobago Dollar"),
+                            ("TWD", "New Taiwan Dollar"),
+                            ("TZS", "Tanzanian Shilling"),
+                            ("UAH", "Hryvnia"),
+                            ("UGX", "Uganda Shilling"),
+                            ("USD", "US Dollar"),
+                            ("UYI", "Uruguay Peso en Unidades Indexadas (URUIURUI)"),
+                            ("UYU", "Peso Uruguayo"),
+                            ("UZS", "Uzbekistan Sum"),
+                            ("VEF", "Bolivar"),
+                            ("VND", "Dong"),
+                            ("VUV", "Vatu"),
+                            ("WST", "Tala"),
+                            ("XCD", "East Caribbean Dollar"),
+                            ("YER", "Yemeni Rial"),
+                            ("ZAR", "Rand"),
+                            ("ZMK", "Zambian Kwacha (replaced January 1, 2013)"),
+                            ("ZMW", "Zambian Kwacha"),
+                            ("ZWL", "Zimbabwe Dollar"),
+                            ("x46", "Other Currency (open axis tables)"),
+                            ("XPF", "CFP Franc"),
+                            ("CNH", "Off-shore Yuan Renminbi"),
+                        ],
+                        help_text="Currency for contract expenses",
+                        max_length=3,
+                        verbose_name="Currency",
+                    ),
+                ),
+                (
+                    "annual_expense",
+                    models.FloatField(
+                        blank=True,
+                        help_text="Annual expense amount for this contract",
+                        null=True,
+                        verbose_name="Annual expense",
+                    ),
+                ),
+                (
+                    "termination_reason",
+                    models.CharField(
+                        blank=True,
+                        choices=[
+                            (
+                                "eba_CO:x4",
+                                "Termination not for cause: Expired and not renewed",
+                            ),
+                            (
+                                "eba_CO:x5",
+                                "Termination for cause: Provider in breach of applicable law, regulations or contractual provisions",
+                            ),
+                            (
+                                "eba_CO:x6",
+                                "Termination for cause: Identified impediments of the provider capable of altering the supported function",
+                            ),
+                            (
+                                "eba_CO:x7",
+                                "Termination for cause: Provider's weaknesses regarding the management and security of sensitive data or information",
+                            ),
+                            (
+                                "eba_CO:x8",
+                                "Termination: As requested by the competent authority",
+                            ),
+                            ("eba_CO:x9", "Other reasons for termination"),
+                        ],
+                        help_text="Reason for contract termination",
+                        max_length=20,
+                        verbose_name="Termination reason",
+                    ),
+                ),
+                (
+                    "is_intragroup",
+                    models.BooleanField(
+                        default=False,
+                        help_text="Whether this is an intragroup contract",
+                        verbose_name="Is intragroup",
+                    ),
+                ),
+                (
+                    "governing_law_country",
+                    models.CharField(
+                        blank=True,
+                        choices=[
+                            ("AF", "Afghanistan"),
+                            ("AX", "Åland Islands"),
+                            ("AL", "Albania"),
+                            ("DZ", "Algeria"),
+                            ("AS", "American Samoa"),
+                            ("AD", "Andorra"),
+                            ("AO", "Angola"),
+                            ("AI", "Anguilla"),
+                            ("AQ", "Antarctica"),
+                            ("AG", "Antigua and Barbuda"),
+                            ("AR", "Argentina"),
+                            ("AM", "Armenia"),
+                            ("AW", "Aruba"),
+                            ("AU", "Australia"),
+                            ("AT", "Austria"),
+                            ("AZ", "Azerbaijan"),
+                            ("BS", "Bahamas"),
+                            ("BH", "Bahrain"),
+                            ("BD", "Bangladesh"),
+                            ("BB", "Barbados"),
+                            ("BY", "Belarus"),
+                            ("BE", "Belgium"),
+                            ("BZ", "Belize"),
+                            ("BJ", "Benin"),
+                            ("BM", "Bermuda"),
+                            ("BT", "Bhutan"),
+                            ("BO", "Bolivia, Plurinational State of"),
+                            ("BQ", "Bonaire, Sint Eustatius and Saba"),
+                            ("BA", "Bosnia and Herzegovina"),
+                            ("BW", "Botswana"),
+                            ("BV", "Bouvet Island"),
+                            ("BR", "Brazil"),
+                            ("IO", "British Indian Ocean Territory"),
+                            ("BN", "Brunei Darussalam"),
+                            ("BG", "Bulgaria"),
+                            ("BF", "Burkina Faso"),
+                            ("BI", "Burundi"),
+                            ("KH", "Cambodia"),
+                            ("CM", "Cameroon"),
+                            ("CA", "Canada"),
+                            ("CV", "Cape Verde"),
+                            ("KY", "Cayman Islands"),
+                            ("CF", "Central African Republic"),
+                            ("TD", "Chad"),
+                            ("CL", "Chile"),
+                            ("CN", "China"),
+                            ("CX", "Christmas Island"),
+                            ("CC", "Cocos (Keeling) Islands"),
+                            ("CO", "Colombia"),
+                            ("KM", "Comoros"),
+                            ("CG", "Congo"),
+                            ("CD", "Congo, The Democratic Republic of the"),
+                            ("CK", "Cook Islands"),
+                            ("CR", "Costa Rica"),
+                            ("CI", "Côte d'Ivoire"),
+                            ("HR", "Croatia"),
+                            ("CU", "Cuba"),
+                            ("CW", "Curaçao"),
+                            ("CY", "Cyprus"),
+                            ("CZ", "Czech Republic"),
+                            ("DK", "Denmark"),
+                            ("DJ", "Djibouti"),
+                            ("DM", "Dominica"),
+                            ("DO", "Dominican Republic"),
+                            ("EC", "Ecuador"),
+                            ("EG", "Egypt"),
+                            ("SV", "El Salvador"),
+                            ("GQ", "Equatorial Guinea"),
+                            ("ER", "Eritrea"),
+                            ("EE", "Estonia"),
+                            ("ET", "Ethiopia"),
+                            ("FK", "Falkland Islands (Malvinas)"),
+                            ("FO", "Faroe Islands"),
+                            ("FJ", "Fiji"),
+                            ("FI", "Finland"),
+                            ("FR", "France"),
+                            ("GF", "French Guiana"),
+                            ("PF", "French Polynesia"),
+                            ("TF", "French Southern Territories"),
+                            ("GA", "Gabon"),
+                            ("GM", "Gambia"),
+                            ("GE", "Georgia"),
+                            ("DE", "Germany"),
+                            ("GH", "Ghana"),
+                            ("GI", "Gibraltar"),
+                            ("GR", "Greece"),
+                            ("GL", "Greenland"),
+                            ("GD", "Grenada"),
+                            ("GP", "Guadeloupe"),
+                            ("GU", "Guam"),
+                            ("GT", "Guatemala"),
+                            ("GG", "Guernsey"),
+                            ("GN", "Guinea"),
+                            ("GW", "Guinea-Bissau"),
+                            ("GY", "Guyana"),
+                            ("HT", "Haiti"),
+                            ("HM", "Heard Island and McDonald Islands"),
+                            ("VA", "Holy See (Vatican City State)"),
+                            ("HN", "Honduras"),
+                            ("HK", "Hong Kong"),
+                            ("HU", "Hungary"),
+                            ("IS", "Iceland"),
+                            ("IN", "India"),
+                            ("ID", "Indonesia"),
+                            ("IR", "Iran, Islamic Republic of"),
+                            ("IQ", "Iraq"),
+                            ("IE", "Ireland"),
+                            ("IM", "Isle of Man"),
+                            ("IL", "Israel"),
+                            ("IT", "Italy"),
+                            ("JM", "Jamaica"),
+                            ("JP", "Japan"),
+                            ("JE", "Jersey"),
+                            ("JO", "Jordan"),
+                            ("KZ", "Kazakhstan"),
+                            ("KE", "Kenya"),
+                            ("KI", "Kiribati"),
+                            ("KP", "Korea, Democratic People's Republic of"),
+                            ("KR", "Korea, Republic of"),
+                            ("XK", "Kosovo"),
+                            ("KW", "Kuwait"),
+                            ("KG", "Kyrgyzstan"),
+                            ("LA", "Lao People's Democratic Republic"),
+                            ("LV", "Latvia"),
+                            ("LB", "Lebanon"),
+                            ("LS", "Lesotho"),
+                            ("LR", "Liberia"),
+                            ("LY", "Libya"),
+                            ("LI", "Liechtenstein"),
+                            ("LT", "Lithuania"),
+                            ("LU", "Luxembourg"),
+                            ("MO", "Macao"),
+                            ("MK", "North Macedonia"),
+                            ("MG", "Madagascar"),
+                            ("MW", "Malawi"),
+                            ("MY", "Malaysia"),
+                            ("MV", "Maldives"),
+                            ("ML", "Mali"),
+                            ("MT", "Malta"),
+                            ("MH", "Marshall Islands"),
+                            ("MQ", "Martinique"),
+                            ("MR", "Mauritania"),
+                            ("MU", "Mauritius"),
+                            ("YT", "Mayotte"),
+                            ("MX", "Mexico"),
+                            ("FM", "Micronesia, Federated States of"),
+                            ("MD", "Moldova, Republic of"),
+                            ("MC", "Monaco"),
+                            ("MN", "Mongolia"),
+                            ("ME", "Montenegro"),
+                            ("MS", "Montserrat"),
+                            ("MA", "Morocco"),
+                            ("MZ", "Mozambique"),
+                            ("MM", "Myanmar"),
+                            ("NA", "Namibia"),
+                            ("NR", "Nauru"),
+                            ("NP", "Nepal"),
+                            ("NL", "Netherlands"),
+                            ("NC", "New Caledonia"),
+                            ("NZ", "New Zealand"),
+                            ("NI", "Nicaragua"),
+                            ("NE", "Niger"),
+                            ("NG", "Nigeria"),
+                            ("NU", "Niue"),
+                            ("NF", "Norfolk Island"),
+                            ("MP", "Northern Mariana Islands"),
+                            ("NO", "Norway"),
+                            ("OM", "Oman"),
+                            ("PK", "Pakistan"),
+                            ("PW", "Palau"),
+                            ("PS", "Palestinian Territory, Occupied"),
+                            ("PA", "Panama"),
+                            ("PG", "Papua New Guinea"),
+                            ("PY", "Paraguay"),
+                            ("PE", "Peru"),
+                            ("PH", "Philippines"),
+                            ("PN", "Pitcairn"),
+                            ("PL", "Poland"),
+                            ("PT", "Portugal"),
+                            ("PR", "Puerto Rico"),
+                            ("QA", "Qatar"),
+                            ("RE", "Réunion"),
+                            ("RO", "Romania"),
+                            ("RU", "Russian Federation"),
+                            ("RW", "Rwanda"),
+                            ("BL", "Saint Barthélemy"),
+                            ("SH", "Saint Helena, Ascension and Tristan da Cunha"),
+                            ("KN", "Saint Kitts and Nevis"),
+                            ("LC", "Saint Lucia"),
+                            ("MF", "Saint Martin (French part)"),
+                            ("PM", "Saint Pierre and Miquelon"),
+                            ("VC", "Saint Vincent and the Grenadines"),
+                            ("WS", "Samoa"),
+                            ("SM", "San Marino"),
+                            ("ST", "Sao Tome and Principe"),
+                            ("SA", "Saudi Arabia"),
+                            ("SN", "Senegal"),
+                            ("RS", "Serbia"),
+                            ("SC", "Seychelles"),
+                            ("SL", "Sierra Leone"),
+                            ("SG", "Singapore"),
+                            ("SX", "Sint Maarten (Dutch part)"),
+                            ("SK", "Slovakia"),
+                            ("SI", "Slovenia"),
+                            ("SB", "Solomon Islands"),
+                            ("SO", "Somalia"),
+                            ("ZA", "South Africa"),
+                            ("GS", "South Georgia and the South Sandwich Islands"),
+                            ("SS", "South Sudan"),
+                            ("ES", "Spain"),
+                            ("LK", "Sri Lanka"),
+                            ("SD", "Sudan"),
+                            ("SR", "Suriname"),
+                            ("SJ", "Svalbard and Jan Mayen"),
+                            ("SZ", "Swaziland"),
+                            ("SE", "Sweden"),
+                            ("CH", "Switzerland"),
+                            ("SY", "Syrian Arab Republic"),
+                            ("TW", "Taiwan, Province of China"),
+                            ("TJ", "Tajikistan"),
+                            ("TZ", "Tanzania, United Republic of"),
+                            ("TH", "Thailand"),
+                            ("TL", "Timor-Leste"),
+                            ("TG", "Togo"),
+                            ("TK", "Tokelau"),
+                            ("TO", "Tonga"),
+                            ("TT", "Trinidad and Tobago"),
+                            ("TN", "Tunisia"),
+                            ("TR", "Türkiye"),
+                            ("TM", "Turkmenistan"),
+                            ("TC", "Turks and Caicos Islands"),
+                            ("TV", "Tuvalu"),
+                            ("UG", "Uganda"),
+                            ("UA", "Ukraine"),
+                            ("AE", "United Arab Emirates"),
+                            ("GB", "United Kingdom"),
+                            ("US", "United States"),
+                            ("UM", "United States Minor Outlying Islands"),
+                            ("UY", "Uruguay"),
+                            ("UZ", "Uzbekistan"),
+                            ("VU", "Vanuatu"),
+                            ("VE", "Venezuela, Bolivarian Republic of"),
+                            ("VN", "Viet Nam"),
+                            ("VG", "Virgin Islands, British"),
+                            ("VI", "Virgin Islands, U.S."),
+                            ("WF", "Wallis and Futuna"),
+                            ("EH", "Western Sahara"),
+                            ("YE", "Yemen"),
+                            ("ZM", "Zambia"),
+                            ("ZW", "Zimbabwe"),
+                            ("x28", "Other Countries"),
+                        ],
+                        help_text="Country whose law governs this contract",
+                        max_length=3,
+                        verbose_name="Governing law country",
+                    ),
+                ),
+                (
+                    "notice_period_entity",
+                    models.IntegerField(
+                        blank=True,
+                        help_text="Notice period in days for the financial entity",
+                        null=True,
+                        verbose_name="Notice period for entity (days)",
+                    ),
+                ),
+                (
+                    "notice_period_provider",
+                    models.IntegerField(
+                        blank=True,
+                        help_text="Notice period in days for the ICT third-party service provider",
+                        null=True,
+                        verbose_name="Notice period for provider (days)",
+                    ),
+                ),
+                (
+                    "entities",
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text="Entities involved in this contract",
+                        related_name="contracts",
+                        to="tprm.entity",
+                        verbose_name="Entities",
+                    ),
+                ),
+                (
+                    "evidences",
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text="Supporting evidence for this contract",
+                        related_name="contracts",
+                        to="core.evidence",
+                        verbose_name="Evidences",
+                    ),
+                ),
+                (
+                    "filtering_labels",
+                    models.ManyToManyField(
+                        blank=True, to="core.filteringlabel", verbose_name="Labels"
+                    ),
+                ),
+                (
+                    "folder",
+                    models.ForeignKey(
+                        default=iam.models.Folder.get_root_folder_id,
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="%(class)s_folder",
+                        to="iam.folder",
+                    ),
+                ),
+                (
+                    "overarching_contract",
+                    models.ForeignKey(
+                        blank=True,
+                        help_text="Parent/overarching contract if this is a subordinate arrangement",
+                        null=True,
+                        on_delete=django.db.models.deletion.SET_NULL,
+                        related_name="subordinate_contracts",
+                        to="tprm.contract",
+                        verbose_name="Overarching contract",
+                    ),
+                ),
+                (
+                    "owner",
+                    models.ManyToManyField(
+                        blank=True,
+                        related_name="contracts",
+                        to=settings.AUTH_USER_MODEL,
+                        verbose_name="Owner",
+                    ),
+                ),
+                (
+                    "solutions",
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text="Solutions covered by this contract",
+                        related_name="contracts",
+                        to="tprm.solution",
+                        verbose_name="Solutions",
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "Contract",
+                "verbose_name_plural": "Contracts",
+            },
+        ),
     ]
diff --git a/backend/tprm/migrations/0008_entity_legal_identifiers.py b/backend/tprm/migrations/0008_entity_legal_identifiers.py
deleted file mode 100644
index 71cce95add..0000000000
--- a/backend/tprm/migrations/0008_entity_legal_identifiers.py
+++ /dev/null
@@ -1,22 +0,0 @@
-# Generated by Django 5.2.7 on 2025-11-07 18:56
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("tprm", "0007_entity_relationship"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="entity",
-            name="legal_identifiers",
-            field=models.JSONField(
-                blank=True,
-                default=dict,
-                help_text="Legal identifiers (LEI, EUID, VAT, DUNS, etc.)",
-                verbose_name="Legal identifiers",
-            ),
-        ),
-    ]
diff --git a/backend/tprm/migrations/0009_contract.py b/backend/tprm/migrations/0009_contract.py
deleted file mode 100644
index f6b821eb1d..0000000000
--- a/backend/tprm/migrations/0009_contract.py
+++ /dev/null
@@ -1,139 +0,0 @@
-# Generated by Django 5.2.7 on 2025-11-07 20:57
-
-import django.db.models.deletion
-import iam.models
-import uuid
-from django.conf import settings
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("core", "0112_asset_is_critical"),
-        ("iam", "0016_folder_filtering_labels"),
-        ("tprm", "0008_entity_legal_identifiers"),
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
-    ]
-
-    operations = [
-        migrations.CreateModel(
-            name="Contract",
-            fields=[
-                (
-                    "id",
-                    models.UUIDField(
-                        default=uuid.uuid4,
-                        editable=False,
-                        primary_key=True,
-                        serialize=False,
-                    ),
-                ),
-                (
-                    "created_at",
-                    models.DateTimeField(auto_now_add=True, verbose_name="Created at"),
-                ),
-                (
-                    "updated_at",
-                    models.DateTimeField(auto_now=True, verbose_name="Updated at"),
-                ),
-                (
-                    "is_published",
-                    models.BooleanField(default=False, verbose_name="published"),
-                ),
-                ("name", models.CharField(max_length=200, verbose_name="Name")),
-                (
-                    "description",
-                    models.TextField(blank=True, null=True, verbose_name="Description"),
-                ),
-                (
-                    "status",
-                    models.CharField(
-                        choices=[
-                            ("draft", "Draft"),
-                            ("active", "Active"),
-                            ("expired", "Expired"),
-                            ("terminated", "Terminated"),
-                        ],
-                        default="draft",
-                        max_length=20,
-                        verbose_name="Status",
-                    ),
-                ),
-                (
-                    "start_date",
-                    models.DateField(blank=True, null=True, verbose_name="Start date"),
-                ),
-                (
-                    "end_date",
-                    models.DateField(blank=True, null=True, verbose_name="End date"),
-                ),
-                (
-                    "ref_id",
-                    models.CharField(
-                        blank=True,
-                        help_text="Contract reference number or identifier",
-                        max_length=255,
-                        verbose_name="Reference ID",
-                    ),
-                ),
-                (
-                    "entities",
-                    models.ManyToManyField(
-                        blank=True,
-                        help_text="Entities involved in this contract",
-                        related_name="contracts",
-                        to="tprm.entity",
-                        verbose_name="Entities",
-                    ),
-                ),
-                (
-                    "evidences",
-                    models.ManyToManyField(
-                        blank=True,
-                        help_text="Supporting evidence for this contract",
-                        related_name="contracts",
-                        to="core.evidence",
-                        verbose_name="Evidences",
-                    ),
-                ),
-                (
-                    "filtering_labels",
-                    models.ManyToManyField(
-                        blank=True, to="core.filteringlabel", verbose_name="Labels"
-                    ),
-                ),
-                (
-                    "folder",
-                    models.ForeignKey(
-                        default=iam.models.Folder.get_root_folder_id,
-                        on_delete=django.db.models.deletion.CASCADE,
-                        related_name="%(class)s_folder",
-                        to="iam.folder",
-                    ),
-                ),
-                (
-                    "owner",
-                    models.ManyToManyField(
-                        blank=True,
-                        related_name="contracts",
-                        to=settings.AUTH_USER_MODEL,
-                        verbose_name="Owner",
-                    ),
-                ),
-                (
-                    "solutions",
-                    models.ManyToManyField(
-                        blank=True,
-                        help_text="Solutions covered by this contract",
-                        related_name="contracts",
-                        to="tprm.solution",
-                        verbose_name="Solutions",
-                    ),
-                ),
-            ],
-            options={
-                "verbose_name": "Contract",
-                "verbose_name_plural": "Contracts",
-            },
-        ),
-    ]

From 006104ed7452bd0f7236dcff00989dfc2b25d77c Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Mon, 10 Nov 2025 21:06:11 +0100
Subject: [PATCH 18/47] more constants

---
 backend/core/dora.py | 320 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 320 insertions(+)

diff --git a/backend/core/dora.py b/backend/core/dora.py
index 4da2223913..b645a471d8 100644
--- a/backend/core/dora.py
+++ b/backend/core/dora.py
@@ -106,3 +106,323 @@
     ("eba_ZZ:x792", "Medium"),
     ("eba_ZZ:x793", "High"),
 ]
+
+DORA_FUNCTION_CRITICALITY_CHOICES = [
+    ("eba_BT:x28", "Yes"),
+    ("eba_BT:x29", "No"),
+    ("eba_BT:x21", "Assessment not performed"),
+]
+
+DORA_DISCONTINUING_IMPACT_CHOICES = [
+    ("eba_ZZ:x791", "Low"),
+    ("eba_ZZ:x792", "Medium"),
+    ("eba_ZZ:x793", "High"),
+    ("eba_ZZ:x799", "Assessment not performed"),
+]
+
+DORA_ENTITY_NATURE_CHOICES = [
+    ("eba_ZZ:x838", "branch of a financial entity"),
+    ("eba_ZZ:x839", "not a branch"),
+]
+
+DORA_PROVIDER_PERSON_TYPE_CHOICES = [
+    ("eba_CT:x212", "Legal person, excluding individual acting in a business capacity"),
+    ("eba_CT:x213", "Individual acting in a business capacity"),
+]
+
+DORA_SUBSTITUTABILITY_CHOICES = [
+    ("eba_ZZ:x959", "Not substitutable"),
+    ("eba_ZZ:x962", "Easily substitutable"),
+    ("eba_ZZ:x961", "Medium complexity in terms of substitutability"),
+    ("eba_ZZ:x960", "Highly complex substitutability"),
+]
+
+DORA_NON_SUBSTITUTABILITY_REASON_CHOICES = [
+    ("eba_ZZ:x963", "Lack of real alternatives"),
+    ("eba_ZZ:x964", "Difficulties in migrating or reintegrating"),
+    (
+        "eba_ZZ:x965",
+        "Lack of real alternatives and difficulties in migrating or reintegrating",
+    ),
+]
+
+DORA_REINTEGRATION_POSSIBILITY_CHOICES = [
+    ("eba_ZZ:x798", "Easy"),
+    ("eba_ZZ:x966", "Difficult"),
+    ("eba_ZZ:x967", "Highly complex"),
+]
+
+DORA_LICENSED_ACTIVITY_CHOICES = [
+    (
+        "eba_TA:x185",
+        "Non-Life Insurance: Classes 1 and 2: 'Accident and Health Insurance'",
+    ),
+    (
+        "eba_TA:x186",
+        "Non-Life Insurance: Classes 1 (fourth indent), 3, 7 and 10: 'Motor Insurance'",
+    ),
+    (
+        "eba_TA:x187",
+        "Non-Life Insurance: Classes 1 (fourth indent), 4, 6, 7 and 12: 'Marine and Transport Insurance'",
+    ),
+    (
+        "eba_TA:x188",
+        "Non-Life Insurance: Classes 1 (fourth indent), 5, 7 and 11: 'Aviation Insurance'",
+    ),
+    (
+        "eba_TA:x189",
+        "Non-Life Insurance: Classes 8 and 9: 'Insurance against Fire and other Damage to Property'",
+    ),
+    (
+        "eba_TA:x190",
+        "Non-Life Insurance: Classes 10, 11, 12 and 13: 'Liability Insurance'",
+    ),
+    (
+        "eba_TA:x191",
+        "Non-Life Insurance: Classes 14 and 15: 'Credit and Suretyship Insurance'",
+    ),
+    (
+        "eba_TA:x192",
+        "Non-Life Insurance: All classes, at the choice of the Member States, which shall notify the other Member States and the Commission of their choice",
+    ),
+    (
+        "eba_TA:x193",
+        "Life Insurance: The life insurance referred to in points (a)(i), (ii) and (iii) of Article 2(3) excluding those referred to in II and III",
+    ),
+    ("eba_TA:x194", "Life Insurance: Marriage assurance, birth assurance"),
+    (
+        "eba_TA:x195",
+        "Life Insurance: The insurance referred to in points (a)(i) and (ii) of Article 2(3), which are linked to investment funds",
+    ),
+    (
+        "eba_TA:x196",
+        "Life Insurance: Permanent health insurance, referred to in point (a)(iv) of Article 2(3)",
+    ),
+    (
+        "eba_TA:x197",
+        "Life Insurance: Tontines, referred to in point (b)(i) of Article 2(3)",
+    ),
+    (
+        "eba_TA:x198",
+        "Life Insurance: Capital redemption operations, referred to in point (b)(ii) of Article 2(3)",
+    ),
+    (
+        "eba_TA:x199",
+        "Life Insurance: Management of group pension funds, referred to in point (b)(iii) and (iv) of Article 2(3)",
+    ),
+    (
+        "eba_TA:x200",
+        "Life Insurance: The operations referred to in point (b)(v) of Article 2(3)",
+    ),
+    ("eba_TA:x201", "Life Insurance: The operations referred to in Article 2(3)(c)"),
+    ("eba_TA:x163", "Lending activities"),
+    ("eba_TA:x164", "Financial leasing"),
+    ("eba_TA:x165", "Issuing and administering other means of payment"),
+    ("eba_TA:x166", "Guarantees and commitments"),
+    (
+        "eba_TA:x167",
+        "Guarantees and commitments related to securities lending and borrowing, within the meaning of point 6 of Annex I to Directive 2013/36/EU",
+    ),
+    ("eba_TA:x168", "Trading for own account or for account of customers"),
+    (
+        "eba_TA:x169",
+        "Participation in securities issues and the provision of services relating to such issues",
+    ),
+    ("eba_TA:x28", "Payment services"),
+    ("eba_TA:x170", "Advisory services"),
+    ("eba_TA:x171", "Money broking"),
+    ("eba_TA:x172", "Portfolio management and advice"),
+    ("eba_TA:x173", "Dealing on own account"),
+    ("eba_TA:x174", "Safekeeping and administration of securities"),
+    (
+        "eba_TA:x175",
+        "Safekeeping and administration of financial instruments for the account of clients",
+    ),
+    (
+        "eba_TA:x176",
+        "safe-keeping and administration in relation to shares or units of collective investment undertakings",
+    ),
+    (
+        "eba_TA:x177",
+        "non-core services (safekeeping and administration in relation to units of collective investment undertakings)",
+    ),
+    ("eba_TA:x178", "Safe custody services"),
+    ("eba_TA:x179", "Credit reference services"),
+    ("eba_TA:x180", "Issuing electronic money"),
+    (
+        "eba_TA:x181",
+        "reception and transmission of orders for crypto-assets on behalf of clients",
+    ),
+    ("eba_TA:x182", "Portfolio management on crypto-assets"),
+    ("eba_TA:x183", "management of portfolios of investments (AIFMD)"),
+    ("eba_TA:x184", "management of portfolios of investments (UCITSD)"),
+    ("eba_TA:x202", "insurance distribution"),
+    ("eba_TA:x203", "reinsurance distribution"),
+    ("eba_TA:x204", "Investment services related to the underlying of the derivatives"),
+    (
+        "eba_TA:x205",
+        "Retirement-benefit related operations and activities arising therefrom",
+    ),
+    ("eba_TA:x206", "issuance of credit ratings"),
+    ("eba_TA:x207", "administering the arrangements for determining a benchmark"),
+    (
+        "eba_TA:x208",
+        "collecting, analysing or processing input data for the purpose of determining a benchmark",
+    ),
+    (
+        "eba_TA:x209",
+        "determining a benchmark through the application of a formula or other method of calculation or by an assessment of input data provided for that purpose",
+    ),
+    ("eba_TA:x210", "publication of benchmark"),
+    ("eba_TA:x211", "Provision of crowdfunding services"),
+    ("eba_TA:x212", "ancillary non-securitisation services"),
+    ("eba_TA:x213", "ancillary securitisation services"),
+    (
+        "eba_TA:x214",
+        "collection and maintenance of the records of derivatives (non-SFTs)",
+    ),
+    ("eba_TA:x215", "collection and maintenance of the records of SFTs"),
+    ("eba_TA:x216", "collection and maintenance of the records of securitisations"),
+    ("eba_TA:x217", "activity as approved publication arrangement"),
+    ("eba_TA:x218", "activity as consolidated tape provider"),
+    ("eba_TA:x219", "activity as approved reporting mechanism"),
+    (
+        "eba_TA:x220",
+        "Services enabling cash to be placed on a payment account as well as all the operations required for operating a payment account",
+    ),
+    (
+        "eba_TA:x221",
+        "Services enabling cash withdrawals from a payment account as well as all the operations required for operating a payment account",
+    ),
+    (
+        "eba_TA:x222",
+        "Execution of payment transactions, including transfers of funds on a payment account with the user's payment service provider or with another payment service provider",
+    ),
+    (
+        "eba_TA:x223",
+        "Execution of payment transactions where the funds are covered by a credit line for a payment service user",
+    ),
+    (
+        "eba_TA:x224",
+        "Issuing of payment instruments and/or acquiring of payment transactions",
+    ),
+    ("eba_TA:x225", "Money remittance"),
+    ("eba_TA:x226", "Payment initiation services"),
+    ("eba_TA:x227", "Account information services"),
+    (
+        "eba_TA:x228",
+        "Providing custody and administration of crypto-assets on behalf of clients",
+    ),
+    ("eba_TA:x229", "operation of a trading platform for crypto-assets"),
+    ("eba_TA:x230", "Operation of a Regulated Market"),
+    ("eba_TA:x231", "exchange of crypto-assets for funds"),
+    ("eba_TA:x232", "exchange of crypto-assets for other crypto-assets"),
+    ("eba_TA:x233", "execution of orders for crypto-assets on behalf of clients"),
+    ("eba_TA:x234", "placing of crypto-assets"),
+    ("eba_TA:x235", "providing advice on crypto-assets"),
+    (
+        "eba_TA:x236",
+        "providing transfer services for crypto-assets on behalf of clients",
+    ),
+    ("eba_TA:x237", "issuance of asset-referenced tokens"),
+    ("eba_TA:x238", "notary service"),
+    ("eba_TA:x239", "central maintenance service"),
+    ("eba_TA:x240", "settlement service"),
+    (
+        "eba_TA:x241",
+        "Organising a securities lending mechanism, as agent among participants of a securities settlement system",
+    ),
+    ("eba_TA:x242", "collateral management services"),
+    ("eba_TA:x243", "general collateral management services"),
+    (
+        "eba_TA:x244",
+        "Establishing CSD links, providing, maintaining or operating securities accounts in relation to the settlement service, collateral management, other ancillary services",
+    ),
+    (
+        "eba_TA:x245",
+        "Settlement matching, instruction routing, trade confirmation, trade verification",
+    ),
+    ("eba_TA:x246", "Services related to shareholders' registers"),
+    (
+        "eba_TA:x247",
+        "Supporting the processing of corporate actions, including tax, general meetings and information services",
+    ),
+    (
+        "eba_TA:x248",
+        "New issue services, including allocation and management of ISIN codes and similar codes",
+    ),
+    (
+        "eba_TA:x249",
+        "Instruction routing and processing, fee collection and processing and related reporting",
+    ),
+    ("eba_TA:x250", "Providing regulatory reporting"),
+    (
+        "eba_TA:x251",
+        "Providing information, data and statistics to market/census bureaus or other governmental or inter-governmental entities",
+    ),
+    ("eba_TA:x252", "Providing IT services"),
+    (
+        "eba_TA:x253",
+        "Providing cash accounts to, and accepting deposits from, participants in a securities settlement system and holders of securities accounts, within the meaning of point 1 of Annex I to Directive 2013/36/EU",
+    ),
+    (
+        "eba_TA:x254",
+        "Providing cash credit for reimbursement no later than the following business day, cash lending to pre-finance corporate actions and lending securities to holders of securities accounts, within the meaning of point 2 of Annex I to Directive 2013/36/EU",
+    ),
+    (
+        "eba_TA:x255",
+        "Payment services involving processing of cash and foreign exchange transactions, within the meaning of point 4 of Annex I to Directive 2013/36/EU",
+    ),
+    (
+        "eba_TA:x256",
+        "Treasury activities involving foreign exchange and transferable securities related to managing participants' long balances",
+    ),
+    (
+        "eba_TA:x257",
+        "Any other NCA-permitted non-banking-type ancillary services not specified in Annex of Regulation (EU) No 909/2014 (CSDR) - Section B",
+    ),
+    (
+        "eba_TA:x258",
+        "Any other NCA-permitted Banking-type ancillary services not specified in Annex of Regulation (EU) No 909/2014 (CSDR) - Section C",
+    ),
+    ("eba_TA:x259", "interposition between counterparties"),
+    ("eba_TA:x260", "risk management"),
+    ("eba_TA:x261", "legal and fund management accounting services"),
+    ("eba_TA:x262", "customer inquiries"),
+    ("eba_TA:x263", "valuation and pricing, including tax returns"),
+    ("eba_TA:x264", "regulatory compliance monitoring"),
+    ("eba_TA:x265", "maintenance of unit-/shareholder register"),
+    ("eba_TA:x266", "unit/shares issues and redemptions"),
+    ("eba_TA:x267", "maintenance of unit-holder register"),
+    ("eba_TA:x268", "unit issues and redemptions"),
+    ("eba_TA:x269", "contract settlements (including certificate dispatch)"),
+    ("eba_TA:x270", "distribution of income"),
+    ("eba_TA:x271", "record keeping"),
+    ("eba_TA:x272", "Marketing"),
+    ("eba_TA:x273", "services necessary to meet the fiduciary duties of the AIFM"),
+    (
+        "eba_TA:x274",
+        "investment advice concerning one or more of the instruments listed in Annex I, Section C to Directive 2004/39/EC",
+    ),
+    ("eba_TA:x275", "Ancillary services"),
+    ("eba_TA:x104", "Foreign exchange services"),
+    ("eba_TA:x133", "Reception and transmission of orders"),
+    ("eba_TA:x134", "Execution of orders on behalf of clients"),
+    ("eba_TA:x136", "Portfolio management"),
+    ("eba_TA:x137", "Investment advice"),
+    (
+        "eba_TA:x138",
+        "Underwriting of financial instruments and/or placing of financial instruments on a firm commitment basis",
+    ),
+    ("eba_TA:x139", "Placing of financial instruments without a firm commitment basis"),
+    ("eba_TA:x140", "Operation of an MTF"),
+    ("eba_TA:x141", "Operation of an OTF"),
+    ("eba_TA:x143", "Granting credits or loans to investors"),
+    (
+        "eba_TA:x144",
+        "Advice to undertakings on capital structure, industrial strategy and related matters and advice and services relating to mergers and the purchase of undertakings",
+    ),
+    ("eba_TA:x146", "Investment research and financial analysis"),
+    ("eba_TA:x147", "Services related to underwriting"),
+    ("eba_TA:x162", "Taking deposits and other repayable funds"),
+]

From eeb408e5797327d978948c67f17298b6dc914de1 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Tue, 11 Nov 2025 17:39:39 +0100
Subject: [PATCH 19/47] covering all exports

---
 .../0113_asset_is_business_function.py        |   19 +
 .../0114_remove_asset_is_critical_and_more.py |  377 ++++++
 backend/core/models.py                        |   29 +-
 backend/core/views.py                         |   21 +-
 ...ties_remove_contract_solutions_and_more.py |   47 +
 .../migrations/0010_entity_parent_entity.py   |   26 +
 .../0011_entity_dora_provider_person_type.py  |   29 +
 ...ion_dora_alternative_providers_and_more.py |  108 ++
 backend/tprm/models.py                        |   91 +-
 backend/tprm/serializers.py                   |    6 +-
 backend/tprm/views.py                         | 1177 ++++++++++++++++-
 frontend/messages/en.json                     |   19 +-
 frontend/messages/fr.json                     |   24 +-
 .../Forms/ModelForm/AssetForm.svelte          |   56 +-
 .../Forms/ModelForm/ContractForm.svelte       |   16 +-
 .../Forms/ModelForm/EntityForm.svelte         |   17 +
 .../Forms/ModelForm/SolutionForm.svelte       |   66 +-
 frontend/src/lib/utils/crud.ts                |   37 +-
 frontend/src/lib/utils/schemas.ts             |   25 +-
 frontend/src/lib/utils/table.ts               |   45 +-
 20 files changed, 2130 insertions(+), 105 deletions(-)
 create mode 100644 backend/core/migrations/0113_asset_is_business_function.py
 create mode 100644 backend/core/migrations/0114_remove_asset_is_critical_and_more.py
 create mode 100644 backend/tprm/migrations/0009_remove_contract_entities_remove_contract_solutions_and_more.py
 create mode 100644 backend/tprm/migrations/0010_entity_parent_entity.py
 create mode 100644 backend/tprm/migrations/0011_entity_dora_provider_person_type.py
 create mode 100644 backend/tprm/migrations/0012_solution_dora_alternative_providers_and_more.py

diff --git a/backend/core/migrations/0113_asset_is_business_function.py b/backend/core/migrations/0113_asset_is_business_function.py
new file mode 100644
index 0000000000..3523fc2e31
--- /dev/null
+++ b/backend/core/migrations/0113_asset_is_business_function.py
@@ -0,0 +1,19 @@
+# Generated by Django 5.2.7 on 2025-11-11 08:44
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("core", "0112_asset_is_critical"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="asset",
+            name="is_business_function",
+            field=models.BooleanField(
+                default=False, verbose_name="is_business_function"
+            ),
+        ),
+    ]
diff --git a/backend/core/migrations/0114_remove_asset_is_critical_and_more.py b/backend/core/migrations/0114_remove_asset_is_critical_and_more.py
new file mode 100644
index 0000000000..9b367c1423
--- /dev/null
+++ b/backend/core/migrations/0114_remove_asset_is_critical_and_more.py
@@ -0,0 +1,377 @@
+# Generated by Django 5.2.7 on 2025-11-11 09:10
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("core", "0113_asset_is_business_function"),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name="asset",
+            name="is_critical",
+        ),
+        migrations.AddField(
+            model_name="asset",
+            name="dora_criticality_assessment",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("eba_BT:x28", "Yes"),
+                    ("eba_BT:x29", "No"),
+                    ("eba_BT:x21", "Assessment not performed"),
+                ],
+                max_length=50,
+                null=True,
+                verbose_name="DORA Criticality Assessment",
+            ),
+        ),
+        migrations.AddField(
+            model_name="asset",
+            name="dora_criticality_justification",
+            field=models.TextField(
+                blank=True, null=True, verbose_name="DORA Criticality Justification"
+            ),
+        ),
+        migrations.AddField(
+            model_name="asset",
+            name="dora_discontinuing_impact",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("eba_ZZ:x791", "Low"),
+                    ("eba_ZZ:x792", "Medium"),
+                    ("eba_ZZ:x793", "High"),
+                    ("eba_ZZ:x799", "Assessment not performed"),
+                ],
+                max_length=50,
+                null=True,
+                verbose_name="DORA Discontinuing Impact",
+            ),
+        ),
+        migrations.AddField(
+            model_name="asset",
+            name="dora_licenced_activity",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    (
+                        "eba_TA:x185",
+                        "Non-Life Insurance: Classes 1 and 2: 'Accident and Health Insurance'",
+                    ),
+                    (
+                        "eba_TA:x186",
+                        "Non-Life Insurance: Classes 1 (fourth indent), 3, 7 and 10: 'Motor Insurance'",
+                    ),
+                    (
+                        "eba_TA:x187",
+                        "Non-Life Insurance: Classes 1 (fourth indent), 4, 6, 7 and 12: 'Marine and Transport Insurance'",
+                    ),
+                    (
+                        "eba_TA:x188",
+                        "Non-Life Insurance: Classes 1 (fourth indent), 5, 7 and 11: 'Aviation Insurance'",
+                    ),
+                    (
+                        "eba_TA:x189",
+                        "Non-Life Insurance: Classes 8 and 9: 'Insurance against Fire and other Damage to Property'",
+                    ),
+                    (
+                        "eba_TA:x190",
+                        "Non-Life Insurance: Classes 10, 11, 12 and 13: 'Liability Insurance'",
+                    ),
+                    (
+                        "eba_TA:x191",
+                        "Non-Life Insurance: Classes 14 and 15: 'Credit and Suretyship Insurance'",
+                    ),
+                    (
+                        "eba_TA:x192",
+                        "Non-Life Insurance: All classes, at the choice of the Member States, which shall notify the other Member States and the Commission of their choice",
+                    ),
+                    (
+                        "eba_TA:x193",
+                        "Life Insurance: The life insurance referred to in points (a)(i), (ii) and (iii) of Article 2(3) excluding those referred to in II and III",
+                    ),
+                    (
+                        "eba_TA:x194",
+                        "Life Insurance: Marriage assurance, birth assurance",
+                    ),
+                    (
+                        "eba_TA:x195",
+                        "Life Insurance: The insurance referred to in points (a)(i) and (ii) of Article 2(3), which are linked to investment funds",
+                    ),
+                    (
+                        "eba_TA:x196",
+                        "Life Insurance: Permanent health insurance, referred to in point (a)(iv) of Article 2(3)",
+                    ),
+                    (
+                        "eba_TA:x197",
+                        "Life Insurance: Tontines, referred to in point (b)(i) of Article 2(3)",
+                    ),
+                    (
+                        "eba_TA:x198",
+                        "Life Insurance: Capital redemption operations, referred to in point (b)(ii) of Article 2(3)",
+                    ),
+                    (
+                        "eba_TA:x199",
+                        "Life Insurance: Management of group pension funds, referred to in point (b)(iii) and (iv) of Article 2(3)",
+                    ),
+                    (
+                        "eba_TA:x200",
+                        "Life Insurance: The operations referred to in point (b)(v) of Article 2(3)",
+                    ),
+                    (
+                        "eba_TA:x201",
+                        "Life Insurance: The operations referred to in Article 2(3)(c)",
+                    ),
+                    ("eba_TA:x163", "Lending activities"),
+                    ("eba_TA:x164", "Financial leasing"),
+                    ("eba_TA:x165", "Issuing and administering other means of payment"),
+                    ("eba_TA:x166", "Guarantees and commitments"),
+                    (
+                        "eba_TA:x167",
+                        "Guarantees and commitments related to securities lending and borrowing, within the meaning of point 6 of Annex I to Directive 2013/36/EU",
+                    ),
+                    (
+                        "eba_TA:x168",
+                        "Trading for own account or for account of customers",
+                    ),
+                    (
+                        "eba_TA:x169",
+                        "Participation in securities issues and the provision of services relating to such issues",
+                    ),
+                    ("eba_TA:x28", "Payment services"),
+                    ("eba_TA:x170", "Advisory services"),
+                    ("eba_TA:x171", "Money broking"),
+                    ("eba_TA:x172", "Portfolio management and advice"),
+                    ("eba_TA:x173", "Dealing on own account"),
+                    ("eba_TA:x174", "Safekeeping and administration of securities"),
+                    (
+                        "eba_TA:x175",
+                        "Safekeeping and administration of financial instruments for the account of clients",
+                    ),
+                    (
+                        "eba_TA:x176",
+                        "safe-keeping and administration in relation to shares or units of collective investment undertakings",
+                    ),
+                    (
+                        "eba_TA:x177",
+                        "non-core services (safekeeping and administration in relation to units of collective investment undertakings)",
+                    ),
+                    ("eba_TA:x178", "Safe custody services"),
+                    ("eba_TA:x179", "Credit reference services"),
+                    ("eba_TA:x180", "Issuing electronic money"),
+                    (
+                        "eba_TA:x181",
+                        "reception and transmission of orders for crypto-assets on behalf of clients",
+                    ),
+                    ("eba_TA:x182", "Portfolio management on crypto-assets"),
+                    ("eba_TA:x183", "management of portfolios of investments (AIFMD)"),
+                    ("eba_TA:x184", "management of portfolios of investments (UCITSD)"),
+                    ("eba_TA:x202", "insurance distribution"),
+                    ("eba_TA:x203", "reinsurance distribution"),
+                    (
+                        "eba_TA:x204",
+                        "Investment services related to the underlying of the derivatives",
+                    ),
+                    (
+                        "eba_TA:x205",
+                        "Retirement-benefit related operations and activities arising therefrom",
+                    ),
+                    ("eba_TA:x206", "issuance of credit ratings"),
+                    (
+                        "eba_TA:x207",
+                        "administering the arrangements for determining a benchmark",
+                    ),
+                    (
+                        "eba_TA:x208",
+                        "collecting, analysing or processing input data for the purpose of determining a benchmark",
+                    ),
+                    (
+                        "eba_TA:x209",
+                        "determining a benchmark through the application of a formula or other method of calculation or by an assessment of input data provided for that purpose",
+                    ),
+                    ("eba_TA:x210", "publication of benchmark"),
+                    ("eba_TA:x211", "Provision of crowdfunding services"),
+                    ("eba_TA:x212", "ancillary non-securitisation services"),
+                    ("eba_TA:x213", "ancillary securitisation services"),
+                    (
+                        "eba_TA:x214",
+                        "collection and maintenance of the records of derivatives (non-SFTs)",
+                    ),
+                    (
+                        "eba_TA:x215",
+                        "collection and maintenance of the records of SFTs",
+                    ),
+                    (
+                        "eba_TA:x216",
+                        "collection and maintenance of the records of securitisations",
+                    ),
+                    ("eba_TA:x217", "activity as approved publication arrangement"),
+                    ("eba_TA:x218", "activity as consolidated tape provider"),
+                    ("eba_TA:x219", "activity as approved reporting mechanism"),
+                    (
+                        "eba_TA:x220",
+                        "Services enabling cash to be placed on a payment account as well as all the operations required for operating a payment account",
+                    ),
+                    (
+                        "eba_TA:x221",
+                        "Services enabling cash withdrawals from a payment account as well as all the operations required for operating a payment account",
+                    ),
+                    (
+                        "eba_TA:x222",
+                        "Execution of payment transactions, including transfers of funds on a payment account with the user's payment service provider or with another payment service provider",
+                    ),
+                    (
+                        "eba_TA:x223",
+                        "Execution of payment transactions where the funds are covered by a credit line for a payment service user",
+                    ),
+                    (
+                        "eba_TA:x224",
+                        "Issuing of payment instruments and/or acquiring of payment transactions",
+                    ),
+                    ("eba_TA:x225", "Money remittance"),
+                    ("eba_TA:x226", "Payment initiation services"),
+                    ("eba_TA:x227", "Account information services"),
+                    (
+                        "eba_TA:x228",
+                        "Providing custody and administration of crypto-assets on behalf of clients",
+                    ),
+                    (
+                        "eba_TA:x229",
+                        "operation of a trading platform for crypto-assets",
+                    ),
+                    ("eba_TA:x230", "Operation of a Regulated Market"),
+                    ("eba_TA:x231", "exchange of crypto-assets for funds"),
+                    (
+                        "eba_TA:x232",
+                        "exchange of crypto-assets for other crypto-assets",
+                    ),
+                    (
+                        "eba_TA:x233",
+                        "execution of orders for crypto-assets on behalf of clients",
+                    ),
+                    ("eba_TA:x234", "placing of crypto-assets"),
+                    ("eba_TA:x235", "providing advice on crypto-assets"),
+                    (
+                        "eba_TA:x236",
+                        "providing transfer services for crypto-assets on behalf of clients",
+                    ),
+                    ("eba_TA:x237", "issuance of asset-referenced tokens"),
+                    ("eba_TA:x238", "notary service"),
+                    ("eba_TA:x239", "central maintenance service"),
+                    ("eba_TA:x240", "settlement service"),
+                    (
+                        "eba_TA:x241",
+                        "Organising a securities lending mechanism, as agent among participants of a securities settlement system",
+                    ),
+                    ("eba_TA:x242", "collateral management services"),
+                    ("eba_TA:x243", "general collateral management services"),
+                    (
+                        "eba_TA:x244",
+                        "Establishing CSD links, providing, maintaining or operating securities accounts in relation to the settlement service, collateral management, other ancillary services",
+                    ),
+                    (
+                        "eba_TA:x245",
+                        "Settlement matching, instruction routing, trade confirmation, trade verification",
+                    ),
+                    ("eba_TA:x246", "Services related to shareholders' registers"),
+                    (
+                        "eba_TA:x247",
+                        "Supporting the processing of corporate actions, including tax, general meetings and information services",
+                    ),
+                    (
+                        "eba_TA:x248",
+                        "New issue services, including allocation and management of ISIN codes and similar codes",
+                    ),
+                    (
+                        "eba_TA:x249",
+                        "Instruction routing and processing, fee collection and processing and related reporting",
+                    ),
+                    ("eba_TA:x250", "Providing regulatory reporting"),
+                    (
+                        "eba_TA:x251",
+                        "Providing information, data and statistics to market/census bureaus or other governmental or inter-governmental entities",
+                    ),
+                    ("eba_TA:x252", "Providing IT services"),
+                    (
+                        "eba_TA:x253",
+                        "Providing cash accounts to, and accepting deposits from, participants in a securities settlement system and holders of securities accounts, within the meaning of point 1 of Annex I to Directive 2013/36/EU",
+                    ),
+                    (
+                        "eba_TA:x254",
+                        "Providing cash credit for reimbursement no later than the following business day, cash lending to pre-finance corporate actions and lending securities to holders of securities accounts, within the meaning of point 2 of Annex I to Directive 2013/36/EU",
+                    ),
+                    (
+                        "eba_TA:x255",
+                        "Payment services involving processing of cash and foreign exchange transactions, within the meaning of point 4 of Annex I to Directive 2013/36/EU",
+                    ),
+                    (
+                        "eba_TA:x256",
+                        "Treasury activities involving foreign exchange and transferable securities related to managing participants' long balances",
+                    ),
+                    (
+                        "eba_TA:x257",
+                        "Any other NCA-permitted non-banking-type ancillary services not specified in Annex of Regulation (EU) No 909/2014 (CSDR) - Section B",
+                    ),
+                    (
+                        "eba_TA:x258",
+                        "Any other NCA-permitted Banking-type ancillary services not specified in Annex of Regulation (EU) No 909/2014 (CSDR) - Section C",
+                    ),
+                    ("eba_TA:x259", "interposition between counterparties"),
+                    ("eba_TA:x260", "risk management"),
+                    ("eba_TA:x261", "legal and fund management accounting services"),
+                    ("eba_TA:x262", "customer inquiries"),
+                    ("eba_TA:x263", "valuation and pricing, including tax returns"),
+                    ("eba_TA:x264", "regulatory compliance monitoring"),
+                    ("eba_TA:x265", "maintenance of unit-/shareholder register"),
+                    ("eba_TA:x266", "unit/shares issues and redemptions"),
+                    ("eba_TA:x267", "maintenance of unit-holder register"),
+                    ("eba_TA:x268", "unit issues and redemptions"),
+                    (
+                        "eba_TA:x269",
+                        "contract settlements (including certificate dispatch)",
+                    ),
+                    ("eba_TA:x270", "distribution of income"),
+                    ("eba_TA:x271", "record keeping"),
+                    ("eba_TA:x272", "Marketing"),
+                    (
+                        "eba_TA:x273",
+                        "services necessary to meet the fiduciary duties of the AIFM",
+                    ),
+                    (
+                        "eba_TA:x274",
+                        "investment advice concerning one or more of the instruments listed in Annex I, Section C to Directive 2004/39/EC",
+                    ),
+                    ("eba_TA:x275", "Ancillary services"),
+                    ("eba_TA:x104", "Foreign exchange services"),
+                    ("eba_TA:x133", "Reception and transmission of orders"),
+                    ("eba_TA:x134", "Execution of orders on behalf of clients"),
+                    ("eba_TA:x136", "Portfolio management"),
+                    ("eba_TA:x137", "Investment advice"),
+                    (
+                        "eba_TA:x138",
+                        "Underwriting of financial instruments and/or placing of financial instruments on a firm commitment basis",
+                    ),
+                    (
+                        "eba_TA:x139",
+                        "Placing of financial instruments without a firm commitment basis",
+                    ),
+                    ("eba_TA:x140", "Operation of an MTF"),
+                    ("eba_TA:x141", "Operation of an OTF"),
+                    ("eba_TA:x143", "Granting credits or loans to investors"),
+                    (
+                        "eba_TA:x144",
+                        "Advice to undertakings on capital structure, industrial strategy and related matters and advice and services relating to mergers and the purchase of undertakings",
+                    ),
+                    ("eba_TA:x146", "Investment research and financial analysis"),
+                    ("eba_TA:x147", "Services related to underwriting"),
+                    ("eba_TA:x162", "Taking deposits and other repayable funds"),
+                ],
+                max_length=50,
+                null=True,
+                verbose_name="DORA Licensed Activity",
+            ),
+        ),
+    ]
diff --git a/backend/core/models.py b/backend/core/models.py
index def25bdc27..e4d35e0e67 100644
--- a/backend/core/models.py
+++ b/backend/core/models.py
@@ -52,6 +52,7 @@
     validate_file_size,
     JSONSchemaInstanceValidator,
 )
+from . import dora
 from collections import defaultdict, deque
 
 logger = get_logger(__name__)
@@ -2149,7 +2150,33 @@ class Type(models.TextChoices):
     is_published = models.BooleanField(_("published"), default=True)
     observation = models.TextField(null=True, blank=True, verbose_name=_("Observation"))
 
-    is_critical = models.BooleanField("is_critical", default=False)
+    is_business_function = models.BooleanField("is_business_function", default=False)
+    dora_licenced_activity = models.CharField(
+        max_length=50,
+        choices=dora.DORA_LICENSED_ACTIVITY_CHOICES,
+        blank=True,
+        null=True,
+        verbose_name=_("DORA Licensed Activity"),
+    )
+    dora_criticality_assessment = models.CharField(
+        max_length=50,
+        choices=dora.DORA_FUNCTION_CRITICALITY_CHOICES,
+        blank=True,
+        null=True,
+        verbose_name=_("DORA Criticality Assessment"),
+    )
+    dora_criticality_justification = models.TextField(
+        blank=True,
+        null=True,
+        verbose_name=_("DORA Criticality Justification"),
+    )
+    dora_discontinuing_impact = models.CharField(
+        max_length=50,
+        choices=dora.DORA_DISCONTINUING_IMPACT_CHOICES,
+        blank=True,
+        null=True,
+        verbose_name=_("DORA Discontinuing Impact"),
+    )
 
     fields_to_check = ["name"]
 
diff --git a/backend/core/views.py b/backend/core/views.py
index 719d05fca2..0b0049d288 100644
--- a/backend/core/views.py
+++ b/backend/core/views.py
@@ -136,6 +136,7 @@
 from .serializers import *
 
 from .models import Severity
+from . import dora
 
 from serdes.utils import (
     get_domain_export_objects,
@@ -675,7 +676,10 @@ class Meta:
             "filtering_labels",
             "asset_class",
             "personal_data",
-            "is_critical",
+            "is_business_function",
+            "dora_licenced_activity",
+            "dora_criticality_assessment",
+            "dora_discontinuing_impact",
         ]
 
 
@@ -852,6 +856,21 @@ def asset_class(self, request):
             ]
         )
 
+    @method_decorator(cache_page(60 * LONG_CACHE_TTL))
+    @action(detail=False, name="Get DORA licensed activity choices")
+    def dora_licenced_activity(self, request):
+        return Response(dict(dora.DORA_LICENSED_ACTIVITY_CHOICES))
+
+    @method_decorator(cache_page(60 * LONG_CACHE_TTL))
+    @action(detail=False, name="Get DORA criticality assessment choices")
+    def dora_criticality_assessment(self, request):
+        return Response(dict(dora.DORA_FUNCTION_CRITICALITY_CHOICES))
+
+    @method_decorator(cache_page(60 * LONG_CACHE_TTL))
+    @action(detail=False, name="Get DORA discontinuing impact choices")
+    def dora_discontinuing_impact(self, request):
+        return Response(dict(dora.DORA_DISCONTINUING_IMPACT_CHOICES))
+
     @action(detail=False, name="Get assets graph")
     def graph(self, request):
         nodes = []
diff --git a/backend/tprm/migrations/0009_remove_contract_entities_remove_contract_solutions_and_more.py b/backend/tprm/migrations/0009_remove_contract_entities_remove_contract_solutions_and_more.py
new file mode 100644
index 0000000000..81ac7cdb64
--- /dev/null
+++ b/backend/tprm/migrations/0009_remove_contract_entities_remove_contract_solutions_and_more.py
@@ -0,0 +1,47 @@
+# Generated by Django 5.2.7 on 2025-11-11 11:20
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("tprm", "0008_entity_country_entity_currency_and_more"),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name="contract",
+            name="entities",
+        ),
+        migrations.RemoveField(
+            model_name="contract",
+            name="solutions",
+        ),
+        migrations.AddField(
+            model_name="contract",
+            name="provider_entity",
+            field=models.ForeignKey(
+                blank=True,
+                help_text="Entity providing this contract",
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="contracts",
+                to="tprm.entity",
+                verbose_name="Provider entity",
+            ),
+        ),
+        migrations.AddField(
+            model_name="contract",
+            name="solution",
+            field=models.ForeignKey(
+                blank=True,
+                help_text="Solution covered by this contract",
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="contracts",
+                to="tprm.solution",
+                verbose_name="Solution",
+            ),
+        ),
+    ]
diff --git a/backend/tprm/migrations/0010_entity_parent_entity.py b/backend/tprm/migrations/0010_entity_parent_entity.py
new file mode 100644
index 0000000000..f8d88b80a9
--- /dev/null
+++ b/backend/tprm/migrations/0010_entity_parent_entity.py
@@ -0,0 +1,26 @@
+# Generated by Django 5.2.7 on 2025-11-11 12:44
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("tprm", "0009_remove_contract_entities_remove_contract_solutions_and_more"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="entity",
+            name="parent_entity",
+            field=models.ForeignKey(
+                blank=True,
+                help_text="Parent entity for branch/subsidiary relationships",
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="branches",
+                to="tprm.entity",
+                verbose_name="Parent entity",
+            ),
+        ),
+    ]
diff --git a/backend/tprm/migrations/0011_entity_dora_provider_person_type.py b/backend/tprm/migrations/0011_entity_dora_provider_person_type.py
new file mode 100644
index 0000000000..b41e700a92
--- /dev/null
+++ b/backend/tprm/migrations/0011_entity_dora_provider_person_type.py
@@ -0,0 +1,29 @@
+# Generated by Django 5.2.7 on 2025-11-11 13:30
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("tprm", "0010_entity_parent_entity"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="entity",
+            name="dora_provider_person_type",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    (
+                        "eba_CT:x212",
+                        "Legal person, excluding individual acting in a business capacity",
+                    ),
+                    ("eba_CT:x213", "Individual acting in a business capacity"),
+                ],
+                help_text="Type of person for ICT third-party service providers",
+                max_length=20,
+                verbose_name="DORA provider person type",
+            ),
+        ),
+    ]
diff --git a/backend/tprm/migrations/0012_solution_dora_alternative_providers_and_more.py b/backend/tprm/migrations/0012_solution_dora_alternative_providers_and_more.py
new file mode 100644
index 0000000000..990c4541ac
--- /dev/null
+++ b/backend/tprm/migrations/0012_solution_dora_alternative_providers_and_more.py
@@ -0,0 +1,108 @@
+# Generated by Django 5.2.7 on 2025-11-11 16:04
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("tprm", "0011_entity_dora_provider_person_type"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="solution",
+            name="dora_alternative_providers",
+            field=models.TextField(
+                blank=True,
+                help_text="Identification of alternative ICT third-party service providers",
+                verbose_name="Alternative providers",
+            ),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="dora_alternative_providers_identified",
+            field=models.CharField(
+                blank=True,
+                choices=[("eba_BT:x28", "Yes"), ("eba_BT:x29", "No")],
+                help_text="Are there alternative ICT third-party service providers identified?",
+                max_length=20,
+                verbose_name="Alternative providers identified",
+            ),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="dora_discontinuing_impact",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("eba_ZZ:x791", "Low"),
+                    ("eba_ZZ:x792", "Medium"),
+                    ("eba_ZZ:x793", "High"),
+                    ("eba_ZZ:x799", "Assessment not performed"),
+                ],
+                help_text="Impact of discontinuing the ICT services",
+                max_length=20,
+                verbose_name="Discontinuing impact",
+            ),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="dora_has_exit_plan",
+            field=models.CharField(
+                blank=True,
+                choices=[("eba_BT:x28", "Yes"), ("eba_BT:x29", "No")],
+                help_text="Existence of an exit plan",
+                max_length=20,
+                verbose_name="Exit plan",
+            ),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="dora_non_substitutability_reason",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("eba_ZZ:x963", "Lack of real alternatives"),
+                    ("eba_ZZ:x964", "Difficulties in migrating or reintegrating"),
+                    (
+                        "eba_ZZ:x965",
+                        "Lack of real alternatives and difficulties in migrating or reintegrating",
+                    ),
+                ],
+                help_text="Reason if the ICT third-party service provider is considered not substitutable or difficult to be substitutable",
+                max_length=20,
+                verbose_name="Non-substitutability reason",
+            ),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="dora_reintegration_possibility",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("eba_ZZ:x798", "Easy"),
+                    ("eba_ZZ:x966", "Difficult"),
+                    ("eba_ZZ:x967", "Highly complex"),
+                ],
+                help_text="Possibility of reintegration of the contracted ICT service",
+                max_length=20,
+                verbose_name="Reintegration possibility",
+            ),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="dora_substitutability",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("eba_ZZ:x959", "Not substitutable"),
+                    ("eba_ZZ:x962", "Easily substitutable"),
+                    ("eba_ZZ:x961", "Medium complexity in terms of substitutability"),
+                    ("eba_ZZ:x960", "Highly complex substitutability"),
+                ],
+                help_text="Substitutability of the ICT third-party service provider",
+                max_length=20,
+                verbose_name="Substitutability",
+            ),
+        ),
+    ]
diff --git a/backend/tprm/models.py b/backend/tprm/models.py
index fd5a8ff030..0637074ec8 100644
--- a/backend/tprm/models.py
+++ b/backend/tprm/models.py
@@ -18,6 +18,12 @@
     DORA_ICT_SERVICE_CHOICES,
     DORA_SENSITIVENESS_CHOICES,
     DORA_RELIANCE_CHOICES,
+    DORA_PROVIDER_PERSON_TYPE_CHOICES,
+    DORA_SUBSTITUTABILITY_CHOICES,
+    DORA_NON_SUBSTITUTABILITY_REASON_CHOICES,
+    DORA_BINARY_CHOICES,
+    DORA_REINTEGRATION_POSSIBILITY_CHOICES,
+    DORA_DISCONTINUING_IMPACT_CHOICES,
 )
 from iam.models import Folder, FolderMixin, PublishInRootFolderMixin
 from iam.views import User
@@ -39,6 +45,15 @@ class Entity(NameDescriptionMixin, FolderMixin, PublishInRootFolderMixin):
         verbose_name=_("Owned folders"),
     )
     builtin = models.BooleanField(default=False)
+    parent_entity = models.ForeignKey(
+        "self",
+        on_delete=models.SET_NULL,
+        null=True,
+        blank=True,
+        related_name="branches",
+        verbose_name=_("Parent entity"),
+        help_text=_("Parent entity for branch/subsidiary relationships"),
+    )
     relationship = models.ManyToManyField(
         Terminology,
         blank=True,
@@ -96,6 +111,13 @@ class Entity(NameDescriptionMixin, FolderMixin, PublishInRootFolderMixin):
         verbose_name=_("DORA competent authority"),
         help_text=_("Competent authority overseeing this entity for DORA compliance"),
     )
+    dora_provider_person_type = models.CharField(
+        max_length=20,
+        choices=DORA_PROVIDER_PERSON_TYPE_CHOICES,
+        blank=True,
+        verbose_name=_("DORA provider person type"),
+        help_text=_("Type of person for ICT third-party service providers"),
+    )
 
     fields_to_check = ["name"]
 
@@ -252,6 +274,57 @@ class Solution(NameDescriptionMixin):
         verbose_name=_("Level of reliance"),
         help_text=_("Level of reliance on the ICT service"),
     )
+    dora_substitutability = models.CharField(
+        max_length=20,
+        choices=DORA_SUBSTITUTABILITY_CHOICES,
+        blank=True,
+        verbose_name=_("Substitutability"),
+        help_text=_("Substitutability of the ICT third-party service provider"),
+    )
+    dora_non_substitutability_reason = models.CharField(
+        max_length=20,
+        choices=DORA_NON_SUBSTITUTABILITY_REASON_CHOICES,
+        blank=True,
+        verbose_name=_("Non-substitutability reason"),
+        help_text=_(
+            "Reason if the ICT third-party service provider is considered not substitutable or difficult to be substitutable"
+        ),
+    )
+    dora_has_exit_plan = models.CharField(
+        max_length=20,
+        choices=DORA_BINARY_CHOICES,
+        blank=True,
+        verbose_name=_("Exit plan"),
+        help_text=_("Existence of an exit plan"),
+    )
+    dora_reintegration_possibility = models.CharField(
+        max_length=20,
+        choices=DORA_REINTEGRATION_POSSIBILITY_CHOICES,
+        blank=True,
+        verbose_name=_("Reintegration possibility"),
+        help_text=_("Possibility of reintegration of the contracted ICT service"),
+    )
+    dora_discontinuing_impact = models.CharField(
+        max_length=20,
+        choices=DORA_DISCONTINUING_IMPACT_CHOICES,
+        blank=True,
+        verbose_name=_("Discontinuing impact"),
+        help_text=_("Impact of discontinuing the ICT services"),
+    )
+    dora_alternative_providers_identified = models.CharField(
+        max_length=20,
+        choices=DORA_BINARY_CHOICES,
+        blank=True,
+        verbose_name=_("Alternative providers identified"),
+        help_text=_(
+            "Are there alternative ICT third-party service providers identified?"
+        ),
+    )
+    dora_alternative_providers = models.TextField(
+        blank=True,
+        verbose_name=_("Alternative providers"),
+        help_text=_("Identification of alternative ICT third-party service providers"),
+    )
 
     fields_to_check = ["name"]
 
@@ -277,12 +350,14 @@ class Status(models.TextChoices):
         related_name="contracts",
         blank=True,
     )
-    entities = models.ManyToManyField(
+    provider_entity = models.ForeignKey(
         Entity,
-        related_name="contracts",
+        on_delete=models.SET_NULL,
+        null=True,
         blank=True,
-        verbose_name=_("Entities"),
-        help_text=_("Entities involved in this contract"),
+        related_name="contracts",
+        verbose_name=_("Provider entity"),
+        help_text=_("Entity providing this contract"),
     )
     evidences = models.ManyToManyField(
         Evidence,
@@ -291,12 +366,14 @@ class Status(models.TextChoices):
         verbose_name=_("Evidences"),
         help_text=_("Supporting evidence for this contract"),
     )
-    solutions = models.ManyToManyField(
+    solution = models.ForeignKey(
         "tprm.Solution",
+        on_delete=models.SET_NULL,
         blank=True,
+        null=True,
         related_name="contracts",
-        verbose_name=_("Solutions"),
-        help_text=_("Solutions covered by this contract"),
+        verbose_name=_("Solution"),
+        help_text=_("Solution covered by this contract"),
     )
     status = models.CharField(
         max_length=20,
diff --git a/backend/tprm/serializers.py b/backend/tprm/serializers.py
index 2c8d48f3e7..1de7db5dee 100644
--- a/backend/tprm/serializers.py
+++ b/backend/tprm/serializers.py
@@ -21,6 +21,8 @@
 class EntityReadSerializer(BaseModelSerializer):
     folder = FieldsRelatedField()
     owned_folders = FieldsRelatedField(many=True)
+    parent_entity = FieldsRelatedField()
+    branches = FieldsRelatedField(many=True)
     relationship = FieldsRelatedField(many=True)
     contracts = FieldsRelatedField(many=True)
     legal_identifiers = serializers.SerializerMethodField()
@@ -299,9 +301,9 @@ class Meta:
 class ContractReadSerializer(BaseModelSerializer):
     folder = FieldsRelatedField()
     owner = FieldsRelatedField(many=True)
-    entities = FieldsRelatedField(many=True)
+    provider_entity = FieldsRelatedField()
     evidences = FieldsRelatedField(many=True)
-    solutions = FieldsRelatedField(many=True)
+    solution = FieldsRelatedField()
     overarching_contract = FieldsRelatedField()
 
     class Meta:
diff --git a/backend/tprm/views.py b/backend/tprm/views.py
index 1158b7df48..3c373a8199 100644
--- a/backend/tprm/views.py
+++ b/backend/tprm/views.py
@@ -1,6 +1,7 @@
 from rest_framework.response import Response
 from iam.models import Folder, RoleAssignment, UserGroup
 from core.views import BaseModelViewSet as AbstractBaseModelViewSet
+from core.models import Asset
 from tprm.models import Entity, Representative, Solution, EntityAssessment, Contract
 from rest_framework.decorators import action
 import structlog
@@ -10,6 +11,7 @@
 
 from django.utils.formats import date_format
 from django.http import HttpResponse
+from django.db.models import Sum
 
 from core.constants import COUNTRY_CHOICES, CURRENCY_CHOICES
 from core.dora import (
@@ -20,6 +22,12 @@
     DORA_ICT_SERVICE_CHOICES,
     DORA_SENSITIVENESS_CHOICES,
     DORA_RELIANCE_CHOICES,
+    DORA_PROVIDER_PERSON_TYPE_CHOICES,
+    DORA_SUBSTITUTABILITY_CHOICES,
+    DORA_NON_SUBSTITUTABILITY_REASON_CHOICES,
+    DORA_BINARY_CHOICES,
+    DORA_REINTEGRATION_POSSIBILITY_CHOICES,
+    DORA_DISCONTINUING_IMPACT_CHOICES,
 )
 
 import csv
@@ -44,6 +52,7 @@ class EntityViewSet(BaseModelViewSet):
     filterset_fields = [
         "name",
         "folder",
+        "parent_entity",
         "relationship",
         "relationship__name",
         "contracts",
@@ -126,59 +135,72 @@ def generate_dora_roi(self, request):
                 ]
             )
 
-            # Write main entity data
-            lei_02 = ""
-            if main_entity.legal_identifiers:
-                lei_02 = main_entity.legal_identifiers.get("LEI", "")
-
-            country_02 = ""
-            if main_entity.country:
-                country_02 = f"eba_GA:{main_entity.country}"
+            # Get all entities to include in register (main entity + branches)
+            entities_to_export = [main_entity] + list(
+                Entity.objects.filter(parent_entity=main_entity)
+            )
 
-            # Format currency with eba_CU: prefix
-            currency_02 = ""
-            if main_entity.currency:
-                currency_02 = f"eba_CU:{main_entity.currency}"
+            # Write entity data for each entity
+            for entity in entities_to_export:
+                lei_02 = ""
+                if entity.legal_identifiers:
+                    lei_02 = entity.legal_identifiers.get("LEI", "")
+
+                country_02 = ""
+                if entity.country:
+                    country_02 = f"eba_GA:{entity.country}"
+
+                # Format currency with eba_CU: prefix
+                currency_02 = ""
+                if entity.currency:
+                    currency_02 = f"eba_CU:{entity.currency}"
+
+                # Format dates, use 2999-12-31 as default for mandatory fields
+                last_update = (
+                    entity.updated_at.strftime("%Y-%m-%d")
+                    if entity.updated_at
+                    else "2999-12-31"
+                )
+                integration_date = (
+                    entity.created_at.strftime("%Y-%m-%d")
+                    if entity.created_at
+                    else "2999-12-31"
+                )
+                deletion_date = (
+                    "2999-12-31"  # Empty for active entities, use far future date
+                )
 
-            # Format dates, use 2999-12-31 as default for mandatory fields
-            last_update = (
-                main_entity.updated_at.strftime("%Y-%m-%d")
-                if main_entity.updated_at
-                else "2999-12-31"
-            )
-            integration_date = (
-                main_entity.created_at.strftime("%Y-%m-%d")
-                if main_entity.created_at
-                else "2999-12-31"
-            )
-            deletion_date = (
-                "2999-12-31"  # Empty for active entities, use far future date
-            )
+                # LEI of parent entity
+                parent_entity_lei = ""
+                if entity.parent_entity and entity.parent_entity.legal_identifiers:
+                    parent_entity_lei = entity.parent_entity.legal_identifiers.get(
+                        "LEI", ""
+                    )
 
-            csv_writer_02.writerow(
-                [
-                    lei_02,
-                    main_entity.name,
-                    country_02,
-                    main_entity.dora_entity_type or "",
-                    main_entity.dora_entity_hierarchy or "",
-                    "",  # LEI of parent entity - not yet implemented
-                    last_update,
-                    integration_date,
-                    deletion_date,
-                    currency_02,
-                    main_entity.dora_assets_value
-                    if main_entity.dora_assets_value is not None
-                    else "",
-                ]
-            )
+                csv_writer_02.writerow(
+                    [
+                        lei_02,
+                        entity.name,
+                        country_02,
+                        entity.dora_entity_type or "",
+                        entity.dora_entity_hierarchy or "",
+                        parent_entity_lei,
+                        last_update,
+                        integration_date,
+                        deletion_date,
+                        currency_02,
+                        entity.dora_assets_value
+                        if entity.dora_assets_value is not None
+                        else "",
+                    ]
+                )
 
             # Add CSV to zip in reports folder
             zip_file.writestr(
                 "reports/b_01.02.csv", csv_buffer_02.getvalue().encode("utf-8")
             )
 
-            # Create b_01.03.csv - Branches register (placeholder)
+            # Create b_01.03.csv - Branches register
             csv_buffer_03 = io.StringIO()
             csv_writer_03 = csv.writer(csv_buffer_03)
 
@@ -192,8 +214,40 @@ def generate_dora_roi(self, request):
                 ]
             )
 
-            # Placeholder - no branch data yet
-            # Future implementation will include branches
+            # Get main entity LEI for parent reference
+            main_entity_lei = ""
+            if main_entity.legal_identifiers:
+                main_entity_lei = main_entity.legal_identifiers.get("LEI", "")
+
+            # Query all branches (entities with parent_entity = main_entity)
+            branches = Entity.objects.filter(parent_entity=main_entity)
+
+            # Write branch data
+            for branch in branches:
+                # Branch identification code (LEI)
+                branch_lei = ""
+                if branch.legal_identifiers:
+                    branch_lei = branch.legal_identifiers.get("LEI", "")
+
+                # Parent entity LEI (main entity)
+                parent_lei = main_entity_lei
+
+                # Branch name
+                branch_name = branch.name
+
+                # Branch country with eba_GA: prefix
+                branch_country = ""
+                if branch.country:
+                    branch_country = f"eba_GA:{branch.country}"
+
+                csv_writer_03.writerow(
+                    [
+                        branch_lei,
+                        parent_lei,
+                        branch_name,
+                        branch_country,
+                    ]
+                )
 
             # Add CSV to zip in reports folder
             zip_file.writestr(
@@ -302,9 +356,10 @@ def generate_dora_roi(self, request):
             # Write contract-solution relationship data
             for contract in Contract.objects.filter(
                 id__in=viewable_contracts
-            ).prefetch_related("solutions__provider_entity"):
-                # For each solution in the contract
-                for solution in contract.solutions.all():
+            ).select_related("solution__provider_entity"):
+                # For the solution in the contract
+                solution = contract.solution
+                if solution:
                     # Contract reference number
                     contract_ref = contract.ref_id or str(contract.id)
 
@@ -412,6 +467,993 @@ def generate_dora_roi(self, request):
                 "reports/b_02.02.csv", csv_buffer_0202.getvalue().encode("utf-8")
             )
 
+            # Create b_02.03.csv - List of intra-group contractual arrangements
+            csv_buffer_0203 = io.StringIO()
+            csv_writer_0203 = csv.writer(csv_buffer_0203)
+
+            # Write CSV headers
+            csv_writer_0203.writerow(
+                [
+                    "c0010",
+                    "c0020",
+                    "c0030",
+                ]
+            )
+
+            # Query intra-group contracts that have an overarching contract
+            # Only include contracts the user has access to
+            intragroup_contracts = Contract.objects.filter(
+                id__in=viewable_contracts,
+                is_intragroup=True,
+                overarching_contract__isnull=False,
+            ).select_related("overarching_contract")
+
+            # Write intra-group contract relationships
+            for contract in intragroup_contracts:
+                # Subordinate contract reference
+                subordinate_ref = contract.ref_id or str(contract.id)
+
+                # Overarching contract reference
+                overarching_ref = ""
+                if contract.overarching_contract:
+                    overarching_ref = contract.overarching_contract.ref_id or str(
+                        contract.overarching_contract.id
+                    )
+
+                # Link indicator (always "true" for populated rows)
+                link_indicator = "true"
+
+                csv_writer_0203.writerow(
+                    [
+                        subordinate_ref,
+                        overarching_ref,
+                        link_indicator,
+                    ]
+                )
+
+            # Add CSV to zip in reports folder
+            zip_file.writestr(
+                "reports/b_02.03.csv", csv_buffer_0203.getvalue().encode("utf-8")
+            )
+
+            # Create b_03.01.csv - Entities signing the contractual arrangements
+            csv_buffer_0301 = io.StringIO()
+            csv_writer_0301 = csv.writer(csv_buffer_0301)
+
+            # Write CSV headers
+            csv_writer_0301.writerow(
+                [
+                    "c0010",
+                    "c0020",
+                    "c0030",
+                ]
+            )
+
+            # Get main entity LEI for signing entity
+            main_entity_lei = ""
+            if main_entity.legal_identifiers:
+                main_entity_lei = main_entity.legal_identifiers.get("LEI", "")
+
+            # Write contract-signing entity relationships
+            # For each contract, the main entity is the signing entity
+            for contract in Contract.objects.filter(id__in=viewable_contracts):
+                # Contract reference number
+                contract_ref = contract.ref_id or str(contract.id)
+
+                # LEI of the signing entity (main entity)
+                signing_entity_lei = main_entity_lei
+
+                # Link indicator (always "true" for populated rows)
+                link_indicator = "true"
+
+                csv_writer_0301.writerow(
+                    [
+                        contract_ref,
+                        signing_entity_lei,
+                        link_indicator,
+                    ]
+                )
+
+            # Add CSV to zip in reports folder
+            zip_file.writestr(
+                "reports/b_03.01.csv", csv_buffer_0301.getvalue().encode("utf-8")
+            )
+
+            # Create b_03.02.csv - ICT third-party service providers signing the contractual arrangements
+            csv_buffer_0302 = io.StringIO()
+            csv_writer_0302 = csv.writer(csv_buffer_0302)
+
+            # Write CSV headers
+            csv_writer_0302.writerow(
+                [
+                    "c0010",
+                    "c0020",
+                    "c0030",
+                    "c0045",
+                ]
+            )
+
+            # Write contract-provider relationships
+            for contract in Contract.objects.filter(
+                id__in=viewable_contracts
+            ).select_related("provider_entity"):
+                # Contract reference number
+                contract_ref = contract.ref_id or str(contract.id)
+
+                # Get provider entity
+                provider = contract.provider_entity
+                if provider:
+                    # Extract identification code from legal_identifiers
+                    # Priority order: LEI, EUID, VAT, DUNS, others
+                    provider_code = ""
+                    code_type = ""
+
+                    if provider.legal_identifiers:
+                        # Try to get LEI first (preferred for DORA)
+                        if (
+                            "LEI" in provider.legal_identifiers
+                            and provider.legal_identifiers["LEI"]
+                        ):
+                            provider_code = provider.legal_identifiers["LEI"]
+                            code_type = "LEI"
+                        # Then try other identifiers
+                        elif (
+                            "EUID" in provider.legal_identifiers
+                            and provider.legal_identifiers["EUID"]
+                        ):
+                            provider_code = provider.legal_identifiers["EUID"]
+                            code_type = "EUID"
+                        elif (
+                            "VAT" in provider.legal_identifiers
+                            and provider.legal_identifiers["VAT"]
+                        ):
+                            provider_code = provider.legal_identifiers["VAT"]
+                            code_type = "VAT"
+                        elif (
+                            "DUNS" in provider.legal_identifiers
+                            and provider.legal_identifiers["DUNS"]
+                        ):
+                            provider_code = provider.legal_identifiers["DUNS"]
+                            code_type = "DUNS"
+                        else:
+                            # Use first available identifier
+                            for key, value in provider.legal_identifiers.items():
+                                if value:
+                                    provider_code = value
+                                    code_type = key
+                                    break
+
+                    # Link indicator (always "true" for populated rows)
+                    link_indicator = "true"
+
+                    csv_writer_0302.writerow(
+                        [
+                            contract_ref,
+                            provider_code,
+                            code_type,
+                            link_indicator,
+                        ]
+                    )
+
+            # Add CSV to zip in reports folder
+            zip_file.writestr(
+                "reports/b_03.02.csv", csv_buffer_0302.getvalue().encode("utf-8")
+            )
+
+            # Create b_03.03.csv - Entities signing the contractual arrangements for providing ICT services within the group
+            csv_buffer_0303 = io.StringIO()
+            csv_writer_0303 = csv.writer(csv_buffer_0303)
+
+            # Write CSV headers
+            csv_writer_0303.writerow(
+                [
+                    "c0010",
+                    "c0020",
+                    "c0031",
+                ]
+            )
+
+            # Get main entity LEI for intra-group provider
+            main_entity_lei = ""
+            if main_entity.legal_identifiers:
+                main_entity_lei = main_entity.legal_identifiers.get("LEI", "")
+
+            # Write intra-group contract-provider relationships
+            # Focus on contracts where main entity provides services to other entities in the group
+            for contract in Contract.objects.filter(
+                id__in=viewable_contracts, is_intragroup=True
+            ):
+                # Contract reference number
+                contract_ref = contract.ref_id or str(contract.id)
+
+                # LEI of the entity providing services (main entity)
+                provider_lei = main_entity_lei
+
+                # Link indicator (always "true" for populated rows)
+                link_indicator = "true"
+
+                csv_writer_0303.writerow(
+                    [
+                        contract_ref,
+                        provider_lei,
+                        link_indicator,
+                    ]
+                )
+
+            # Add CSV to zip in reports folder
+            zip_file.writestr(
+                "reports/b_03.03.csv", csv_buffer_0303.getvalue().encode("utf-8")
+            )
+
+            # Create b_04.01.csv - Entities making use of the ICT services
+            csv_buffer_0401 = io.StringIO()
+            csv_writer_0401 = csv.writer(csv_buffer_0401)
+
+            # Write CSV headers
+            csv_writer_0401.writerow(
+                [
+                    "c0010",
+                    "c0020",
+                    "c0030",
+                    "c0040",
+                ]
+            )
+
+            # Get all entities (main entity + branches)
+            entities_using_services = [main_entity] + list(
+                Entity.objects.filter(parent_entity=main_entity)
+            )
+
+            # For each contract, list the main entity and its branches as users
+            for contract in Contract.objects.filter(id__in=viewable_contracts):
+                contract_ref = contract.ref_id or str(contract.id)
+
+                # For each entity in the group (main entity + branches)
+                for entity in entities_using_services:
+                    # LEI of the entity using the service
+                    entity_lei = ""
+                    if entity.legal_identifiers:
+                        entity_lei = entity.legal_identifiers.get("LEI", "")
+
+                    # Nature of the entity (DORA entity type)
+                    entity_nature = entity.dora_entity_type or ""
+
+                    # Branch identification code
+                    # Empty for main entity, branch LEI for branches
+                    branch_code = ""
+                    if entity.parent_entity:  # This is a branch
+                        if entity.legal_identifiers:
+                            branch_code = entity.legal_identifiers.get("LEI", "")
+
+                    csv_writer_0401.writerow(
+                        [
+                            contract_ref,
+                            entity_lei,
+                            entity_nature,
+                            branch_code,
+                        ]
+                    )
+
+            # Add CSV to zip in reports folder
+            zip_file.writestr(
+                "reports/b_04.01.csv", csv_buffer_0401.getvalue().encode("utf-8")
+            )
+
+            # Create b_05.01.csv - ICT third-party service providers
+            csv_buffer_0501 = io.StringIO()
+            csv_writer_0501 = csv.writer(csv_buffer_0501)
+
+            # Write CSV headers
+            csv_writer_0501.writerow(
+                [
+                    "c0010",
+                    "c0020",
+                    "c0030",
+                    "c0040",
+                    "c0050",
+                    "c0060",
+                    "c0070",
+                    "c0080",
+                    "c0090",
+                ]
+            )
+
+            # Get unique third-party providers from contracts (excluding intragroup)
+            # Group by provider and calculate total expenses
+            third_party_contracts = Contract.objects.filter(
+                id__in=viewable_contracts,
+                is_intragroup=False,
+                provider_entity__isnull=False,
+            ).select_related("provider_entity", "provider_entity__parent_entity")
+
+            # Aggregate expenses by provider
+            providers_data = {}
+            for contract in third_party_contracts:
+                provider = contract.provider_entity
+                provider_id = provider.id
+
+                if provider_id not in providers_data:
+                    providers_data[provider_id] = {
+                        "provider": provider,
+                        "total_expense": 0,
+                        "currency": contract.currency or main_entity.currency or "",
+                    }
+
+                # Add annual expense if available
+                if contract.annual_expense:
+                    providers_data[provider_id]["total_expense"] += (
+                        contract.annual_expense
+                    )
+
+            # Write provider data
+            for provider_id, data in providers_data.items():
+                provider = data["provider"]
+
+                # c0010: Identification code of provider
+                # c0020: Type of code
+                provider_code = ""
+                code_type = ""
+
+                if provider.legal_identifiers:
+                    # Priority: LEI, EUID, VAT, DUNS, others
+                    if (
+                        "LEI" in provider.legal_identifiers
+                        and provider.legal_identifiers["LEI"]
+                    ):
+                        provider_code = provider.legal_identifiers["LEI"]
+                        code_type = "LEI"
+                    elif (
+                        "EUID" in provider.legal_identifiers
+                        and provider.legal_identifiers["EUID"]
+                    ):
+                        provider_code = provider.legal_identifiers["EUID"]
+                        code_type = "EUID"
+                    elif (
+                        "VAT" in provider.legal_identifiers
+                        and provider.legal_identifiers["VAT"]
+                    ):
+                        provider_code = provider.legal_identifiers["VAT"]
+                        code_type = "VAT"
+                    elif (
+                        "DUNS" in provider.legal_identifiers
+                        and provider.legal_identifiers["DUNS"]
+                    ):
+                        provider_code = provider.legal_identifiers["DUNS"]
+                        code_type = "DUNS"
+                    else:
+                        # Use first available identifier
+                        for key, value in provider.legal_identifiers.items():
+                            if value:
+                                provider_code = value
+                                code_type = key
+                                break
+
+                # c0030: Name of provider
+                provider_name = provider.name
+
+                # c0040: Type of person (DORA provider person type)
+                type_of_person = provider.dora_provider_person_type or ""
+
+                # c0050: Country of headquarters
+                provider_country = ""
+                if provider.country:
+                    provider_country = f"eba_GA:{provider.country}"
+
+                # c0060: Currency
+                currency = ""
+                if data["currency"]:
+                    currency = f"eba_CU:{data['currency']}"
+
+                # c0070: Total annual expense
+                total_expense = data["total_expense"] if data["total_expense"] else ""
+
+                # c0080: Ultimate parent undertaking identification code
+                # c0090: Type of code for parent
+                parent_code = ""
+                parent_code_type = ""
+
+                if provider.parent_entity:
+                    if provider.parent_entity.legal_identifiers:
+                        # Same priority as provider code
+                        if (
+                            "LEI" in provider.parent_entity.legal_identifiers
+                            and provider.parent_entity.legal_identifiers["LEI"]
+                        ):
+                            parent_code = provider.parent_entity.legal_identifiers[
+                                "LEI"
+                            ]
+                            parent_code_type = "LEI"
+                        elif (
+                            "EUID" in provider.parent_entity.legal_identifiers
+                            and provider.parent_entity.legal_identifiers["EUID"]
+                        ):
+                            parent_code = provider.parent_entity.legal_identifiers[
+                                "EUID"
+                            ]
+                            parent_code_type = "EUID"
+                        elif (
+                            "VAT" in provider.parent_entity.legal_identifiers
+                            and provider.parent_entity.legal_identifiers["VAT"]
+                        ):
+                            parent_code = provider.parent_entity.legal_identifiers[
+                                "VAT"
+                            ]
+                            parent_code_type = "VAT"
+                        elif (
+                            "DUNS" in provider.parent_entity.legal_identifiers
+                            and provider.parent_entity.legal_identifiers["DUNS"]
+                        ):
+                            parent_code = provider.parent_entity.legal_identifiers[
+                                "DUNS"
+                            ]
+                            parent_code_type = "DUNS"
+                        else:
+                            # Use first available identifier
+                            for (
+                                key,
+                                value,
+                            ) in provider.parent_entity.legal_identifiers.items():
+                                if value:
+                                    parent_code = value
+                                    parent_code_type = key
+                                    break
+
+                csv_writer_0501.writerow(
+                    [
+                        provider_code,
+                        code_type,
+                        provider_name,
+                        type_of_person,
+                        provider_country,
+                        currency,
+                        total_expense,
+                        parent_code,
+                        parent_code_type,
+                    ]
+                )
+
+            # Add CSV to zip in reports folder
+            zip_file.writestr(
+                "reports/b_05.01.csv", csv_buffer_0501.getvalue().encode("utf-8")
+            )
+
+            # Create b_05.02.csv - ICT service supply chains
+            csv_buffer_0502 = io.StringIO()
+            csv_writer_0502 = csv.writer(csv_buffer_0502)
+
+            # Write CSV headers
+            csv_writer_0502.writerow(
+                [
+                    "c0010",
+                    "c0020",
+                    "c0030",
+                    "c0040",
+                    "c0050",
+                    "c0060",
+                    "c0070",
+                ]
+            )
+
+            # Get main entity LEI for recipient
+            main_entity_lei = ""
+            main_entity_code_type = ""
+            if main_entity.legal_identifiers:
+                # Get main entity identifier with priority: LEI, EUID, VAT, DUNS
+                if (
+                    "LEI" in main_entity.legal_identifiers
+                    and main_entity.legal_identifiers["LEI"]
+                ):
+                    main_entity_lei = main_entity.legal_identifiers["LEI"]
+                    main_entity_code_type = "LEI"
+                elif (
+                    "EUID" in main_entity.legal_identifiers
+                    and main_entity.legal_identifiers["EUID"]
+                ):
+                    main_entity_lei = main_entity.legal_identifiers["EUID"]
+                    main_entity_code_type = "EUID"
+                elif (
+                    "VAT" in main_entity.legal_identifiers
+                    and main_entity.legal_identifiers["VAT"]
+                ):
+                    main_entity_lei = main_entity.legal_identifiers["VAT"]
+                    main_entity_code_type = "VAT"
+                elif (
+                    "DUNS" in main_entity.legal_identifiers
+                    and main_entity.legal_identifiers["DUNS"]
+                ):
+                    main_entity_lei = main_entity.legal_identifiers["DUNS"]
+                    main_entity_code_type = "DUNS"
+                else:
+                    # Use first available identifier
+                    for key, value in main_entity.legal_identifiers.items():
+                        if value:
+                            main_entity_lei = value
+                            main_entity_code_type = key
+                            break
+
+            # Write contract-solution-provider supply chain data
+            for contract in Contract.objects.filter(
+                id__in=viewable_contracts,
+                is_intragroup=False,
+                provider_entity__isnull=False,
+                solution__isnull=False,
+            ).select_related("provider_entity", "solution"):
+                # c0010: Contract reference
+                contract_ref = contract.ref_id or str(contract.id)
+
+                # c0020: Type of ICT services
+                ict_service_type = ""
+                if contract.solution:
+                    ict_service_type = contract.solution.dora_ict_service_type or ""
+
+                # c0030: Provider identification code
+                # c0040: Provider code type
+                provider_code = ""
+                provider_code_type = ""
+                provider = contract.provider_entity
+                if provider and provider.legal_identifiers:
+                    # Priority: LEI, EUID, VAT, DUNS, others
+                    if (
+                        "LEI" in provider.legal_identifiers
+                        and provider.legal_identifiers["LEI"]
+                    ):
+                        provider_code = provider.legal_identifiers["LEI"]
+                        provider_code_type = "LEI"
+                    elif (
+                        "EUID" in provider.legal_identifiers
+                        and provider.legal_identifiers["EUID"]
+                    ):
+                        provider_code = provider.legal_identifiers["EUID"]
+                        provider_code_type = "EUID"
+                    elif (
+                        "VAT" in provider.legal_identifiers
+                        and provider.legal_identifiers["VAT"]
+                    ):
+                        provider_code = provider.legal_identifiers["VAT"]
+                        provider_code_type = "VAT"
+                    elif (
+                        "DUNS" in provider.legal_identifiers
+                        and provider.legal_identifiers["DUNS"]
+                    ):
+                        provider_code = provider.legal_identifiers["DUNS"]
+                        provider_code_type = "DUNS"
+                    else:
+                        # Use first available identifier
+                        for key, value in provider.legal_identifiers.items():
+                            if value:
+                                provider_code = value
+                                provider_code_type = key
+                                break
+
+                # c0050: Rank (criticality)
+                rank = ""
+                if contract.solution:
+                    rank = (
+                        contract.solution.criticality
+                        if contract.solution.criticality
+                        else ""
+                    )
+
+                # c0060: Recipient identification (main entity)
+                recipient_code = main_entity_lei
+
+                # c0070: Recipient code type
+                recipient_code_type = main_entity_code_type
+
+                csv_writer_0502.writerow(
+                    [
+                        contract_ref,
+                        ict_service_type,
+                        provider_code,
+                        provider_code_type,
+                        rank,
+                        recipient_code,
+                        recipient_code_type,
+                    ]
+                )
+
+            # Add CSV to zip in reports folder
+            zip_file.writestr(
+                "reports/b_05.02.csv", csv_buffer_0502.getvalue().encode("utf-8")
+            )
+
+            # Create b_06.01.csv - Critical or important functions register
+            csv_buffer_0601 = io.StringIO()
+            csv_writer_0601 = csv.writer(csv_buffer_0601)
+
+            # Write CSV headers
+            csv_writer_0601.writerow(
+                [
+                    "c0010",
+                    "c0020",
+                    "c0030",
+                    "c0040",
+                    "c0050",
+                    "c0060",
+                    "c0070",
+                    "c0080",
+                    "c0090",
+                    "c0100",
+                ]
+            )
+
+            # Get main entity LEI for function association
+            main_entity_lei = ""
+            if main_entity.legal_identifiers:
+                main_entity_lei = main_entity.legal_identifiers.get("LEI", "")
+
+            # Get viewable business functions for the current user
+            (viewable_assets, _, _) = RoleAssignment.get_accessible_object_ids(
+                folder=Folder.get_root_folder(),
+                user=request.user,
+                object_type=Asset,
+            )
+
+            # Query all business functions
+            business_functions = Asset.objects.filter(
+                id__in=viewable_assets, is_business_function=True
+            )
+
+            # Write function data
+            for function in business_functions:
+                # Function identifier
+                function_id = function.ref_id or str(function.id)
+
+                # Licensed activity
+                licensed_activity = function.dora_licenced_activity or ""
+
+                # Function name
+                function_name = function.name
+
+                # LEI of financial entity
+                entity_lei = main_entity_lei
+
+                # Criticality assessment
+                criticality = function.dora_criticality_assessment or ""
+
+                # Reasons for criticality
+                criticality_reasons = function.dora_criticality_justification or ""
+
+                # Date of last assessment
+                last_assessment_date = (
+                    function.updated_at.strftime("%Y-%m-%d")
+                    if function.updated_at
+                    else "2999-12-31"
+                )
+
+                # Recovery time objective (RTO) - extract from disaster_recovery_objectives JSON
+                rto = ""
+                if function.disaster_recovery_objectives:
+                    objectives = function.disaster_recovery_objectives.get(
+                        "objectives", {}
+                    )
+                    rto_obj = objectives.get("rto", {})
+                    if rto_obj and "value" in rto_obj:
+                        rto = rto_obj["value"]
+
+                # Recovery point objective (RPO) - extract from disaster_recovery_objectives JSON
+                rpo = ""
+                if function.disaster_recovery_objectives:
+                    objectives = function.disaster_recovery_objectives.get(
+                        "objectives", {}
+                    )
+                    rpo_obj = objectives.get("rpo", {})
+                    if rpo_obj and "value" in rpo_obj:
+                        rpo = rpo_obj["value"]
+
+                # Impact of discontinuing
+                discontinuing_impact = function.dora_discontinuing_impact or ""
+
+                csv_writer_0601.writerow(
+                    [
+                        function_id,
+                        licensed_activity,
+                        function_name,
+                        entity_lei,
+                        criticality,
+                        criticality_reasons,
+                        last_assessment_date,
+                        rto,
+                        rpo,
+                        discontinuing_impact,
+                    ]
+                )
+
+            # Add CSV to zip in reports folder
+            zip_file.writestr(
+                "reports/b_06.01.csv", csv_buffer_0601.getvalue().encode("utf-8")
+            )
+
+            # Create b_07.01.csv - Assessment of ICT services
+            csv_buffer_0701 = io.StringIO()
+            csv_writer_0701 = csv.writer(csv_buffer_0701)
+
+            # Write CSV headers
+            csv_writer_0701.writerow(
+                [
+                    "c0010",  # Contract reference
+                    "c0020",  # Provider ID code
+                    "c0030",  # Provider code type
+                    "c0040",  # ICT service type
+                    "c0050",  # Substitutability
+                    "c0060",  # Non-substitutability reason
+                    "c0070",  # Last audit date
+                    "c0080",  # Exit plan
+                    "c0090",  # Reintegration possibility
+                    "c0100",  # Discontinuing impact
+                    "c0110",  # Alternative providers identified
+                    "c0120",  # Alternative provider IDs
+                ]
+            )
+
+            # Get contracts with both provider and solution for assessment
+            for contract in Contract.objects.filter(
+                id__in=viewable_contracts,
+                is_intragroup=False,
+                provider_entity__isnull=False,
+                solution__isnull=False,
+            ).select_related("provider_entity", "solution"):
+                # c0010: Contract reference
+                contract_ref = contract.ref_id or str(contract.id)
+
+                # c0020: Provider identification code
+                # c0030: Provider code type
+                provider_code = ""
+                provider_code_type = ""
+                provider = contract.provider_entity
+                if provider and provider.legal_identifiers:
+                    # Priority: LEI, EUID, VAT, DUNS, others
+                    if (
+                        "LEI" in provider.legal_identifiers
+                        and provider.legal_identifiers["LEI"]
+                    ):
+                        provider_code = provider.legal_identifiers["LEI"]
+                        provider_code_type = "LEI"
+                    elif (
+                        "EUID" in provider.legal_identifiers
+                        and provider.legal_identifiers["EUID"]
+                    ):
+                        provider_code = provider.legal_identifiers["EUID"]
+                        provider_code_type = "EUID"
+                    elif (
+                        "VAT" in provider.legal_identifiers
+                        and provider.legal_identifiers["VAT"]
+                    ):
+                        provider_code = provider.legal_identifiers["VAT"]
+                        provider_code_type = "VAT"
+                    elif (
+                        "DUNS" in provider.legal_identifiers
+                        and provider.legal_identifiers["DUNS"]
+                    ):
+                        provider_code = provider.legal_identifiers["DUNS"]
+                        provider_code_type = "DUNS"
+                    else:
+                        # Use first available identifier
+                        for key, value in provider.legal_identifiers.items():
+                            if value:
+                                provider_code = value
+                                provider_code_type = key
+                                break
+
+                solution = contract.solution
+
+                # c0040: ICT service type
+                ict_service_type = solution.dora_ict_service_type or ""
+
+                # c0050: Substitutability
+                substitutability = solution.dora_substitutability or ""
+
+                # c0060: Non-substitutability reason
+                non_substitutability_reason = (
+                    solution.dora_non_substitutability_reason or ""
+                )
+
+                # c0070: Last audit date (use solution updated_at as placeholder)
+                last_audit_date = (
+                    solution.updated_at.strftime("%Y-%m-%d")
+                    if solution.updated_at
+                    else ""
+                )
+
+                # c0080: Exit plan
+                exit_plan = solution.dora_has_exit_plan or ""
+
+                # c0090: Reintegration possibility
+                reintegration_possibility = (
+                    solution.dora_reintegration_possibility or ""
+                )
+
+                # c0100: Discontinuing impact
+                discontinuing_impact = solution.dora_discontinuing_impact or ""
+
+                # c0110: Alternative providers identified
+                alternative_providers_identified = (
+                    solution.dora_alternative_providers_identified or ""
+                )
+
+                # c0120: Alternative provider IDs
+                alternative_providers = solution.dora_alternative_providers or ""
+
+                csv_writer_0701.writerow(
+                    [
+                        contract_ref,
+                        provider_code,
+                        provider_code_type,
+                        ict_service_type,
+                        substitutability,
+                        non_substitutability_reason,
+                        last_audit_date,
+                        exit_plan,
+                        reintegration_possibility,
+                        discontinuing_impact,
+                        alternative_providers_identified,
+                        alternative_providers,
+                    ]
+                )
+
+            # Add CSV to zip in reports folder
+            zip_file.writestr(
+                "reports/b_07.01.csv", csv_buffer_0701.getvalue().encode("utf-8")
+            )
+
+            # Create b_99.01.csv - Aggregation report
+            csv_buffer_9901 = io.StringIO()
+            csv_writer_9901 = csv.writer(csv_buffer_9901)
+
+            # Write CSV headers
+            csv_writer_9901.writerow(
+                [
+                    "c0010",  # Standalone arrangement
+                    "c0020",  # Overarching arrangement
+                    "c0030",  # Subsequent or associated arrangement
+                    "c0040",  # Data sensitiveness: Low
+                    "c0050",  # Data sensitiveness: Medium
+                    "c0060",  # Data sensitiveness: High
+                    "c0070",  # Impact discontinuing function: Low
+                    "c0080",  # Impact discontinuing function: Medium
+                    "c0090",  # Impact discontinuing function: High
+                    "c0100",  # Substitutability: Not substitutable
+                    "c0110",  # Substitutability: Highly complex
+                    "c0120",  # Substitutability: Medium complexity
+                    "c0130",  # Substitutability: Easily substitutable
+                    "c0140",  # Reintegration: Easy
+                    "c0150",  # Reintegration: Difficult
+                    "c0160",  # Reintegration: Highly complex
+                    "c0170",  # Impact discontinuing ICT: Low
+                    "c0180",  # Impact discontinuing ICT: Medium
+                    "c0190",  # Impact discontinuing ICT: High
+                ]
+            )
+
+            # Get all third-party contracts with solutions for aggregation
+            contracts_for_aggregation = Contract.objects.filter(
+                id__in=viewable_contracts,
+                is_intragroup=False,
+                provider_entity__isnull=False,
+                solution__isnull=False,
+            ).select_related("solution")
+
+            # Initialize counters
+            # Contractual arrangement counts
+            standalone_count = 0
+            overarching_count = 0
+            subsequent_count = 0
+
+            # Data sensitiveness counts
+            sensitiveness_low = 0
+            sensitiveness_medium = 0
+            sensitiveness_high = 0
+
+            # Impact of discontinuing function (from assets)
+            function_impact_low = 0
+            function_impact_medium = 0
+            function_impact_high = 0
+
+            # Substitutability counts
+            substitutability_not = 0
+            substitutability_highly_complex = 0
+            substitutability_medium = 0
+            substitutability_easy = 0
+
+            # Reintegration possibility counts
+            reintegration_easy = 0
+            reintegration_difficult = 0
+            reintegration_highly_complex = 0
+
+            # Impact of discontinuing ICT services counts
+            ict_impact_low = 0
+            ict_impact_medium = 0
+            ict_impact_high = 0
+
+            # Count contracts by each dimension
+            for contract in contracts_for_aggregation:
+                # Count by contractual arrangement
+                if contract.dora_contractual_arrangement == "eba_CO:x1":
+                    standalone_count += 1
+                elif contract.dora_contractual_arrangement == "eba_CO:x2":
+                    overarching_count += 1
+                elif contract.dora_contractual_arrangement == "eba_CO:x3":
+                    subsequent_count += 1
+
+                solution = contract.solution
+
+                # Count by data sensitiveness
+                if solution.dora_data_sensitiveness == "eba_ZZ:x791":
+                    sensitiveness_low += 1
+                elif solution.dora_data_sensitiveness == "eba_ZZ:x792":
+                    sensitiveness_medium += 1
+                elif solution.dora_data_sensitiveness == "eba_ZZ:x793":
+                    sensitiveness_high += 1
+
+                # Count by substitutability
+                if solution.dora_substitutability == "eba_ZZ:x959":
+                    substitutability_not += 1
+                elif solution.dora_substitutability == "eba_ZZ:x960":
+                    substitutability_highly_complex += 1
+                elif solution.dora_substitutability == "eba_ZZ:x961":
+                    substitutability_medium += 1
+                elif solution.dora_substitutability == "eba_ZZ:x962":
+                    substitutability_easy += 1
+
+                # Count by reintegration possibility
+                if solution.dora_reintegration_possibility == "eba_ZZ:x798":
+                    reintegration_easy += 1
+                elif solution.dora_reintegration_possibility == "eba_ZZ:x966":
+                    reintegration_difficult += 1
+                elif solution.dora_reintegration_possibility == "eba_ZZ:x967":
+                    reintegration_highly_complex += 1
+
+                # Count by impact of discontinuing ICT services
+                if solution.dora_discontinuing_impact == "eba_ZZ:x791":
+                    ict_impact_low += 1
+                elif solution.dora_discontinuing_impact == "eba_ZZ:x792":
+                    ict_impact_medium += 1
+                elif solution.dora_discontinuing_impact == "eba_ZZ:x793":
+                    ict_impact_high += 1
+
+            # Count business functions by impact of discontinuing
+            business_functions = Asset.objects.filter(
+                id__in=viewable_assets, is_business_function=True
+            )
+
+            for function in business_functions:
+                if function.dora_discontinuing_impact == "eba_ZZ:x791":
+                    function_impact_low += 1
+                elif function.dora_discontinuing_impact == "eba_ZZ:x792":
+                    function_impact_medium += 1
+                elif function.dora_discontinuing_impact == "eba_ZZ:x793":
+                    function_impact_high += 1
+
+            # Write aggregation row
+            csv_writer_9901.writerow(
+                [
+                    standalone_count,
+                    overarching_count,
+                    subsequent_count,
+                    sensitiveness_low,
+                    sensitiveness_medium,
+                    sensitiveness_high,
+                    function_impact_low,
+                    function_impact_medium,
+                    function_impact_high,
+                    substitutability_not,
+                    substitutability_highly_complex,
+                    substitutability_medium,
+                    substitutability_easy,
+                    reintegration_easy,
+                    reintegration_difficult,
+                    reintegration_highly_complex,
+                    ict_impact_low,
+                    ict_impact_medium,
+                    ict_impact_high,
+                ]
+            )
+
+            # Add CSV to zip in reports folder
+            zip_file.writestr(
+                "reports/b_99.01.csv", csv_buffer_9901.getvalue().encode("utf-8")
+            )
+
         # Prepare response
         zip_buffer.seek(0)
 
@@ -448,6 +1490,10 @@ def dora_entity_type(self, request):
     def dora_entity_hierarchy(self, request):
         return Response(dict(DORA_ENTITY_HIERARCHY_CHOICES))
 
+    @action(detail=False, name="Get DORA provider person type choices")
+    def dora_provider_person_type(self, request):
+        return Response(dict(DORA_PROVIDER_PERSON_TYPE_CHOICES))
+
 
 class EntityAssessmentViewSet(BaseModelViewSet):
     """
@@ -578,6 +1624,12 @@ class SolutionViewSet(BaseModelViewSet):
         "data_location_processing",
         "dora_data_sensitiveness",
         "dora_reliance_level",
+        "dora_substitutability",
+        "dora_non_substitutability_reason",
+        "dora_has_exit_plan",
+        "dora_reintegration_possibility",
+        "dora_discontinuing_impact",
+        "dora_alternative_providers_identified",
     ]
 
     @action(detail=False, name="Get data location storage choices")
@@ -596,6 +1648,30 @@ def dora_data_sensitiveness(self, request):
     def dora_reliance_level(self, request):
         return Response(dict(DORA_RELIANCE_CHOICES))
 
+    @action(detail=False, name="Get substitutability choices")
+    def dora_substitutability(self, request):
+        return Response(dict(DORA_SUBSTITUTABILITY_CHOICES))
+
+    @action(detail=False, name="Get non-substitutability reason choices")
+    def dora_non_substitutability_reason(self, request):
+        return Response(dict(DORA_NON_SUBSTITUTABILITY_REASON_CHOICES))
+
+    @action(detail=False, name="Get exit plan choices")
+    def dora_has_exit_plan(self, request):
+        return Response(dict(DORA_BINARY_CHOICES))
+
+    @action(detail=False, name="Get reintegration possibility choices")
+    def dora_reintegration_possibility(self, request):
+        return Response(dict(DORA_REINTEGRATION_POSSIBILITY_CHOICES))
+
+    @action(detail=False, name="Get discontinuing impact choices")
+    def dora_discontinuing_impact(self, request):
+        return Response(dict(DORA_DISCONTINUING_IMPACT_CHOICES))
+
+    @action(detail=False, name="Get alternative providers identified choices")
+    def dora_alternative_providers_identified(self, request):
+        return Response(dict(DORA_BINARY_CHOICES))
+
     def perform_create(self, serializer):
         serializer.save()
         solution = serializer.instance
@@ -616,7 +1692,8 @@ class ContractViewSet(BaseModelViewSet):
     filterset_fields = [
         "name",
         "folder",
-        "entities",
+        "provider_entity",
+        "solution",
         "status",
         "owner",
         "dora_contractual_arrangement",
diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index 52a680fc96..91ad238e58 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -840,6 +840,8 @@
 	"addSolution": "Add solution",
 	"solutionsLinkedToAssetHelpText": "Solutions associated with this asset",
 	"providerEntity": "Provider entity",
+	"parentEntity": "Parent entity",
+	"parentEntityHelpText": "Parent entity for branch or subsidiary relationships",
 	"addProduct": "Add product",
 	"contracts": "Contracts",
 	"contract": "Contract",
@@ -1017,6 +1019,11 @@
 	"step": "Step {number}",
 	"critical": "Critical",
 	"isCritical": "Is critical",
+	"isBusinessFunction": "Is business function",
+	"doraLicencedActivity": "Licensed Activity",
+	"doraCriticalityAssessment": "Criticality Assessment",
+	"doraCriticalityJustification": "Criticality Justification",
+	"doraDiscontinuingImpact": "Discontinuing Impact",
 	"info": "Information",
 	"vulnerabilities": "Vulnerabilities",
 	"severity": "Severity",
@@ -2629,6 +2636,7 @@
 	"doraEntityHierarchy": "Entity Hierarchy",
 	"doraAssetsValue": "Value of total assets",
 	"doraCompetentAuthority": "Competent Authority",
+	"doraProviderPersonType": "Provider Person Type",
 	"doraContractualArrangement": "Contract type",
 	"doraIctServiceType": "ICT Service Type",
 	"overarchingContract": "Overarching Contract",
@@ -2643,5 +2651,14 @@
 	"dataLocationStorage": "Location of Data at Rest",
 	"dataLocationProcessing": "Location of Data during Processing",
 	"doraDataSensitiveness": "Data Sensitiveness",
-	"doraRelianceLevel": "Level of Reliance"
+	"doraRelianceLevel": "Level of Reliance",
+	"doraSubstitutability": "Substitutability",
+	"doraNonSubstitutabilityReason": "Non-Substitutability Reason",
+	"doraHasExitPlan": "Exit Plan",
+	"doraReintegrationPossibility": "Reintegration Possibility",
+	"doraDiscontinuingImpact": "Discontinuing Impact",
+	"doraAlternativeProvidersIdentified": "Alternative Providers Identified",
+	"doraAlternativeProviders": "Alternative Providers",
+	"doraAttributes": "DORA Attributes",
+	"doraAssessment": "DORA Assessment"
 }
diff --git a/frontend/messages/fr.json b/frontend/messages/fr.json
index feb307a345..ed606afa97 100644
--- a/frontend/messages/fr.json
+++ b/frontend/messages/fr.json
@@ -793,6 +793,8 @@
 	"solution": "Solution",
 	"addSolution": "Ajouter une solution",
 	"providerEntity": "Entité fournisseur",
+	"parentEntity": "Entité parente",
+	"parentEntityHelpText": "Entité parente pour les relations de succursale ou de filiale",
 	"addProduct": "Ajouter un produit",
 	"representatives": "Représentants",
 	"representative": "Représentant",
@@ -956,6 +958,12 @@
 	"tooManyLoginAttempts": "Trop de tentatives de connexion. Veuillez réessayer plus tard.",
 	"step": "Étape {number}",
 	"critical": "Critique",
+	"isCritical": "Est critique",
+	"isBusinessFunction": "Est une fonction métier",
+	"doraLicencedActivity": "Activité sous licence",
+	"doraCriticalityAssessment": "Évaluation de la criticité",
+	"doraCriticalityJustification": "Justification de la criticité",
+	"doraDiscontinuingImpact": "Impact de l'arrêt",
 	"info": "Information",
 	"vulnerabilities": "Vulnérabilités",
 	"severity": "Niveau de gravité",
@@ -2563,5 +2571,19 @@
 	"impactValuesMustBeIncreasing": "L'impact pour '{current}' doit être supérieur à '{previous}'. Les valeurs doivent augmenter entre les niveaux.",
 	"runningMonteCarloSimulations": "Exécution des simulations Monte Carlo pour l'analyse de risque quantitative. Cela peut prendre un moment...",
 	"probabilityRequirements": "Toutes les valeurs doivent être fournies et comprises entre 0 et 100 (par exemple, 5, 20, 50, 90). Les valeurs doivent augmenter de haut en bas.",
-	"impactRequirements": "Toutes les valeurs doivent être fournies et supérieures à 0. Les valeurs doivent augmenter de haut en bas (par exemple, Mineur : 5 000 → Majeur : 50 000 → Critique : 500 000)."
+	"impactRequirements": "Toutes les valeurs doivent être fournies et supérieures à 0. Les valeurs doivent augmenter de haut en bas (par exemple, Mineur : 5 000 → Majeur : 50 000 → Critique : 500 000).",
+	"storageOfData": "Stocke des données",
+	"dataLocationStorage": "Localisation des données au repos",
+	"dataLocationProcessing": "Localisation des données en traitement",
+	"doraDataSensitiveness": "Sensibilité des données",
+	"doraRelianceLevel": "Niveau de dépendance",
+	"doraSubstitutability": "Substituabilité",
+	"doraNonSubstitutabilityReason": "Raison de non-substituabilité",
+	"doraHasExitPlan": "Plan de sortie",
+	"doraReintegrationPossibility": "Possibilité de réintégration",
+	"doraDiscontinuingImpact": "Impact de l'arrêt",
+	"doraAlternativeProvidersIdentified": "Fournisseurs alternatifs identifiés",
+	"doraAlternativeProviders": "Fournisseurs alternatifs",
+	"doraAttributes": "Attributs DORA",
+	"doraAssessment": "Évaluation DORA"
 }
diff --git a/frontend/src/lib/components/Forms/ModelForm/AssetForm.svelte b/frontend/src/lib/components/Forms/ModelForm/AssetForm.svelte
index 938a662497..dac48cead9 100644
--- a/frontend/src/lib/components/Forms/ModelForm/AssetForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/AssetForm.svelte
@@ -130,13 +130,6 @@
 	bind:cachedValue={formDataCache['owner']}
 	label={m.owner()}
 />
-<Checkbox
-	{form}
-	field="is_critical"
-	label={m.isCritical()}
-	cacheLock={cacheLocks['is_critical']}
-	bind:cachedValue={formDataCache['is_critical']}
-/>
 <AutocompleteSelect
 	{form}
 	optionsEndpoint="folders?content_type=DO&content_type=GL"
@@ -253,6 +246,55 @@
 		</div>
 	</Dropdown>
 {/if}
+{#if data.type === 'PR'}
+	<Dropdown
+		open={false}
+		style="hover:text-purple-700"
+		icon="fa-solid fa-building-columns"
+		header={m.doraSpecific()}
+	>
+		<Checkbox
+			{form}
+			field="is_business_function"
+			label={m.isBusinessFunction()}
+			cacheLock={cacheLocks['is_business_function']}
+			bind:cachedValue={formDataCache['is_business_function']}
+		/>
+		<Select
+			{form}
+			options={model.selectOptions['dora_licenced_activity']}
+			field="dora_licenced_activity"
+			label={m.doraLicencedActivity()}
+			cacheLock={cacheLocks['dora_licenced_activity']}
+			bind:cachedValue={formDataCache['dora_licenced_activity']}
+		/>
+		<Select
+			{form}
+			options={model.selectOptions['dora_criticality_assessment']}
+			field="dora_criticality_assessment"
+			label={m.doraCriticalityAssessment()}
+			cacheLock={cacheLocks['dora_criticality_assessment']}
+			bind:cachedValue={formDataCache['dora_criticality_assessment']}
+			disableDoubleDash={true}
+		/>
+		<TextField
+			{form}
+			field="dora_criticality_justification"
+			label={m.doraCriticalityJustification()}
+			cacheLock={cacheLocks['dora_criticality_justification']}
+			bind:cachedValue={formDataCache['dora_criticality_justification']}
+		/>
+		<Select
+			{form}
+			options={model.selectOptions['dora_discontinuing_impact']}
+			field="dora_discontinuing_impact"
+			label={m.doraDiscontinuingImpact()}
+			cacheLock={cacheLocks['dora_discontinuing_impact']}
+			bind:cachedValue={formDataCache['dora_discontinuing_impact']}
+			disableDoubleDash={true}
+		/>
+	</Dropdown>
+{/if}
 <Dropdown open={false} style="hover:text-primary-700" icon="fa-solid fa-list" header={m.more()}>
 	<TextField
 		{form}
diff --git a/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte b/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
index d9104c1869..a5499831bc 100644
--- a/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
@@ -77,19 +77,19 @@
 <AutocompleteSelect
 	{form}
 	optionsEndpoint="entities"
-	field="entities"
-	cacheLock={cacheLocks['entities']}
-	bind:cachedValue={formDataCache['entities']}
-	label={m.entities()}
+	field="provider_entity"
+	cacheLock={cacheLocks['provider_entity']}
+	bind:cachedValue={formDataCache['provider_entity']}
+	label={m.providerEntity()}
 />
 <AutocompleteSelect
 	{form}
 	optionsEndpoint="solutions"
 	optionsExtraFields={[['provider_entity', 'str']]}
-	field="solutions"
-	cacheLock={cacheLocks['solutions']}
-	bind:cachedValue={formDataCache['solutions']}
-	label={m.solutions()}
+	field="solution"
+	cacheLock={cacheLocks['solution']}
+	bind:cachedValue={formDataCache['solution']}
+	label={m.solution()}
 />
 <AutocompleteSelect
 	{form}
diff --git a/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte b/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
index 3f26f1f79e..1da3f3ec58 100644
--- a/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
@@ -64,6 +64,15 @@
 />
 
 <Dropdown open={false} style="hover:text-primary-700" icon="fa-solid fa-ellipsis" header={m.more()}>
+	<AutocompleteSelect
+		{form}
+		optionsEndpoint="entities"
+		field="parent_entity"
+		cacheLock={cacheLocks['parent_entity']}
+		bind:cachedValue={formDataCache['parent_entity']}
+		label={m.parentEntity()}
+		helpText={m.parentEntityHelpText()}
+	/>
 	<TextField
 		{form}
 		field="reference_link"
@@ -126,4 +135,12 @@
 		cacheLock={cacheLocks['dora_competent_authority']}
 		bind:cachedValue={formDataCache['dora_competent_authority']}
 	/>
+	<AutocompleteSelect
+		{form}
+		field="dora_provider_person_type"
+		options={model.selectOptions?.dora_provider_person_type}
+		label={m.doraProviderPersonType()}
+		cacheLock={cacheLocks['dora_provider_person_type']}
+		bind:cachedValue={formDataCache['dora_provider_person_type']}
+	/>
 </Dropdown>
diff --git a/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte b/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
index 2499d34c8b..b424776df5 100644
--- a/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
@@ -73,7 +73,7 @@
 	open={false}
 	style="hover:text-primary-700"
 	icon="fa-solid fa-scale-balanced"
-	header={m.doraSpecific()}
+	header={m.doraAttributes()}
 >
 	<AutocompleteSelect
 		{form}
@@ -83,12 +83,21 @@
 		cacheLock={cacheLocks['dora_ict_service_type']}
 		bind:cachedValue={formDataCache['dora_ict_service_type']}
 	/>
+</Dropdown>
+
+<Dropdown
+	open={false}
+	style="hover:text-primary-700"
+	icon="fa-solid fa-clipboard-check"
+	header={m.doraAssessment()}
+>
 	<Checkbox
 		{form}
 		field="storage_of_data"
 		label={m.storageOfData()}
 		cacheLock={cacheLocks['storage_of_data']}
 		bind:cachedValue={formDataCache['storage_of_data']}
+		classesContainer="my-4"
 	/>
 	<AutocompleteSelect
 		{form}
@@ -122,4 +131,59 @@
 		cacheLock={cacheLocks['dora_reliance_level']}
 		bind:cachedValue={formDataCache['dora_reliance_level']}
 	/>
+	<AutocompleteSelect
+		{form}
+		field="dora_substitutability"
+		options={model.selectOptions?.dora_substitutability}
+		label={m.doraSubstitutability()}
+		cacheLock={cacheLocks['dora_substitutability']}
+		bind:cachedValue={formDataCache['dora_substitutability']}
+	/>
+	<AutocompleteSelect
+		{form}
+		field="dora_non_substitutability_reason"
+		options={model.selectOptions?.dora_non_substitutability_reason}
+		label={m.doraNonSubstitutabilityReason()}
+		cacheLock={cacheLocks['dora_non_substitutability_reason']}
+		bind:cachedValue={formDataCache['dora_non_substitutability_reason']}
+	/>
+	<AutocompleteSelect
+		{form}
+		field="dora_has_exit_plan"
+		options={model.selectOptions?.dora_has_exit_plan}
+		label={m.doraHasExitPlan()}
+		cacheLock={cacheLocks['dora_has_exit_plan']}
+		bind:cachedValue={formDataCache['dora_has_exit_plan']}
+	/>
+	<AutocompleteSelect
+		{form}
+		field="dora_reintegration_possibility"
+		options={model.selectOptions?.dora_reintegration_possibility}
+		label={m.doraReintegrationPossibility()}
+		cacheLock={cacheLocks['dora_reintegration_possibility']}
+		bind:cachedValue={formDataCache['dora_reintegration_possibility']}
+	/>
+	<AutocompleteSelect
+		{form}
+		field="dora_discontinuing_impact"
+		options={model.selectOptions?.dora_discontinuing_impact}
+		label={m.doraDiscontinuingImpact()}
+		cacheLock={cacheLocks['dora_discontinuing_impact']}
+		bind:cachedValue={formDataCache['dora_discontinuing_impact']}
+	/>
+	<AutocompleteSelect
+		{form}
+		field="dora_alternative_providers_identified"
+		options={model.selectOptions?.dora_alternative_providers_identified}
+		label={m.doraAlternativeProvidersIdentified()}
+		cacheLock={cacheLocks['dora_alternative_providers_identified']}
+		bind:cachedValue={formDataCache['dora_alternative_providers_identified']}
+	/>
+	<TextField
+		{form}
+		field="dora_alternative_providers"
+		label={m.doraAlternativeProviders()}
+		cacheLock={cacheLocks['dora_alternative_providers']}
+		bind:cachedValue={formDataCache['dora_alternative_providers']}
+	/>
 </Dropdown>
diff --git a/frontend/src/lib/utils/crud.ts b/frontend/src/lib/utils/crud.ts
index 24a71b5a28..2ef414a947 100644
--- a/frontend/src/lib/utils/crud.ts
+++ b/frontend/src/lib/utils/crud.ts
@@ -516,7 +516,13 @@ export const URL_MODEL_MAP: ModelMap = {
 			{ field: 'overridden_children_capabilities', urlModel: 'asset-capabilities' },
 			{ field: 'solutions', urlModel: 'solutions' }
 		],
-		selectFields: [{ field: 'type' }, { field: 'asset_class' }],
+		selectFields: [
+			{ field: 'type' },
+			{ field: 'asset_class' },
+			{ field: 'dora_licenced_activity' },
+			{ field: 'dora_criticality_assessment' },
+			{ field: 'dora_discontinuing_impact' }
+		],
 		filters: [
 			{ field: 'parent_assets' },
 			{ field: 'folder' },
@@ -766,19 +772,23 @@ export const URL_MODEL_MAP: ModelMap = {
 			{ field: 'name' },
 			{ field: 'description' },
 			{ field: 'mission' },
+			{ field: 'parent_entity' },
 			{ field: 'relationship' },
 			{ field: 'legal_identifiers' },
+			{ field: 'branches' },
 			{ field: 'reference_link' }
 		],
 		reverseForeignKeyFields: [
 			{ field: 'entity', urlModel: 'entity-assessments' },
 			{ field: 'entity', urlModel: 'representatives' },
 			{ field: 'provider_entity', urlModel: 'solutions' },
-			{ field: 'entities', urlModel: 'contracts' }
+			{ field: 'provider_entity', urlModel: 'contracts' }
 		],
 		foreignKeyFields: [
 			{ field: 'folder', urlModel: 'folders', urlParams: 'content_type=DO&content_type=GL' },
 			{ field: 'owned_folders', urlModel: 'folders', urlParams: 'owned=false' },
+			{ field: 'parent_entity', urlModel: 'entities' },
+			{ field: 'branches', urlModel: 'entities' },
 			{
 				field: 'relationship',
 				urlModel: 'terminologies',
@@ -789,7 +799,8 @@ export const URL_MODEL_MAP: ModelMap = {
 			{ field: 'country' },
 			{ field: 'currency' },
 			{ field: 'dora_entity_type' },
-			{ field: 'dora_entity_hierarchy' }
+			{ field: 'dora_entity_hierarchy' },
+			{ field: 'dora_provider_person_type' }
 		]
 	},
 	'entity-assessments': {
@@ -818,7 +829,7 @@ export const URL_MODEL_MAP: ModelMap = {
 		localNamePlural: 'solutions',
 		verboseName: 'Solution',
 		verboseNamePlural: 'Solutions',
-		reverseForeignKeyFields: [{ field: 'solutions', urlModel: 'contracts' }],
+		reverseForeignKeyFields: [{ field: 'solution', urlModel: 'contracts' }],
 		foreignKeyFields: [
 			{ field: 'provider_entity', urlModel: 'entities' },
 			{ field: 'recipient_entity', urlModel: 'entities' },
@@ -829,7 +840,13 @@ export const URL_MODEL_MAP: ModelMap = {
 			{ field: 'data_location_storage' },
 			{ field: 'data_location_processing' },
 			{ field: 'dora_data_sensitiveness' },
-			{ field: 'dora_reliance_level' }
+			{ field: 'dora_reliance_level' },
+			{ field: 'dora_substitutability' },
+			{ field: 'dora_non_substitutability_reason' },
+			{ field: 'dora_has_exit_plan' },
+			{ field: 'dora_reintegration_possibility' },
+			{ field: 'dora_discontinuing_impact' },
+			{ field: 'dora_alternative_providers_identified' }
 		]
 	},
 	contracts: {
@@ -838,17 +855,13 @@ export const URL_MODEL_MAP: ModelMap = {
 		localNamePlural: 'contracts',
 		verboseName: 'Contract',
 		verboseNamePlural: 'Contracts',
-		reverseForeignKeyFields: [
-			{ field: 'contracts', urlModel: 'evidences', disableDelete: true },
-			{ field: 'contracts', urlModel: 'entities', disableDelete: true, disableCreate: true },
-			{ field: 'contracts', urlModel: 'solutions', disableDelete: true, disableCreate: true }
-		],
+		reverseForeignKeyFields: [{ field: 'contracts', urlModel: 'evidences', disableDelete: true }],
 		foreignKeyFields: [
 			{ field: 'folder', urlModel: 'folders' },
 			{ field: 'owner', urlModel: 'users' },
-			{ field: 'entities', urlModel: 'entities' },
+			{ field: 'provider_entity', urlModel: 'entities' },
 			{ field: 'evidences', urlModel: 'evidences' },
-			{ field: 'solutions', urlModel: 'solutions' },
+			{ field: 'solution', urlModel: 'solutions' },
 			{ field: 'overarching_contract', urlModel: 'contracts' }
 		],
 		selectFields: [
diff --git a/frontend/src/lib/utils/schemas.ts b/frontend/src/lib/utils/schemas.ts
index 5628512622..74ee43af9f 100644
--- a/frontend/src/lib/utils/schemas.ts
+++ b/frontend/src/lib/utils/schemas.ts
@@ -306,7 +306,11 @@ export const AssetSchema = z.object({
 	observation: z.string().optional().nullable(),
 	overridden_children_capabilities: z.string().uuid().optional().array().optional(),
 	solutions: z.string().uuid().optional().array().optional(),
-	is_critical: z.boolean().default(false)
+	is_business_function: z.boolean().default(false),
+	dora_licenced_activity: z.string().optional().nullable(),
+	dora_criticality_assessment: z.string().default('eba_BT:x21'),
+	dora_criticality_justification: z.string().optional().nullable(),
+	dora_discontinuing_impact: z.string().default('eba_ZZ:x799')
 });
 
 export const FilteringLabelSchema = z.object({
@@ -563,6 +567,7 @@ export const SSOSettingsSchema = z.object({
 export const EntitiesSchema = z.object({
 	...NameDescriptionMixin,
 	folder: z.string(),
+	parent_entity: z.string().optional(),
 	mission: z.string().optional(),
 	reference_link: z
 		.string()
@@ -575,9 +580,10 @@ export const EntitiesSchema = z.object({
 	country: z.string().optional(),
 	currency: z.string().optional(),
 	dora_entity_type: z.string().optional(),
-	dora_entity_hierarchy: z.string().optional(),
+	dora_entity_hierarchy: z.string().optional().default('eba_RP:x53'),
 	dora_assets_value: z.number().optional().nullable(),
-	dora_competent_authority: z.string().optional()
+	dora_competent_authority: z.string().optional(),
+	dora_provider_person_type: z.string().optional().default('eba_CT:x212')
 });
 
 export const EntityAssessmentSchema = z.object({
@@ -617,7 +623,14 @@ export const solutionSchema = z.object({
 	data_location_storage: z.string().optional(),
 	data_location_processing: z.string().optional(),
 	dora_data_sensitiveness: z.string().optional(),
-	dora_reliance_level: z.string().optional()
+	dora_reliance_level: z.string().optional(),
+	dora_substitutability: z.string().optional(),
+	dora_non_substitutability_reason: z.string().optional(),
+	dora_has_exit_plan: z.string().optional(),
+	dora_reintegration_possibility: z.string().optional(),
+	dora_discontinuing_impact: z.string().optional(),
+	dora_alternative_providers_identified: z.string().optional(),
+	dora_alternative_providers: z.string().optional()
 });
 
 export const representativeSchema = z.object({
@@ -636,9 +649,9 @@ export const contractSchema = z.object({
 	folder: z.string(),
 	filtering_labels: z.array(z.string()).optional(),
 	owner: z.array(z.string().optional()).optional(),
-	entities: z.array(z.string().optional()).optional(),
+	provider_entity: z.string().optional(),
 	evidences: z.array(z.string().optional()).optional(),
-	solutions: z.array(z.string().optional()).optional(),
+	solution: z.string().optional(),
 	status: z.string().optional().default('draft'),
 	start_date: z.union([z.literal('').transform(() => null), z.string().date()]).nullish(),
 	end_date: z.union([z.literal('').transform(() => null), z.string().date()]).nullish(),
diff --git a/frontend/src/lib/utils/table.ts b/frontend/src/lib/utils/table.ts
index 7b3bc9fcf6..2605df88e9 100644
--- a/frontend/src/lib/utils/table.ts
+++ b/frontend/src/lib/utils/table.ts
@@ -708,6 +708,15 @@ const ENTITY_FILTER: ListViewFilterConfig = {
 	}
 };
 
+const SOLUTION_FILTER: ListViewFilterConfig = {
+	component: AutocompleteSelect,
+	props: {
+		label: 'solution',
+		optionsEndpoint: 'solutions',
+		multiple: true
+	}
+};
+
 const ENTITY_RELATIONSHIP_FILTER: ListViewFilterConfig = {
 	component: AutocompleteSelect,
 	props: {
@@ -834,10 +843,10 @@ const ASSET_CLASS_FILTER: ListViewFilterConfig = {
 	}
 };
 
-const ASSET_IS_CRITICAL_FILTER: ListViewFilterConfig = {
+const ASSET_IS_BUSINESS_FUNCTION_FILTER: ListViewFilterConfig = {
 	component: AutocompleteSelect,
 	props: {
-		label: 'is_critical',
+		label: 'is_business_function',
 		options: YES_NO_OPTIONS,
 		multiple: true
 	}
@@ -1308,7 +1317,7 @@ export const listViewFields = {
 			type: ASSET_TYPE_FILTER,
 			filtering_labels: LABELS_FILTER,
 			asset_class: ASSET_CLASS_FILTER,
-			is_critical: ASSET_IS_CRITICAL_FILTER
+			is_business_function: ASSET_IS_BUSINESS_FUNCTION_FILTER
 		}
 	},
 	'asset-class': {
@@ -1482,10 +1491,11 @@ export const listViewFields = {
 		}
 	},
 	entities: {
-		head: ['refId', 'name', 'description', 'domain', 'relationship'],
-		body: ['ref_id', 'name', 'description', 'folder', 'relationship'],
+		head: ['refId', 'name', 'description', 'domain', 'parentEntity', 'relationship'],
+		body: ['ref_id', 'name', 'description', 'folder', 'parent_entity', 'relationship'],
 		filters: {
 			folder: DOMAIN_FILTER,
+			parent_entity: ENTITY_FILTER,
 			relationship: ENTITY_RELATIONSHIP_FILTER
 		}
 	},
@@ -1509,11 +1519,30 @@ export const listViewFields = {
 		}
 	},
 	contracts: {
-		head: ['refId', 'name', 'description', 'status', 'startDate', 'endDate', 'entities'],
-		body: ['ref_id', 'name', 'description', 'status', 'start_date', 'end_date', 'entities'],
+		head: [
+			'refId',
+			'name',
+			'description',
+			'status',
+			'startDate',
+			'endDate',
+			'providerEntity',
+			'solution'
+		],
+		body: [
+			'ref_id',
+			'name',
+			'description',
+			'status',
+			'start_date',
+			'end_date',
+			'provider_entity',
+			'solution'
+		],
 		filters: {
 			status: CONTRACT_STATUS_FILTER,
-			entities: ENTITY_FILTER
+			provider_entity: ENTITY_FILTER,
+			solution: SOLUTION_FILTER
 		}
 	},
 	representatives: {

From 442cc3e2b1e8995063a014b2b18ca557f74f3d85 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Tue, 11 Nov 2025 19:30:09 +0100
Subject: [PATCH 20/47] refactor exports

---
 backend/tprm/dora_export.py                   |  810 ++++++++++
 backend/tprm/views.py                         | 1432 +----------------
 frontend/messages/en.json                     |    2 +-
 .../Forms/ModelForm/EntityForm.svelte         |   32 +-
 frontend/src/lib/utils/schemas.ts             |    4 +-
 5 files changed, 898 insertions(+), 1382 deletions(-)
 create mode 100644 backend/tprm/dora_export.py

diff --git a/backend/tprm/dora_export.py b/backend/tprm/dora_export.py
new file mode 100644
index 0000000000..72fdc74a85
--- /dev/null
+++ b/backend/tprm/dora_export.py
@@ -0,0 +1,810 @@
+"""
+DORA (Digital Operational Resilience Act) ROI (Register of Information) export utilities.
+
+This module contains functions to generate various CSV reports required by DORA regulations.
+Each function generates a specific report and writes it to a ZIP file.
+"""
+
+import csv
+import io
+from typing import Dict, List, Optional, Any
+
+from django.db.models import QuerySet
+from tprm.models import Entity, Contract, Solution
+from core.models import Asset
+
+
+# Helper Functions
+
+
+def get_entity_identifier(
+    entity: Entity, priority: List[str] = None
+) -> tuple[str, str]:
+    """
+    Extract identification code and type from entity's legal_identifiers.
+
+    Args:
+        entity: Entity object with legal_identifiers
+        priority: List of identifier types in priority order (default: LEI, EUID, VAT, DUNS)
+
+    Returns:
+        Tuple of (identifier_code, identifier_type)
+    """
+    if priority is None:
+        priority = ["LEI", "EUID", "VAT", "DUNS"]
+
+    if not entity or not entity.legal_identifiers:
+        return "", ""
+
+    # Try priority identifiers first
+    for id_type in priority:
+        if id_type in entity.legal_identifiers and entity.legal_identifiers[id_type]:
+            return entity.legal_identifiers[id_type], id_type
+
+    # Use first available identifier
+    for key, value in entity.legal_identifiers.items():
+        if value:
+            return value, key
+
+    return "", ""
+
+
+def format_date(date_obj) -> str:
+    """Format date object to YYYY-MM-DD string."""
+    if date_obj:
+        return date_obj.strftime("%Y-%m-%d")
+    return ""
+
+
+# Report Generation Functions
+
+
+def generate_b_01_01_main_entity(zip_file, main_entity: Entity) -> None:
+    """
+    Generate b_01.01.csv - Main entity information.
+
+    Args:
+        zip_file: ZIP file object to write to
+        main_entity: The main builtin entity
+    """
+    from datetime import datetime
+
+    csv_buffer = io.StringIO()
+    csv_writer = csv.writer(csv_buffer)
+
+    # Write CSV headers
+    csv_writer.writerow(["c0010", "c0020", "c0030", "c0040", "c0050", "c0060"])
+
+    # Extract LEI from legal identifiers
+    lei = ""
+    if main_entity.legal_identifiers:
+        lei = main_entity.legal_identifiers.get("LEI", "")
+
+    # Format country with eba_GA: prefix
+    country = ""
+    if main_entity.country:
+        country = f"eba_GA:{main_entity.country}"
+
+    # Get current date for report
+    report_date = datetime.now().strftime("%Y-%m-%d")
+
+    # Write entity data
+    csv_writer.writerow(
+        [
+            lei,
+            main_entity.name,
+            country,
+            main_entity.dora_entity_type or "",
+            main_entity.dora_competent_authority or "",
+            report_date,
+        ]
+    )
+
+    # Add CSV to zip
+    zip_file.writestr("reports/b_01.01.csv", csv_buffer.getvalue().encode("utf-8"))
+
+
+def generate_b_01_02_entities(
+    zip_file, main_entity: Entity, all_entities: List[Entity]
+) -> None:
+    """
+    Generate b_01.02.csv - Entity register with all entity details.
+
+    Args:
+        zip_file: ZIP file object to write to
+        main_entity: The main builtin entity
+        all_entities: List of all entities (main + branches)
+    """
+    csv_buffer = io.StringIO()
+    csv_writer = csv.writer(csv_buffer)
+
+    # Write CSV headers
+    csv_writer.writerow(
+        [
+            "c0010",  # LEI
+            "c0020",  # Name
+            "c0030",  # Country
+            "c0040",  # Entity type
+            "c0050",  # Entity hierarchy
+            "c0060",  # Parent entity LEI
+            "c0070",  # Last update
+            "c0080",  # Integration date
+            "c0090",  # Deletion date
+            "c0100",  # Currency
+            "c0110",  # Assets value
+        ]
+    )
+
+    # Write entity data for each entity
+    for entity in all_entities:
+        lei = ""
+        if entity.legal_identifiers:
+            lei = entity.legal_identifiers.get("LEI", "")
+
+        country = ""
+        if entity.country:
+            country = f"eba_GA:{entity.country}"
+
+        currency = ""
+        if entity.currency:
+            currency = f"eba_CU:{entity.currency}"
+
+        # Format dates, use 2999-12-31 as default for mandatory fields
+        last_update = (
+            format_date(entity.updated_at) if entity.updated_at else "2999-12-31"
+        )
+        integration_date = (
+            format_date(entity.created_at) if entity.created_at else "2999-12-31"
+        )
+        deletion_date = "2999-12-31"  # Empty for active entities
+
+        # LEI of parent entity
+        parent_entity_lei = ""
+        if entity.parent_entity and entity.parent_entity.legal_identifiers:
+            parent_entity_lei = entity.parent_entity.legal_identifiers.get("LEI", "")
+
+        csv_writer.writerow(
+            [
+                lei,
+                entity.name,
+                country,
+                entity.dora_entity_type or "",
+                entity.dora_entity_hierarchy or "",
+                parent_entity_lei,
+                last_update,
+                integration_date,
+                deletion_date,
+                currency,
+                entity.dora_assets_value
+                if entity.dora_assets_value is not None
+                else "",
+            ]
+        )
+
+    # Add CSV to zip
+    zip_file.writestr("reports/b_01.02.csv", csv_buffer.getvalue().encode("utf-8"))
+
+
+def generate_b_01_03_branches(
+    zip_file, main_entity: Entity, branches: List[Entity]
+) -> None:
+    """
+    Generate b_01.03.csv - Branches of the main entity.
+
+    Args:
+        zip_file: ZIP file object to write to
+        main_entity: The main builtin entity
+        branches: List of branch entities
+    """
+    csv_buffer = io.StringIO()
+    csv_writer = csv.writer(csv_buffer)
+
+    # Write CSV headers
+    csv_writer.writerow(["c0010", "c0020", "c0030"])
+
+    # Get main entity LEI
+    main_lei, _ = get_entity_identifier(main_entity, priority=["LEI"])
+
+    # Write branch data
+    for branch in branches:
+        branch_code, code_type = get_entity_identifier(branch)
+        csv_writer.writerow([main_lei, branch_code, code_type])
+
+    zip_file.writestr("reports/b_01.03.csv", csv_buffer.getvalue().encode("utf-8"))
+
+
+def generate_b_02_01_contracts(zip_file, contracts: QuerySet) -> None:
+    """
+    Generate b_02.01.csv - Contractual arrangements for ICT services.
+
+    Args:
+        zip_file: ZIP file object to write to
+        contracts: QuerySet of Contract objects
+    """
+    csv_buffer = io.StringIO()
+    csv_writer = csv.writer(csv_buffer)
+
+    # Write CSV headers
+    csv_writer.writerow(
+        [
+            "c0010",  # Contract reference
+            "c0020",  # Type of contractual arrangement
+            "c0030",  # Start date
+            "c0040",  # End date
+            "c0050",  # Notice period for entity
+            "c0060",  # Notice period for provider
+            "c0070",  # Governing law country
+            "c0080",  # Currency
+            "c0090",  # Annual expense
+        ]
+    )
+
+    # Write contract data
+    for contract in contracts:
+        contract_ref = contract.ref_id or str(contract.id)
+        arrangement_type = contract.dora_contractual_arrangement or ""
+        start_date = format_date(contract.start_date)
+        end_date = format_date(contract.end_date)
+        notice_entity = contract.notice_period_entity or ""
+        notice_provider = contract.notice_period_provider or ""
+        governing_law = contract.governing_law_country or ""
+        currency = contract.currency or ""
+        annual_expense = contract.annual_expense or ""
+
+        csv_writer.writerow(
+            [
+                contract_ref,
+                arrangement_type,
+                start_date,
+                end_date,
+                notice_entity,
+                notice_provider,
+                governing_law,
+                currency,
+                annual_expense,
+            ]
+        )
+
+    zip_file.writestr("reports/b_02.01.csv", csv_buffer.getvalue().encode("utf-8"))
+
+
+def generate_b_02_02_ict_services(zip_file, contracts: QuerySet) -> None:
+    """
+    Generate b_02.02.csv - ICT services supporting functions.
+
+    Args:
+        zip_file: ZIP file object to write to
+        contracts: QuerySet of Contract objects with solutions
+    """
+    csv_buffer = io.StringIO()
+    csv_writer = csv.writer(csv_buffer)
+
+    # Write CSV headers
+    csv_writer.writerow(["c0010", "c0020"])
+
+    # Write contract-solution data
+    for contract in contracts.filter(solution__isnull=False).select_related("solution"):
+        contract_ref = contract.ref_id or str(contract.id)
+        ict_service_type = contract.solution.dora_ict_service_type or ""
+
+        csv_writer.writerow([contract_ref, ict_service_type])
+
+    zip_file.writestr("reports/b_02.02.csv", csv_buffer.getvalue().encode("utf-8"))
+
+
+def generate_b_02_03_intragroup_contracts(zip_file, contracts: QuerySet) -> None:
+    """
+    Generate b_02.03.csv - Intra-group contractual arrangements.
+
+    Args:
+        zip_file: ZIP file object to write to
+        contracts: QuerySet of Contract objects
+    """
+    csv_buffer = io.StringIO()
+    csv_writer = csv.writer(csv_buffer)
+
+    # Write CSV headers
+    csv_writer.writerow(["c0010", "c0020", "c0030"])
+
+    # Filter intragroup contracts with overarching contract
+    intragroup_contracts = contracts.filter(
+        is_intragroup=True, overarching_contract__isnull=False
+    ).select_related("overarching_contract")
+
+    # Write intra-group contract relationships
+    for contract in intragroup_contracts:
+        subordinate_ref = contract.ref_id or str(contract.id)
+        overarching_ref = contract.overarching_contract.ref_id or str(
+            contract.overarching_contract.id
+        )
+        arrangement_type = contract.dora_contractual_arrangement or ""
+
+        csv_writer.writerow([subordinate_ref, overarching_ref, arrangement_type])
+
+    zip_file.writestr("reports/b_02.03.csv", csv_buffer.getvalue().encode("utf-8"))
+
+
+def generate_b_03_01_signing_entities(
+    zip_file, main_entity: Entity, contracts: QuerySet
+) -> None:
+    """
+    Generate b_03.01.csv - Signing entities (main entity for all contracts).
+
+    Args:
+        zip_file: ZIP file object to write to
+        main_entity: The main builtin entity
+        contracts: QuerySet of Contract objects
+    """
+    csv_buffer = io.StringIO()
+    csv_writer = csv.writer(csv_buffer)
+
+    # Write CSV headers
+    csv_writer.writerow(["c0010", "c0020", "c0030"])
+
+    # Get main entity identifier
+    main_code, code_type = get_entity_identifier(main_entity)
+
+    # Write contract-entity data (main entity signs all contracts)
+    for contract in contracts:
+        contract_ref = contract.ref_id or str(contract.id)
+        csv_writer.writerow([contract_ref, main_code, code_type])
+
+    zip_file.writestr("reports/b_03.01.csv", csv_buffer.getvalue().encode("utf-8"))
+
+
+def generate_b_03_02_ict_providers(zip_file, contracts: QuerySet) -> None:
+    """
+    Generate b_03.02.csv - ICT third-party service providers.
+
+    Args:
+        zip_file: ZIP file object to write to
+        contracts: QuerySet of Contract objects with providers
+    """
+    csv_buffer = io.StringIO()
+    csv_writer = csv.writer(csv_buffer)
+
+    # Write CSV headers
+    csv_writer.writerow(["c0010", "c0020", "c0030"])
+
+    # Get third-party contracts with providers
+    third_party_contracts = contracts.filter(
+        is_intragroup=False, provider_entity__isnull=False
+    ).select_related("provider_entity")
+
+    # Write provider data
+    for contract in third_party_contracts:
+        contract_ref = contract.ref_id or str(contract.id)
+        provider = contract.provider_entity
+
+        provider_code, code_type = get_entity_identifier(provider)
+
+        csv_writer.writerow([contract_ref, provider_code, code_type])
+
+    zip_file.writestr("reports/b_03.02.csv", csv_buffer.getvalue().encode("utf-8"))
+
+
+def generate_b_03_03_intragroup_providers(
+    zip_file, main_entity: Entity, contracts: QuerySet
+) -> None:
+    """
+    Generate b_03.03.csv - ICT intra-group service providers.
+
+    Args:
+        zip_file: ZIP file object to write to
+        main_entity: The main builtin entity
+        contracts: QuerySet of Contract objects
+    """
+    csv_buffer = io.StringIO()
+    csv_writer = csv.writer(csv_buffer)
+
+    # Write CSV headers
+    csv_writer.writerow(["c0010", "c0020", "c0030"])
+
+    # Get main entity identifier
+    main_code, code_type = get_entity_identifier(main_entity)
+
+    # Get intra-group contracts
+    intragroup_contracts = contracts.filter(is_intragroup=True)
+
+    # Write provider data (main entity provides intra-group services)
+    for contract in intragroup_contracts:
+        contract_ref = contract.ref_id or str(contract.id)
+        csv_writer.writerow([contract_ref, main_code, code_type])
+
+    zip_file.writestr("reports/b_03.03.csv", csv_buffer.getvalue().encode("utf-8"))
+
+
+def generate_b_04_01_service_users(
+    zip_file, main_entity: Entity, branches: List[Entity], contracts: QuerySet
+) -> None:
+    """
+    Generate b_04.01.csv - Entities using ICT services.
+
+    Args:
+        zip_file: ZIP file object to write to
+        main_entity: The main builtin entity
+        branches: List of branch entities
+        contracts: QuerySet of Contract objects
+    """
+    csv_buffer = io.StringIO()
+    csv_writer = csv.writer(csv_buffer)
+
+    # Write CSV headers
+    csv_writer.writerow(["c0010", "c0020", "c0030", "c0040"])
+
+    # Combine main entity and branches
+    all_entities = [main_entity] + list(branches)
+
+    # Get main entity identifier
+    main_code, main_code_type = get_entity_identifier(main_entity)
+
+    # Write user data for each contract
+    for contract in contracts:
+        contract_ref = contract.ref_id or str(contract.id)
+
+        for entity in all_entities:
+            entity_code, code_type = get_entity_identifier(entity)
+
+            # Determine if this is a branch
+            branch_code = ""
+            if entity.parent_entity:
+                branch_code = entity_code
+
+            csv_writer.writerow([contract_ref, main_code, main_code_type, branch_code])
+
+    zip_file.writestr("reports/b_04.01.csv", csv_buffer.getvalue().encode("utf-8"))
+
+
+def generate_b_05_01_provider_details(
+    zip_file, main_entity: Entity, contracts: QuerySet
+) -> None:
+    """
+    Generate b_05.01.csv - Details of ICT third-party service providers.
+
+    Args:
+        zip_file: ZIP file object to write to
+        main_entity: The main builtin entity
+        contracts: QuerySet of Contract objects with providers
+    """
+    csv_buffer = io.StringIO()
+    csv_writer = csv.writer(csv_buffer)
+
+    # Write CSV headers
+    csv_writer.writerow(
+        [
+            "c0010",  # Provider code
+            "c0020",  # Provider code type
+            "c0030",  # Country
+            "c0040",  # Type of person
+            "c0050",  # Expense currency
+            "c0060",  # Total annual expense
+            "c0070",  # Competent authority
+            "c0080",  # Parent code
+            "c0090",  # Parent code type
+        ]
+    )
+
+    # Aggregate expenses by provider
+    providers_data = {}
+
+    third_party_contracts = contracts.filter(
+        is_intragroup=False, provider_entity__isnull=False
+    ).select_related("provider_entity")
+
+    for contract in third_party_contracts:
+        provider = contract.provider_entity
+        provider_id = provider.id
+
+        if provider_id not in providers_data:
+            providers_data[provider_id] = {
+                "provider": provider,
+                "total_expense": 0,
+                "currency": contract.currency or main_entity.currency or "",
+            }
+
+        if contract.annual_expense:
+            providers_data[provider_id]["total_expense"] += contract.annual_expense
+
+    # Write provider data
+    for provider_id, data in providers_data.items():
+        provider = data["provider"]
+
+        provider_code, code_type = get_entity_identifier(provider)
+        country = provider.country or ""
+        person_type = provider.dora_provider_person_type or ""
+        currency = data["currency"]
+        total_expense = data["total_expense"]
+        competent_authority = provider.dora_competent_authority or ""
+
+        # Get parent entity identifier
+        parent_code, parent_code_type = "", ""
+        if provider.parent_entity:
+            parent_code, parent_code_type = get_entity_identifier(
+                provider.parent_entity
+            )
+
+        csv_writer.writerow(
+            [
+                provider_code,
+                code_type,
+                country,
+                person_type,
+                currency,
+                total_expense,
+                competent_authority,
+                parent_code,
+                parent_code_type,
+            ]
+        )
+
+    zip_file.writestr("reports/b_05.01.csv", csv_buffer.getvalue().encode("utf-8"))
+
+
+def generate_b_05_02_supply_chains(
+    zip_file, main_entity: Entity, contracts: QuerySet
+) -> None:
+    """
+    Generate b_05.02.csv - ICT service supply chains.
+
+    Args:
+        zip_file: ZIP file object to write to
+        main_entity: The main builtin entity
+        contracts: QuerySet of Contract objects with solutions
+    """
+    csv_buffer = io.StringIO()
+    csv_writer = csv.writer(csv_buffer)
+
+    # Write CSV headers
+    csv_writer.writerow(
+        [
+            "c0010",  # Contract reference
+            "c0020",  # ICT service type
+            "c0030",  # Provider code
+            "c0040",  # Provider code type
+            "c0050",  # Rank (criticality)
+            "c0060",  # Recipient code
+            "c0070",  # Recipient code type
+        ]
+    )
+
+    # Get main entity identifier
+    main_code, main_code_type = get_entity_identifier(main_entity)
+
+    # Get contracts with both provider and solution
+    supply_chain_contracts = contracts.filter(
+        is_intragroup=False,
+        provider_entity__isnull=False,
+        solution__isnull=False,
+    ).select_related("provider_entity", "solution")
+
+    # Write supply chain data
+    for contract in supply_chain_contracts:
+        contract_ref = contract.ref_id or str(contract.id)
+        ict_service_type = contract.solution.dora_ict_service_type or ""
+
+        provider_code, provider_code_type = get_entity_identifier(
+            contract.provider_entity
+        )
+
+        rank = contract.solution.criticality if contract.solution.criticality else ""
+
+        csv_writer.writerow(
+            [
+                contract_ref,
+                ict_service_type,
+                provider_code,
+                provider_code_type,
+                rank,
+                main_code,
+                main_code_type,
+            ]
+        )
+
+    zip_file.writestr("reports/b_05.02.csv", csv_buffer.getvalue().encode("utf-8"))
+
+
+def generate_b_06_01_functions(
+    zip_file, main_entity: Entity, business_functions: QuerySet
+) -> None:
+    """
+    Generate b_06.01.csv - Critical or important functions register.
+
+    Args:
+        zip_file: ZIP file object to write to
+        main_entity: The main builtin entity
+        business_functions: QuerySet of Asset objects with is_business_function=True
+    """
+    csv_buffer = io.StringIO()
+    csv_writer = csv.writer(csv_buffer)
+
+    # Write CSV headers
+    csv_writer.writerow(
+        [
+            "c0010",  # Function identifier
+            "c0020",  # Licensed activity
+            "c0030",  # Function name
+            "c0040",  # Entity LEI
+            "c0050",  # Criticality assessment
+            "c0060",  # Criticality reasons
+            "c0070",  # Last assessment date
+            "c0080",  # RTO
+            "c0090",  # RPO
+            "c0100",  # Impact of discontinuing
+        ]
+    )
+
+    # Get main entity LEI
+    main_lei, _ = get_entity_identifier(main_entity, priority=["LEI"])
+
+    # Write function data
+    for function in business_functions:
+        function_id = function.ref_id or str(function.id)
+        licensed_activity = function.dora_licenced_activity or ""
+        function_name = function.name
+        entity_lei = main_lei
+        criticality = function.dora_criticality_assessment or ""
+        criticality_reasons = function.dora_criticality_justification or ""
+        last_assessment_date = (
+            format_date(function.updated_at) if function.updated_at else "2999-12-31"
+        )
+
+        # Extract RTO from disaster_recovery_objectives JSON
+        rto = ""
+        if function.disaster_recovery_objectives:
+            objectives = function.disaster_recovery_objectives.get("objectives", {})
+            rto_obj = objectives.get("rto", {})
+            if rto_obj and "value" in rto_obj:
+                rto = rto_obj["value"]
+
+        # Extract RPO from disaster_recovery_objectives JSON
+        rpo = ""
+        if function.disaster_recovery_objectives:
+            objectives = function.disaster_recovery_objectives.get("objectives", {})
+            rpo_obj = objectives.get("rpo", {})
+            if rpo_obj and "value" in rpo_obj:
+                rpo = rpo_obj["value"]
+
+        discontinuing_impact = function.dora_discontinuing_impact or ""
+
+        csv_writer.writerow(
+            [
+                function_id,
+                licensed_activity,
+                function_name,
+                entity_lei,
+                criticality,
+                criticality_reasons,
+                last_assessment_date,
+                rto,
+                rpo,
+                discontinuing_impact,
+            ]
+        )
+
+    zip_file.writestr("reports/b_06.01.csv", csv_buffer.getvalue().encode("utf-8"))
+
+
+def generate_b_07_01_assessment(zip_file, contracts: QuerySet) -> None:
+    """
+    Generate b_07.01.csv - Assessment of ICT services.
+
+    Args:
+        zip_file: ZIP file object to write to
+        contracts: QuerySet of Contract objects with solutions
+    """
+    csv_buffer = io.StringIO()
+    csv_writer = csv.writer(csv_buffer)
+
+    # Write CSV headers
+    csv_writer.writerow(
+        [
+            "c0010",  # Contract reference
+            "c0020",  # Provider code
+            "c0030",  # Provider code type
+            "c0040",  # ICT service type
+            "c0050",  # Substitutability
+            "c0060",  # Non-substitutability reason
+            "c0070",  # Last audit date
+            "c0080",  # Exit plan
+            "c0090",  # Reintegration possibility
+            "c0100",  # Discontinuing impact
+            "c0110",  # Alternative providers identified
+            "c0120",  # Alternative provider IDs
+        ]
+    )
+
+    # Get contracts with both provider and solution
+    assessment_contracts = contracts.filter(
+        is_intragroup=False,
+        provider_entity__isnull=False,
+        solution__isnull=False,
+    ).select_related("provider_entity", "solution")
+
+    # Write assessment data
+    for contract in assessment_contracts:
+        contract_ref = contract.ref_id or str(contract.id)
+
+        provider_code, provider_code_type = get_entity_identifier(
+            contract.provider_entity
+        )
+
+        solution = contract.solution
+        ict_service_type = solution.dora_ict_service_type or ""
+        substitutability = solution.dora_substitutability or ""
+        non_substitutability_reason = solution.dora_non_substitutability_reason or ""
+        last_audit_date = (
+            format_date(solution.updated_at) if solution.updated_at else ""
+        )
+        exit_plan = solution.dora_has_exit_plan or ""
+        reintegration_possibility = solution.dora_reintegration_possibility or ""
+        discontinuing_impact = solution.dora_discontinuing_impact or ""
+        alternative_providers_identified = (
+            solution.dora_alternative_providers_identified or ""
+        )
+        alternative_providers = solution.dora_alternative_providers or ""
+
+        csv_writer.writerow(
+            [
+                contract_ref,
+                provider_code,
+                provider_code_type,
+                ict_service_type,
+                substitutability,
+                non_substitutability_reason,
+                last_audit_date,
+                exit_plan,
+                reintegration_possibility,
+                discontinuing_impact,
+                alternative_providers_identified,
+                alternative_providers,
+            ]
+        )
+
+    zip_file.writestr("reports/b_07.01.csv", csv_buffer.getvalue().encode("utf-8"))
+
+
+def generate_b_99_01_aggregation(
+    zip_file, contracts: QuerySet, business_functions: QuerySet
+) -> None:
+    """
+    Generate b_99.01.csv - Aggregation report placeholder (standard not yet finalized).
+
+    This currently only generates headers as the DORA standard for this report
+    is not yet properly defined.
+
+    Args:
+        zip_file: ZIP file object to write to
+        contracts: QuerySet of Contract objects with solutions
+        business_functions: QuerySet of Asset objects with is_business_function=True
+    """
+    csv_buffer = io.StringIO()
+    csv_writer = csv.writer(csv_buffer)
+
+    # Write CSV headers
+    csv_writer.writerow(
+        [
+            "c0010",  # Standalone arrangement
+            "c0020",  # Overarching arrangement
+            "c0030",  # Subsequent or associated arrangement
+            "c0040",  # Data sensitiveness: Low
+            "c0050",  # Data sensitiveness: Medium
+            "c0060",  # Data sensitiveness: High
+            "c0070",  # Impact discontinuing function: Low
+            "c0080",  # Impact discontinuing function: Medium
+            "c0090",  # Impact discontinuing function: High
+            "c0100",  # Substitutability: Not substitutable
+            "c0110",  # Substitutability: Highly complex
+            "c0120",  # Substitutability: Medium complexity
+            "c0130",  # Substitutability: Easily substitutable
+            "c0140",  # Reintegration: Easy
+            "c0150",  # Reintegration: Difficult
+            "c0160",  # Reintegration: Highly complex
+            "c0170",  # Impact discontinuing ICT: Low
+            "c0180",  # Impact discontinuing ICT: Medium
+            "c0190",  # Impact discontinuing ICT: High
+        ]
+    )
+
+    # TODO: Add data rows once DORA standard is properly defined
+
+    zip_file.writestr("reports/b_99.01.csv", csv_buffer.getvalue().encode("utf-8"))
diff --git a/backend/tprm/views.py b/backend/tprm/views.py
index 3c373a8199..879ef71838 100644
--- a/backend/tprm/views.py
+++ b/backend/tprm/views.py
@@ -67,1400 +67,106 @@ class EntityViewSet(BaseModelViewSet):
     def generate_dora_roi(self, request):
         """
         Generate DORA Register of Information (ROI) as a zip file containing CSV data.
+
+        This generates a comprehensive DORA ROI export containing multiple CSV reports:
+        - b_01.01: Main entity information
+        - b_01.02: Entity register (main entity + branches)
+        - b_01.03: Branches register
+        - b_02.01-03: Contractual arrangements
+        - b_03.01-03: Signing entities and providers
+        - b_04.01: Entities using ICT services
+        - b_05.01-02: Provider details and supply chains
+        - b_06.01: Critical functions register
+        - b_07.01: Assessment of ICT services
+        - b_99.01: Aggregation report
         """
+        from tprm import dora_export
+
         # Get the main entity
         main_entity = Entity.get_main_entity()
 
         if not main_entity:
             return HttpResponse("No main entity found", status=400)
 
-        # Create zip file in memory
-        zip_buffer = io.BytesIO()
-        with zipfile.ZipFile(zip_buffer, "w", zipfile.ZIP_DEFLATED) as zip_file:
-            # Create b_01.01.csv - Main entity information
-            csv_buffer = io.StringIO()
-            csv_writer = csv.writer(csv_buffer)
-
-            # Write CSV headers
-            csv_writer.writerow(["c0010", "c0020", "c0030", "c0040", "c0050", "c0060"])
-
-            # Extract LEI from legal identifiers
-            lei = ""
-            if main_entity.legal_identifiers:
-                lei = main_entity.legal_identifiers.get("LEI", "")
-
-            # Format country with eba_GA: prefix
-            country = ""
-            if main_entity.country:
-                country = f"eba_GA:{main_entity.country}"
-
-            # Get current date for report
-            report_date = datetime.now().strftime("%Y-%m-%d")
-
-            # Write entity data
-            csv_writer.writerow(
-                [
-                    lei,
-                    main_entity.name,
-                    country,
-                    main_entity.dora_entity_type or "",
-                    main_entity.dora_competent_authority or "",
-                    report_date,
-                ]
-            )
-
-            # Add CSV to zip in reports folder
-            zip_file.writestr(
-                "reports/b_01.01.csv", csv_buffer.getvalue().encode("utf-8")
-            )
-
-            # Create b_01.02.csv - Entity register
-            csv_buffer_02 = io.StringIO()
-            csv_writer_02 = csv.writer(csv_buffer_02)
-
-            # Write CSV headers
-            csv_writer_02.writerow(
-                [
-                    "c0010",
-                    "c0020",
-                    "c0030",
-                    "c0040",
-                    "c0050",
-                    "c0060",
-                    "c0070",
-                    "c0080",
-                    "c0090",
-                    "c0100",
-                    "c0110",
-                ]
-            )
-
-            # Get all entities to include in register (main entity + branches)
-            entities_to_export = [main_entity] + list(
-                Entity.objects.filter(parent_entity=main_entity)
-            )
-
-            # Write entity data for each entity
-            for entity in entities_to_export:
-                lei_02 = ""
-                if entity.legal_identifiers:
-                    lei_02 = entity.legal_identifiers.get("LEI", "")
-
-                country_02 = ""
-                if entity.country:
-                    country_02 = f"eba_GA:{entity.country}"
-
-                # Format currency with eba_CU: prefix
-                currency_02 = ""
-                if entity.currency:
-                    currency_02 = f"eba_CU:{entity.currency}"
-
-                # Format dates, use 2999-12-31 as default for mandatory fields
-                last_update = (
-                    entity.updated_at.strftime("%Y-%m-%d")
-                    if entity.updated_at
-                    else "2999-12-31"
-                )
-                integration_date = (
-                    entity.created_at.strftime("%Y-%m-%d")
-                    if entity.created_at
-                    else "2999-12-31"
-                )
-                deletion_date = (
-                    "2999-12-31"  # Empty for active entities, use far future date
-                )
-
-                # LEI of parent entity
-                parent_entity_lei = ""
-                if entity.parent_entity and entity.parent_entity.legal_identifiers:
-                    parent_entity_lei = entity.parent_entity.legal_identifiers.get(
-                        "LEI", ""
-                    )
-
-                csv_writer_02.writerow(
-                    [
-                        lei_02,
-                        entity.name,
-                        country_02,
-                        entity.dora_entity_type or "",
-                        entity.dora_entity_hierarchy or "",
-                        parent_entity_lei,
-                        last_update,
-                        integration_date,
-                        deletion_date,
-                        currency_02,
-                        entity.dora_assets_value
-                        if entity.dora_assets_value is not None
-                        else "",
-                    ]
-                )
-
-            # Add CSV to zip in reports folder
-            zip_file.writestr(
-                "reports/b_01.02.csv", csv_buffer_02.getvalue().encode("utf-8")
-            )
-
-            # Create b_01.03.csv - Branches register
-            csv_buffer_03 = io.StringIO()
-            csv_writer_03 = csv.writer(csv_buffer_03)
-
-            # Write CSV headers
-            csv_writer_03.writerow(
-                [
-                    "c0010",
-                    "c0020",
-                    "c0030",
-                    "c0040",
-                ]
-            )
-
-            # Get main entity LEI for parent reference
-            main_entity_lei = ""
-            if main_entity.legal_identifiers:
-                main_entity_lei = main_entity.legal_identifiers.get("LEI", "")
-
-            # Query all branches (entities with parent_entity = main_entity)
-            branches = Entity.objects.filter(parent_entity=main_entity)
-
-            # Write branch data
-            for branch in branches:
-                # Branch identification code (LEI)
-                branch_lei = ""
-                if branch.legal_identifiers:
-                    branch_lei = branch.legal_identifiers.get("LEI", "")
-
-                # Parent entity LEI (main entity)
-                parent_lei = main_entity_lei
-
-                # Branch name
-                branch_name = branch.name
-
-                # Branch country with eba_GA: prefix
-                branch_country = ""
-                if branch.country:
-                    branch_country = f"eba_GA:{branch.country}"
-
-                csv_writer_03.writerow(
-                    [
-                        branch_lei,
-                        parent_lei,
-                        branch_name,
-                        branch_country,
-                    ]
-                )
-
-            # Add CSV to zip in reports folder
-            zip_file.writestr(
-                "reports/b_01.03.csv", csv_buffer_03.getvalue().encode("utf-8")
-            )
-
-            # Create b_02.01.csv - Contractual arrangements register
-            csv_buffer_0201 = io.StringIO()
-            csv_writer_0201 = csv.writer(csv_buffer_0201)
-
-            # Write CSV headers
-            csv_writer_0201.writerow(
-                [
-                    "c0010",
-                    "c0020",
-                    "c0030",
-                    "c0040",
-                    "c0050",
-                ]
-            )
-
-            # Get viewable contracts for the current user
-            (viewable_contracts, _, _) = RoleAssignment.get_accessible_object_ids(
-                folder=Folder.get_root_folder(),
-                user=request.user,
-                object_type=Contract,
-            )
-
-            # Write contract data
-            for contract in Contract.objects.filter(
-                id__in=viewable_contracts
-            ).select_related("overarching_contract"):
-                # Contract reference number
-                contract_ref = contract.ref_id or str(contract.id)
-
-                # Type of contractual arrangement
-                arrangement_type = contract.dora_contractual_arrangement or ""
-
-                # Overarching contract reference
-                overarching_ref = ""
-                if contract.overarching_contract:
-                    overarching_ref = contract.overarching_contract.ref_id or str(
-                        contract.overarching_contract.id
-                    )
-
-                # Currency with eba_CU: prefix
-                currency_contract = ""
-                if contract.currency:
-                    currency_contract = f"eba_CU:{contract.currency}"
-
-                # Annual expense
-                annual_expense = (
-                    contract.annual_expense
-                    if contract.annual_expense is not None
-                    else ""
-                )
-
-                csv_writer_0201.writerow(
-                    [
-                        contract_ref,
-                        arrangement_type,
-                        overarching_ref,
-                        currency_contract,
-                        annual_expense,
-                    ]
-                )
-
-            # Add CSV to zip in reports folder
-            zip_file.writestr(
-                "reports/b_02.01.csv", csv_buffer_0201.getvalue().encode("utf-8")
-            )
-
-            # Create b_02.02.csv - Contractual arrangements details
-            csv_buffer_0202 = io.StringIO()
-            csv_writer_0202 = csv.writer(csv_buffer_0202)
-
-            # Write CSV headers
-            csv_writer_0202.writerow(
-                [
-                    "c0010",
-                    "c0020",
-                    "c0030",
-                    "c0040",
-                    "c0050",
-                    "c0060",
-                    "c0070",
-                    "c0080",
-                    "c0090",
-                    "c0100",
-                    "c0110",
-                    "c0120",
-                    "c0130",
-                    "c0140",
-                    "c0150",
-                    "c0160",
-                    "c0170",
-                    "c0180",
-                ]
-            )
-
-            # Get main entity LEI
-            main_entity_lei = ""
-            if main_entity.legal_identifiers:
-                main_entity_lei = main_entity.legal_identifiers.get("LEI", "")
-
-            # Write contract-solution relationship data
-            for contract in Contract.objects.filter(
-                id__in=viewable_contracts
-            ).select_related("solution__provider_entity"):
-                # For the solution in the contract
-                solution = contract.solution
-                if solution:
-                    # Contract reference number
-                    contract_ref = contract.ref_id or str(contract.id)
-
-                    # Provider entity LEI
-                    provider_lei = ""
-                    provider_country = ""
-                    if solution.provider_entity:
-                        if solution.provider_entity.legal_identifiers:
-                            provider_lei = (
-                                solution.provider_entity.legal_identifiers.get(
-                                    "LEI", ""
-                                )
-                            )
-                        if solution.provider_entity.country:
-                            provider_country = (
-                                f"eba_GA:{solution.provider_entity.country}"
-                            )
-
-                    # Type of code (determine from legal identifiers)
-                    code_type = "LEI" if provider_lei else ""
-
-                    # Function identifier - using criticality as placeholder
-                    function_id = ""
-
-                    # ICT service type
-                    ict_service_type = solution.dora_ict_service_type or ""
-
-                    # Dates
-                    start_date = (
-                        contract.start_date.strftime("%Y-%m-%d")
-                        if contract.start_date
-                        else "2999-12-31"
-                    )
-                    end_date = (
-                        contract.end_date.strftime("%Y-%m-%d")
-                        if contract.end_date
-                        else "2999-12-31"
-                    )
-
-                    # Termination reason
-                    termination_reason = contract.termination_reason or ""
-
-                    # Notice periods
-                    notice_period_entity = (
-                        contract.notice_period_entity
-                        if contract.notice_period_entity is not None
-                        else ""
-                    )
-                    notice_period_provider = (
-                        contract.notice_period_provider
-                        if contract.notice_period_provider is not None
-                        else ""
-                    )
-
-                    # Governing law country
-                    governing_law = ""
-                    if contract.governing_law_country:
-                        governing_law = f"eba_GA:{contract.governing_law_country}"
-
-                    # Data storage and processing from solution
-                    storage_of_data = (
-                        "eba_BT:x28" if solution.storage_of_data else "eba_BT:x29"
-                    )
-
-                    data_location_storage = ""
-                    if solution.data_location_storage:
-                        data_location_storage = (
-                            f"eba_GA:{solution.data_location_storage}"
-                        )
-
-                    data_location_processing = ""
-                    if solution.data_location_processing:
-                        data_location_processing = (
-                            f"eba_GA:{solution.data_location_processing}"
-                        )
-
-                    data_sensitiveness = solution.dora_data_sensitiveness or ""
-                    reliance_level = solution.dora_reliance_level or ""
-
-                    csv_writer_0202.writerow(
-                        [
-                            contract_ref,
-                            main_entity_lei,
-                            provider_lei,
-                            code_type,
-                            function_id,
-                            ict_service_type,
-                            start_date,
-                            end_date,
-                            termination_reason,
-                            notice_period_entity,
-                            notice_period_provider,
-                            governing_law,
-                            provider_country,
-                            storage_of_data,
-                            data_location_storage,
-                            data_location_processing,
-                            data_sensitiveness,
-                            reliance_level,
-                        ]
-                    )
-
-            # Add CSV to zip in reports folder
-            zip_file.writestr(
-                "reports/b_02.02.csv", csv_buffer_0202.getvalue().encode("utf-8")
-            )
-
-            # Create b_02.03.csv - List of intra-group contractual arrangements
-            csv_buffer_0203 = io.StringIO()
-            csv_writer_0203 = csv.writer(csv_buffer_0203)
-
-            # Write CSV headers
-            csv_writer_0203.writerow(
-                [
-                    "c0010",
-                    "c0020",
-                    "c0030",
-                ]
-            )
-
-            # Query intra-group contracts that have an overarching contract
-            # Only include contracts the user has access to
-            intragroup_contracts = Contract.objects.filter(
-                id__in=viewable_contracts,
-                is_intragroup=True,
-                overarching_contract__isnull=False,
-            ).select_related("overarching_contract")
-
-            # Write intra-group contract relationships
-            for contract in intragroup_contracts:
-                # Subordinate contract reference
-                subordinate_ref = contract.ref_id or str(contract.id)
-
-                # Overarching contract reference
-                overarching_ref = ""
-                if contract.overarching_contract:
-                    overarching_ref = contract.overarching_contract.ref_id or str(
-                        contract.overarching_contract.id
-                    )
-
-                # Link indicator (always "true" for populated rows)
-                link_indicator = "true"
-
-                csv_writer_0203.writerow(
-                    [
-                        subordinate_ref,
-                        overarching_ref,
-                        link_indicator,
-                    ]
-                )
-
-            # Add CSV to zip in reports folder
-            zip_file.writestr(
-                "reports/b_02.03.csv", csv_buffer_0203.getvalue().encode("utf-8")
-            )
-
-            # Create b_03.01.csv - Entities signing the contractual arrangements
-            csv_buffer_0301 = io.StringIO()
-            csv_writer_0301 = csv.writer(csv_buffer_0301)
-
-            # Write CSV headers
-            csv_writer_0301.writerow(
-                [
-                    "c0010",
-                    "c0020",
-                    "c0030",
-                ]
-            )
-
-            # Get main entity LEI for signing entity
-            main_entity_lei = ""
-            if main_entity.legal_identifiers:
-                main_entity_lei = main_entity.legal_identifiers.get("LEI", "")
-
-            # Write contract-signing entity relationships
-            # For each contract, the main entity is the signing entity
-            for contract in Contract.objects.filter(id__in=viewable_contracts):
-                # Contract reference number
-                contract_ref = contract.ref_id or str(contract.id)
-
-                # LEI of the signing entity (main entity)
-                signing_entity_lei = main_entity_lei
-
-                # Link indicator (always "true" for populated rows)
-                link_indicator = "true"
-
-                csv_writer_0301.writerow(
-                    [
-                        contract_ref,
-                        signing_entity_lei,
-                        link_indicator,
-                    ]
-                )
-
-            # Add CSV to zip in reports folder
-            zip_file.writestr(
-                "reports/b_03.01.csv", csv_buffer_0301.getvalue().encode("utf-8")
-            )
-
-            # Create b_03.02.csv - ICT third-party service providers signing the contractual arrangements
-            csv_buffer_0302 = io.StringIO()
-            csv_writer_0302 = csv.writer(csv_buffer_0302)
-
-            # Write CSV headers
-            csv_writer_0302.writerow(
-                [
-                    "c0010",
-                    "c0020",
-                    "c0030",
-                    "c0045",
-                ]
-            )
-
-            # Write contract-provider relationships
-            for contract in Contract.objects.filter(
-                id__in=viewable_contracts
-            ).select_related("provider_entity"):
-                # Contract reference number
-                contract_ref = contract.ref_id or str(contract.id)
-
-                # Get provider entity
-                provider = contract.provider_entity
-                if provider:
-                    # Extract identification code from legal_identifiers
-                    # Priority order: LEI, EUID, VAT, DUNS, others
-                    provider_code = ""
-                    code_type = ""
-
-                    if provider.legal_identifiers:
-                        # Try to get LEI first (preferred for DORA)
-                        if (
-                            "LEI" in provider.legal_identifiers
-                            and provider.legal_identifiers["LEI"]
-                        ):
-                            provider_code = provider.legal_identifiers["LEI"]
-                            code_type = "LEI"
-                        # Then try other identifiers
-                        elif (
-                            "EUID" in provider.legal_identifiers
-                            and provider.legal_identifiers["EUID"]
-                        ):
-                            provider_code = provider.legal_identifiers["EUID"]
-                            code_type = "EUID"
-                        elif (
-                            "VAT" in provider.legal_identifiers
-                            and provider.legal_identifiers["VAT"]
-                        ):
-                            provider_code = provider.legal_identifiers["VAT"]
-                            code_type = "VAT"
-                        elif (
-                            "DUNS" in provider.legal_identifiers
-                            and provider.legal_identifiers["DUNS"]
-                        ):
-                            provider_code = provider.legal_identifiers["DUNS"]
-                            code_type = "DUNS"
-                        else:
-                            # Use first available identifier
-                            for key, value in provider.legal_identifiers.items():
-                                if value:
-                                    provider_code = value
-                                    code_type = key
-                                    break
-
-                    # Link indicator (always "true" for populated rows)
-                    link_indicator = "true"
-
-                    csv_writer_0302.writerow(
-                        [
-                            contract_ref,
-                            provider_code,
-                            code_type,
-                            link_indicator,
-                        ]
-                    )
-
-            # Add CSV to zip in reports folder
-            zip_file.writestr(
-                "reports/b_03.02.csv", csv_buffer_0302.getvalue().encode("utf-8")
-            )
-
-            # Create b_03.03.csv - Entities signing the contractual arrangements for providing ICT services within the group
-            csv_buffer_0303 = io.StringIO()
-            csv_writer_0303 = csv.writer(csv_buffer_0303)
-
-            # Write CSV headers
-            csv_writer_0303.writerow(
-                [
-                    "c0010",
-                    "c0020",
-                    "c0031",
-                ]
-            )
-
-            # Get main entity LEI for intra-group provider
-            main_entity_lei = ""
-            if main_entity.legal_identifiers:
-                main_entity_lei = main_entity.legal_identifiers.get("LEI", "")
-
-            # Write intra-group contract-provider relationships
-            # Focus on contracts where main entity provides services to other entities in the group
-            for contract in Contract.objects.filter(
-                id__in=viewable_contracts, is_intragroup=True
-            ):
-                # Contract reference number
-                contract_ref = contract.ref_id or str(contract.id)
-
-                # LEI of the entity providing services (main entity)
-                provider_lei = main_entity_lei
-
-                # Link indicator (always "true" for populated rows)
-                link_indicator = "true"
-
-                csv_writer_0303.writerow(
-                    [
-                        contract_ref,
-                        provider_lei,
-                        link_indicator,
-                    ]
-                )
-
-            # Add CSV to zip in reports folder
-            zip_file.writestr(
-                "reports/b_03.03.csv", csv_buffer_0303.getvalue().encode("utf-8")
-            )
-
-            # Create b_04.01.csv - Entities making use of the ICT services
-            csv_buffer_0401 = io.StringIO()
-            csv_writer_0401 = csv.writer(csv_buffer_0401)
-
-            # Write CSV headers
-            csv_writer_0401.writerow(
-                [
-                    "c0010",
-                    "c0020",
-                    "c0030",
-                    "c0040",
-                ]
-            )
-
-            # Get all entities (main entity + branches)
-            entities_using_services = [main_entity] + list(
-                Entity.objects.filter(parent_entity=main_entity)
-            )
-
-            # For each contract, list the main entity and its branches as users
-            for contract in Contract.objects.filter(id__in=viewable_contracts):
-                contract_ref = contract.ref_id or str(contract.id)
-
-                # For each entity in the group (main entity + branches)
-                for entity in entities_using_services:
-                    # LEI of the entity using the service
-                    entity_lei = ""
-                    if entity.legal_identifiers:
-                        entity_lei = entity.legal_identifiers.get("LEI", "")
-
-                    # Nature of the entity (DORA entity type)
-                    entity_nature = entity.dora_entity_type or ""
-
-                    # Branch identification code
-                    # Empty for main entity, branch LEI for branches
-                    branch_code = ""
-                    if entity.parent_entity:  # This is a branch
-                        if entity.legal_identifiers:
-                            branch_code = entity.legal_identifiers.get("LEI", "")
-
-                    csv_writer_0401.writerow(
-                        [
-                            contract_ref,
-                            entity_lei,
-                            entity_nature,
-                            branch_code,
-                        ]
-                    )
-
-            # Add CSV to zip in reports folder
-            zip_file.writestr(
-                "reports/b_04.01.csv", csv_buffer_0401.getvalue().encode("utf-8")
-            )
-
-            # Create b_05.01.csv - ICT third-party service providers
-            csv_buffer_0501 = io.StringIO()
-            csv_writer_0501 = csv.writer(csv_buffer_0501)
-
-            # Write CSV headers
-            csv_writer_0501.writerow(
-                [
-                    "c0010",
-                    "c0020",
-                    "c0030",
-                    "c0040",
-                    "c0050",
-                    "c0060",
-                    "c0070",
-                    "c0080",
-                    "c0090",
-                ]
-            )
+        # Get accessible objects for the current user
+        (viewable_entities, _, _) = RoleAssignment.get_accessible_object_ids(
+            folder=Folder.get_root_folder(),
+            user=request.user,
+            object_type=Entity,
+        )
 
-            # Get unique third-party providers from contracts (excluding intragroup)
-            # Group by provider and calculate total expenses
-            third_party_contracts = Contract.objects.filter(
-                id__in=viewable_contracts,
-                is_intragroup=False,
-                provider_entity__isnull=False,
-            ).select_related("provider_entity", "provider_entity__parent_entity")
-
-            # Aggregate expenses by provider
-            providers_data = {}
-            for contract in third_party_contracts:
-                provider = contract.provider_entity
-                provider_id = provider.id
-
-                if provider_id not in providers_data:
-                    providers_data[provider_id] = {
-                        "provider": provider,
-                        "total_expense": 0,
-                        "currency": contract.currency or main_entity.currency or "",
-                    }
-
-                # Add annual expense if available
-                if contract.annual_expense:
-                    providers_data[provider_id]["total_expense"] += (
-                        contract.annual_expense
-                    )
-
-            # Write provider data
-            for provider_id, data in providers_data.items():
-                provider = data["provider"]
-
-                # c0010: Identification code of provider
-                # c0020: Type of code
-                provider_code = ""
-                code_type = ""
-
-                if provider.legal_identifiers:
-                    # Priority: LEI, EUID, VAT, DUNS, others
-                    if (
-                        "LEI" in provider.legal_identifiers
-                        and provider.legal_identifiers["LEI"]
-                    ):
-                        provider_code = provider.legal_identifiers["LEI"]
-                        code_type = "LEI"
-                    elif (
-                        "EUID" in provider.legal_identifiers
-                        and provider.legal_identifiers["EUID"]
-                    ):
-                        provider_code = provider.legal_identifiers["EUID"]
-                        code_type = "EUID"
-                    elif (
-                        "VAT" in provider.legal_identifiers
-                        and provider.legal_identifiers["VAT"]
-                    ):
-                        provider_code = provider.legal_identifiers["VAT"]
-                        code_type = "VAT"
-                    elif (
-                        "DUNS" in provider.legal_identifiers
-                        and provider.legal_identifiers["DUNS"]
-                    ):
-                        provider_code = provider.legal_identifiers["DUNS"]
-                        code_type = "DUNS"
-                    else:
-                        # Use first available identifier
-                        for key, value in provider.legal_identifiers.items():
-                            if value:
-                                provider_code = value
-                                code_type = key
-                                break
-
-                # c0030: Name of provider
-                provider_name = provider.name
-
-                # c0040: Type of person (DORA provider person type)
-                type_of_person = provider.dora_provider_person_type or ""
-
-                # c0050: Country of headquarters
-                provider_country = ""
-                if provider.country:
-                    provider_country = f"eba_GA:{provider.country}"
-
-                # c0060: Currency
-                currency = ""
-                if data["currency"]:
-                    currency = f"eba_CU:{data['currency']}"
-
-                # c0070: Total annual expense
-                total_expense = data["total_expense"] if data["total_expense"] else ""
-
-                # c0080: Ultimate parent undertaking identification code
-                # c0090: Type of code for parent
-                parent_code = ""
-                parent_code_type = ""
-
-                if provider.parent_entity:
-                    if provider.parent_entity.legal_identifiers:
-                        # Same priority as provider code
-                        if (
-                            "LEI" in provider.parent_entity.legal_identifiers
-                            and provider.parent_entity.legal_identifiers["LEI"]
-                        ):
-                            parent_code = provider.parent_entity.legal_identifiers[
-                                "LEI"
-                            ]
-                            parent_code_type = "LEI"
-                        elif (
-                            "EUID" in provider.parent_entity.legal_identifiers
-                            and provider.parent_entity.legal_identifiers["EUID"]
-                        ):
-                            parent_code = provider.parent_entity.legal_identifiers[
-                                "EUID"
-                            ]
-                            parent_code_type = "EUID"
-                        elif (
-                            "VAT" in provider.parent_entity.legal_identifiers
-                            and provider.parent_entity.legal_identifiers["VAT"]
-                        ):
-                            parent_code = provider.parent_entity.legal_identifiers[
-                                "VAT"
-                            ]
-                            parent_code_type = "VAT"
-                        elif (
-                            "DUNS" in provider.parent_entity.legal_identifiers
-                            and provider.parent_entity.legal_identifiers["DUNS"]
-                        ):
-                            parent_code = provider.parent_entity.legal_identifiers[
-                                "DUNS"
-                            ]
-                            parent_code_type = "DUNS"
-                        else:
-                            # Use first available identifier
-                            for (
-                                key,
-                                value,
-                            ) in provider.parent_entity.legal_identifiers.items():
-                                if value:
-                                    parent_code = value
-                                    parent_code_type = key
-                                    break
-
-                csv_writer_0501.writerow(
-                    [
-                        provider_code,
-                        code_type,
-                        provider_name,
-                        type_of_person,
-                        provider_country,
-                        currency,
-                        total_expense,
-                        parent_code,
-                        parent_code_type,
-                    ]
-                )
-
-            # Add CSV to zip in reports folder
-            zip_file.writestr(
-                "reports/b_05.01.csv", csv_buffer_0501.getvalue().encode("utf-8")
-            )
+        (viewable_contracts, _, _) = RoleAssignment.get_accessible_object_ids(
+            folder=Folder.get_root_folder(),
+            user=request.user,
+            object_type=Contract,
+        )
 
-            # Create b_05.02.csv - ICT service supply chains
-            csv_buffer_0502 = io.StringIO()
-            csv_writer_0502 = csv.writer(csv_buffer_0502)
-
-            # Write CSV headers
-            csv_writer_0502.writerow(
-                [
-                    "c0010",
-                    "c0020",
-                    "c0030",
-                    "c0040",
-                    "c0050",
-                    "c0060",
-                    "c0070",
-                ]
-            )
+        (viewable_assets, _, _) = RoleAssignment.get_accessible_object_ids(
+            folder=Folder.get_root_folder(),
+            user=request.user,
+            object_type=Asset,
+        )
 
-            # Get main entity LEI for recipient
-            main_entity_lei = ""
-            main_entity_code_type = ""
-            if main_entity.legal_identifiers:
-                # Get main entity identifier with priority: LEI, EUID, VAT, DUNS
-                if (
-                    "LEI" in main_entity.legal_identifiers
-                    and main_entity.legal_identifiers["LEI"]
-                ):
-                    main_entity_lei = main_entity.legal_identifiers["LEI"]
-                    main_entity_code_type = "LEI"
-                elif (
-                    "EUID" in main_entity.legal_identifiers
-                    and main_entity.legal_identifiers["EUID"]
-                ):
-                    main_entity_lei = main_entity.legal_identifiers["EUID"]
-                    main_entity_code_type = "EUID"
-                elif (
-                    "VAT" in main_entity.legal_identifiers
-                    and main_entity.legal_identifiers["VAT"]
-                ):
-                    main_entity_lei = main_entity.legal_identifiers["VAT"]
-                    main_entity_code_type = "VAT"
-                elif (
-                    "DUNS" in main_entity.legal_identifiers
-                    and main_entity.legal_identifiers["DUNS"]
-                ):
-                    main_entity_lei = main_entity.legal_identifiers["DUNS"]
-                    main_entity_code_type = "DUNS"
-                else:
-                    # Use first available identifier
-                    for key, value in main_entity.legal_identifiers.items():
-                        if value:
-                            main_entity_lei = value
-                            main_entity_code_type = key
-                            break
-
-            # Write contract-solution-provider supply chain data
-            for contract in Contract.objects.filter(
-                id__in=viewable_contracts,
-                is_intragroup=False,
-                provider_entity__isnull=False,
-                solution__isnull=False,
-            ).select_related("provider_entity", "solution"):
-                # c0010: Contract reference
-                contract_ref = contract.ref_id or str(contract.id)
-
-                # c0020: Type of ICT services
-                ict_service_type = ""
-                if contract.solution:
-                    ict_service_type = contract.solution.dora_ict_service_type or ""
-
-                # c0030: Provider identification code
-                # c0040: Provider code type
-                provider_code = ""
-                provider_code_type = ""
-                provider = contract.provider_entity
-                if provider and provider.legal_identifiers:
-                    # Priority: LEI, EUID, VAT, DUNS, others
-                    if (
-                        "LEI" in provider.legal_identifiers
-                        and provider.legal_identifiers["LEI"]
-                    ):
-                        provider_code = provider.legal_identifiers["LEI"]
-                        provider_code_type = "LEI"
-                    elif (
-                        "EUID" in provider.legal_identifiers
-                        and provider.legal_identifiers["EUID"]
-                    ):
-                        provider_code = provider.legal_identifiers["EUID"]
-                        provider_code_type = "EUID"
-                    elif (
-                        "VAT" in provider.legal_identifiers
-                        and provider.legal_identifiers["VAT"]
-                    ):
-                        provider_code = provider.legal_identifiers["VAT"]
-                        provider_code_type = "VAT"
-                    elif (
-                        "DUNS" in provider.legal_identifiers
-                        and provider.legal_identifiers["DUNS"]
-                    ):
-                        provider_code = provider.legal_identifiers["DUNS"]
-                        provider_code_type = "DUNS"
-                    else:
-                        # Use first available identifier
-                        for key, value in provider.legal_identifiers.items():
-                            if value:
-                                provider_code = value
-                                provider_code_type = key
-                                break
-
-                # c0050: Rank (criticality)
-                rank = ""
-                if contract.solution:
-                    rank = (
-                        contract.solution.criticality
-                        if contract.solution.criticality
-                        else ""
-                    )
-
-                # c0060: Recipient identification (main entity)
-                recipient_code = main_entity_lei
-
-                # c0070: Recipient code type
-                recipient_code_type = main_entity_code_type
-
-                csv_writer_0502.writerow(
-                    [
-                        contract_ref,
-                        ict_service_type,
-                        provider_code,
-                        provider_code_type,
-                        rank,
-                        recipient_code,
-                        recipient_code_type,
-                    ]
-                )
-
-            # Add CSV to zip in reports folder
-            zip_file.writestr(
-                "reports/b_05.02.csv", csv_buffer_0502.getvalue().encode("utf-8")
-            )
+        # Prepare entity lists
+        all_entities = [main_entity] + list(
+            Entity.objects.filter(id__in=viewable_entities, parent_entity=main_entity)
+        )
+        branches = list(
+            Entity.objects.filter(id__in=viewable_entities, parent_entity=main_entity)
+        )
 
-            # Create b_06.01.csv - Critical or important functions register
-            csv_buffer_0601 = io.StringIO()
-            csv_writer_0601 = csv.writer(csv_buffer_0601)
-
-            # Write CSV headers
-            csv_writer_0601.writerow(
-                [
-                    "c0010",
-                    "c0020",
-                    "c0030",
-                    "c0040",
-                    "c0050",
-                    "c0060",
-                    "c0070",
-                    "c0080",
-                    "c0090",
-                    "c0100",
-                ]
-            )
+        # Prepare contract QuerySets
+        contracts = Contract.objects.filter(id__in=viewable_contracts)
 
-            # Get main entity LEI for function association
-            main_entity_lei = ""
-            if main_entity.legal_identifiers:
-                main_entity_lei = main_entity.legal_identifiers.get("LEI", "")
+        # Prepare business functions
+        business_functions = Asset.objects.filter(
+            id__in=viewable_assets, is_business_function=True
+        )
 
-            # Get viewable business functions for the current user
-            (viewable_assets, _, _) = RoleAssignment.get_accessible_object_ids(
-                folder=Folder.get_root_folder(),
-                user=request.user,
-                object_type=Asset,
-            )
+        # Create zip file in memory
+        zip_buffer = io.BytesIO()
+        with zipfile.ZipFile(zip_buffer, "w", zipfile.ZIP_DEFLATED) as zip_file:
+            # Generate all DORA ROI reports
+            dora_export.generate_b_01_01_main_entity(zip_file, main_entity)
+            dora_export.generate_b_01_02_entities(zip_file, main_entity, all_entities)
+            dora_export.generate_b_01_03_branches(zip_file, main_entity, branches)
 
-            # Query all business functions
-            business_functions = Asset.objects.filter(
-                id__in=viewable_assets, is_business_function=True
-            )
+            dora_export.generate_b_02_01_contracts(zip_file, contracts)
+            dora_export.generate_b_02_02_ict_services(zip_file, contracts)
+            dora_export.generate_b_02_03_intragroup_contracts(zip_file, contracts)
 
-            # Write function data
-            for function in business_functions:
-                # Function identifier
-                function_id = function.ref_id or str(function.id)
-
-                # Licensed activity
-                licensed_activity = function.dora_licenced_activity or ""
-
-                # Function name
-                function_name = function.name
-
-                # LEI of financial entity
-                entity_lei = main_entity_lei
-
-                # Criticality assessment
-                criticality = function.dora_criticality_assessment or ""
-
-                # Reasons for criticality
-                criticality_reasons = function.dora_criticality_justification or ""
-
-                # Date of last assessment
-                last_assessment_date = (
-                    function.updated_at.strftime("%Y-%m-%d")
-                    if function.updated_at
-                    else "2999-12-31"
-                )
-
-                # Recovery time objective (RTO) - extract from disaster_recovery_objectives JSON
-                rto = ""
-                if function.disaster_recovery_objectives:
-                    objectives = function.disaster_recovery_objectives.get(
-                        "objectives", {}
-                    )
-                    rto_obj = objectives.get("rto", {})
-                    if rto_obj and "value" in rto_obj:
-                        rto = rto_obj["value"]
-
-                # Recovery point objective (RPO) - extract from disaster_recovery_objectives JSON
-                rpo = ""
-                if function.disaster_recovery_objectives:
-                    objectives = function.disaster_recovery_objectives.get(
-                        "objectives", {}
-                    )
-                    rpo_obj = objectives.get("rpo", {})
-                    if rpo_obj and "value" in rpo_obj:
-                        rpo = rpo_obj["value"]
-
-                # Impact of discontinuing
-                discontinuing_impact = function.dora_discontinuing_impact or ""
-
-                csv_writer_0601.writerow(
-                    [
-                        function_id,
-                        licensed_activity,
-                        function_name,
-                        entity_lei,
-                        criticality,
-                        criticality_reasons,
-                        last_assessment_date,
-                        rto,
-                        rpo,
-                        discontinuing_impact,
-                    ]
-                )
-
-            # Add CSV to zip in reports folder
-            zip_file.writestr(
-                "reports/b_06.01.csv", csv_buffer_0601.getvalue().encode("utf-8")
+            dora_export.generate_b_03_01_signing_entities(
+                zip_file, main_entity, contracts
             )
-
-            # Create b_07.01.csv - Assessment of ICT services
-            csv_buffer_0701 = io.StringIO()
-            csv_writer_0701 = csv.writer(csv_buffer_0701)
-
-            # Write CSV headers
-            csv_writer_0701.writerow(
-                [
-                    "c0010",  # Contract reference
-                    "c0020",  # Provider ID code
-                    "c0030",  # Provider code type
-                    "c0040",  # ICT service type
-                    "c0050",  # Substitutability
-                    "c0060",  # Non-substitutability reason
-                    "c0070",  # Last audit date
-                    "c0080",  # Exit plan
-                    "c0090",  # Reintegration possibility
-                    "c0100",  # Discontinuing impact
-                    "c0110",  # Alternative providers identified
-                    "c0120",  # Alternative provider IDs
-                ]
+            dora_export.generate_b_03_02_ict_providers(zip_file, contracts)
+            dora_export.generate_b_03_03_intragroup_providers(
+                zip_file, main_entity, contracts
             )
 
-            # Get contracts with both provider and solution for assessment
-            for contract in Contract.objects.filter(
-                id__in=viewable_contracts,
-                is_intragroup=False,
-                provider_entity__isnull=False,
-                solution__isnull=False,
-            ).select_related("provider_entity", "solution"):
-                # c0010: Contract reference
-                contract_ref = contract.ref_id or str(contract.id)
-
-                # c0020: Provider identification code
-                # c0030: Provider code type
-                provider_code = ""
-                provider_code_type = ""
-                provider = contract.provider_entity
-                if provider and provider.legal_identifiers:
-                    # Priority: LEI, EUID, VAT, DUNS, others
-                    if (
-                        "LEI" in provider.legal_identifiers
-                        and provider.legal_identifiers["LEI"]
-                    ):
-                        provider_code = provider.legal_identifiers["LEI"]
-                        provider_code_type = "LEI"
-                    elif (
-                        "EUID" in provider.legal_identifiers
-                        and provider.legal_identifiers["EUID"]
-                    ):
-                        provider_code = provider.legal_identifiers["EUID"]
-                        provider_code_type = "EUID"
-                    elif (
-                        "VAT" in provider.legal_identifiers
-                        and provider.legal_identifiers["VAT"]
-                    ):
-                        provider_code = provider.legal_identifiers["VAT"]
-                        provider_code_type = "VAT"
-                    elif (
-                        "DUNS" in provider.legal_identifiers
-                        and provider.legal_identifiers["DUNS"]
-                    ):
-                        provider_code = provider.legal_identifiers["DUNS"]
-                        provider_code_type = "DUNS"
-                    else:
-                        # Use first available identifier
-                        for key, value in provider.legal_identifiers.items():
-                            if value:
-                                provider_code = value
-                                provider_code_type = key
-                                break
-
-                solution = contract.solution
-
-                # c0040: ICT service type
-                ict_service_type = solution.dora_ict_service_type or ""
-
-                # c0050: Substitutability
-                substitutability = solution.dora_substitutability or ""
-
-                # c0060: Non-substitutability reason
-                non_substitutability_reason = (
-                    solution.dora_non_substitutability_reason or ""
-                )
-
-                # c0070: Last audit date (use solution updated_at as placeholder)
-                last_audit_date = (
-                    solution.updated_at.strftime("%Y-%m-%d")
-                    if solution.updated_at
-                    else ""
-                )
-
-                # c0080: Exit plan
-                exit_plan = solution.dora_has_exit_plan or ""
-
-                # c0090: Reintegration possibility
-                reintegration_possibility = (
-                    solution.dora_reintegration_possibility or ""
-                )
-
-                # c0100: Discontinuing impact
-                discontinuing_impact = solution.dora_discontinuing_impact or ""
-
-                # c0110: Alternative providers identified
-                alternative_providers_identified = (
-                    solution.dora_alternative_providers_identified or ""
-                )
-
-                # c0120: Alternative provider IDs
-                alternative_providers = solution.dora_alternative_providers or ""
-
-                csv_writer_0701.writerow(
-                    [
-                        contract_ref,
-                        provider_code,
-                        provider_code_type,
-                        ict_service_type,
-                        substitutability,
-                        non_substitutability_reason,
-                        last_audit_date,
-                        exit_plan,
-                        reintegration_possibility,
-                        discontinuing_impact,
-                        alternative_providers_identified,
-                        alternative_providers,
-                    ]
-                )
-
-            # Add CSV to zip in reports folder
-            zip_file.writestr(
-                "reports/b_07.01.csv", csv_buffer_0701.getvalue().encode("utf-8")
+            dora_export.generate_b_04_01_service_users(
+                zip_file, main_entity, branches, contracts
             )
 
-            # Create b_99.01.csv - Aggregation report
-            csv_buffer_9901 = io.StringIO()
-            csv_writer_9901 = csv.writer(csv_buffer_9901)
-
-            # Write CSV headers
-            csv_writer_9901.writerow(
-                [
-                    "c0010",  # Standalone arrangement
-                    "c0020",  # Overarching arrangement
-                    "c0030",  # Subsequent or associated arrangement
-                    "c0040",  # Data sensitiveness: Low
-                    "c0050",  # Data sensitiveness: Medium
-                    "c0060",  # Data sensitiveness: High
-                    "c0070",  # Impact discontinuing function: Low
-                    "c0080",  # Impact discontinuing function: Medium
-                    "c0090",  # Impact discontinuing function: High
-                    "c0100",  # Substitutability: Not substitutable
-                    "c0110",  # Substitutability: Highly complex
-                    "c0120",  # Substitutability: Medium complexity
-                    "c0130",  # Substitutability: Easily substitutable
-                    "c0140",  # Reintegration: Easy
-                    "c0150",  # Reintegration: Difficult
-                    "c0160",  # Reintegration: Highly complex
-                    "c0170",  # Impact discontinuing ICT: Low
-                    "c0180",  # Impact discontinuing ICT: Medium
-                    "c0190",  # Impact discontinuing ICT: High
-                ]
+            dora_export.generate_b_05_01_provider_details(
+                zip_file, main_entity, contracts
             )
+            dora_export.generate_b_05_02_supply_chains(zip_file, main_entity, contracts)
 
-            # Get all third-party contracts with solutions for aggregation
-            contracts_for_aggregation = Contract.objects.filter(
-                id__in=viewable_contracts,
-                is_intragroup=False,
-                provider_entity__isnull=False,
-                solution__isnull=False,
-            ).select_related("solution")
-
-            # Initialize counters
-            # Contractual arrangement counts
-            standalone_count = 0
-            overarching_count = 0
-            subsequent_count = 0
-
-            # Data sensitiveness counts
-            sensitiveness_low = 0
-            sensitiveness_medium = 0
-            sensitiveness_high = 0
-
-            # Impact of discontinuing function (from assets)
-            function_impact_low = 0
-            function_impact_medium = 0
-            function_impact_high = 0
-
-            # Substitutability counts
-            substitutability_not = 0
-            substitutability_highly_complex = 0
-            substitutability_medium = 0
-            substitutability_easy = 0
-
-            # Reintegration possibility counts
-            reintegration_easy = 0
-            reintegration_difficult = 0
-            reintegration_highly_complex = 0
-
-            # Impact of discontinuing ICT services counts
-            ict_impact_low = 0
-            ict_impact_medium = 0
-            ict_impact_high = 0
-
-            # Count contracts by each dimension
-            for contract in contracts_for_aggregation:
-                # Count by contractual arrangement
-                if contract.dora_contractual_arrangement == "eba_CO:x1":
-                    standalone_count += 1
-                elif contract.dora_contractual_arrangement == "eba_CO:x2":
-                    overarching_count += 1
-                elif contract.dora_contractual_arrangement == "eba_CO:x3":
-                    subsequent_count += 1
-
-                solution = contract.solution
-
-                # Count by data sensitiveness
-                if solution.dora_data_sensitiveness == "eba_ZZ:x791":
-                    sensitiveness_low += 1
-                elif solution.dora_data_sensitiveness == "eba_ZZ:x792":
-                    sensitiveness_medium += 1
-                elif solution.dora_data_sensitiveness == "eba_ZZ:x793":
-                    sensitiveness_high += 1
-
-                # Count by substitutability
-                if solution.dora_substitutability == "eba_ZZ:x959":
-                    substitutability_not += 1
-                elif solution.dora_substitutability == "eba_ZZ:x960":
-                    substitutability_highly_complex += 1
-                elif solution.dora_substitutability == "eba_ZZ:x961":
-                    substitutability_medium += 1
-                elif solution.dora_substitutability == "eba_ZZ:x962":
-                    substitutability_easy += 1
-
-                # Count by reintegration possibility
-                if solution.dora_reintegration_possibility == "eba_ZZ:x798":
-                    reintegration_easy += 1
-                elif solution.dora_reintegration_possibility == "eba_ZZ:x966":
-                    reintegration_difficult += 1
-                elif solution.dora_reintegration_possibility == "eba_ZZ:x967":
-                    reintegration_highly_complex += 1
-
-                # Count by impact of discontinuing ICT services
-                if solution.dora_discontinuing_impact == "eba_ZZ:x791":
-                    ict_impact_low += 1
-                elif solution.dora_discontinuing_impact == "eba_ZZ:x792":
-                    ict_impact_medium += 1
-                elif solution.dora_discontinuing_impact == "eba_ZZ:x793":
-                    ict_impact_high += 1
-
-            # Count business functions by impact of discontinuing
-            business_functions = Asset.objects.filter(
-                id__in=viewable_assets, is_business_function=True
+            dora_export.generate_b_06_01_functions(
+                zip_file, main_entity, business_functions
             )
 
-            for function in business_functions:
-                if function.dora_discontinuing_impact == "eba_ZZ:x791":
-                    function_impact_low += 1
-                elif function.dora_discontinuing_impact == "eba_ZZ:x792":
-                    function_impact_medium += 1
-                elif function.dora_discontinuing_impact == "eba_ZZ:x793":
-                    function_impact_high += 1
-
-            # Write aggregation row
-            csv_writer_9901.writerow(
-                [
-                    standalone_count,
-                    overarching_count,
-                    subsequent_count,
-                    sensitiveness_low,
-                    sensitiveness_medium,
-                    sensitiveness_high,
-                    function_impact_low,
-                    function_impact_medium,
-                    function_impact_high,
-                    substitutability_not,
-                    substitutability_highly_complex,
-                    substitutability_medium,
-                    substitutability_easy,
-                    reintegration_easy,
-                    reintegration_difficult,
-                    reintegration_highly_complex,
-                    ict_impact_low,
-                    ict_impact_medium,
-                    ict_impact_high,
-                ]
-            )
+            dora_export.generate_b_07_01_assessment(zip_file, contracts)
 
-            # Add CSV to zip in reports folder
-            zip_file.writestr(
-                "reports/b_99.01.csv", csv_buffer_9901.getvalue().encode("utf-8")
+            dora_export.generate_b_99_01_aggregation(
+                zip_file, contracts, business_functions
             )
 
         # Prepare response
         zip_buffer.seek(0)
 
         # Extract LEI for filename
-        lei = ""
-        if main_entity.legal_identifiers:
-            lei = main_entity.legal_identifiers.get("LEI", "")
+        lei, _ = dora_export.get_entity_identifier(main_entity, priority=["LEI"])
 
         # Use LEI in filename, fallback to timestamp if no LEI
         if lei:
diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index 91ad238e58..2775145de3 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -2636,7 +2636,7 @@
 	"doraEntityHierarchy": "Entity Hierarchy",
 	"doraAssetsValue": "Value of total assets",
 	"doraCompetentAuthority": "Competent Authority",
-	"doraProviderPersonType": "Provider Person Type",
+	"doraProviderPersonType": "Person Type",
 	"doraContractualArrangement": "Contract type",
 	"doraIctServiceType": "ICT Service Type",
 	"overarchingContract": "Overarching Contract",
diff --git a/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte b/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
index 1da3f3ec58..abf92f4437 100644
--- a/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
@@ -89,14 +89,6 @@
 		cacheLock={cacheLocks['country']}
 		bind:cachedValue={formDataCache['country']}
 	/>
-</Dropdown>
-
-<Dropdown
-	open={false}
-	style="hover:text-primary-700"
-	icon="fa-solid fa-scale-balanced"
-	header={m.doraSpecific()}
->
 	<AutocompleteSelect
 		{form}
 		field="currency"
@@ -105,6 +97,22 @@
 		cacheLock={cacheLocks['currency']}
 		bind:cachedValue={formDataCache['currency']}
 	/>
+	<AutocompleteSelect
+		{form}
+		field="dora_provider_person_type"
+		options={model.selectOptions?.dora_provider_person_type}
+		label={m.doraProviderPersonType()}
+		cacheLock={cacheLocks['dora_provider_person_type']}
+		bind:cachedValue={formDataCache['dora_provider_person_type']}
+	/>
+</Dropdown>
+
+<Dropdown
+	open={false}
+	style="hover:text-primary-700"
+	icon="fa-solid fa-scale-balanced"
+	header={m.doraSpecific()}
+>
 	<AutocompleteSelect
 		{form}
 		field="dora_entity_type"
@@ -135,12 +143,4 @@
 		cacheLock={cacheLocks['dora_competent_authority']}
 		bind:cachedValue={formDataCache['dora_competent_authority']}
 	/>
-	<AutocompleteSelect
-		{form}
-		field="dora_provider_person_type"
-		options={model.selectOptions?.dora_provider_person_type}
-		label={m.doraProviderPersonType()}
-		cacheLock={cacheLocks['dora_provider_person_type']}
-		bind:cachedValue={formDataCache['dora_provider_person_type']}
-	/>
 </Dropdown>
diff --git a/frontend/src/lib/utils/schemas.ts b/frontend/src/lib/utils/schemas.ts
index 74ee43af9f..2584b53302 100644
--- a/frontend/src/lib/utils/schemas.ts
+++ b/frontend/src/lib/utils/schemas.ts
@@ -580,10 +580,10 @@ export const EntitiesSchema = z.object({
 	country: z.string().optional(),
 	currency: z.string().optional(),
 	dora_entity_type: z.string().optional(),
-	dora_entity_hierarchy: z.string().optional().default('eba_RP:x53'),
+	dora_entity_hierarchy: z.string().optional(),
 	dora_assets_value: z.number().optional().nullable(),
 	dora_competent_authority: z.string().optional(),
-	dora_provider_person_type: z.string().optional().default('eba_CT:x212')
+	dora_provider_person_type: z.string().optional()
 });
 
 export const EntityAssessmentSchema = z.object({

From 6d21f235e507872dc72984b3db0aff14dac1ba13 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Wed, 12 Nov 2025 09:25:27 +0100
Subject: [PATCH 21/47] add linter for dora export

---
 backend/tprm/dora_export.py                   |  20 +-
 backend/tprm/dora_linter.py                   | 402 ++++++++++++++++++
 backend/tprm/views.py                         |  37 +-
 .../reports/dora-roi/+page.server.ts          |  18 +
 .../(internal)/reports/dora-roi/+page.svelte  | 221 ++++++++++
 .../dora-roi/{ => download}/+server.ts        |   0
 6 files changed, 688 insertions(+), 10 deletions(-)
 create mode 100644 backend/tprm/dora_linter.py
 create mode 100644 frontend/src/routes/(app)/(internal)/reports/dora-roi/+page.server.ts
 create mode 100644 frontend/src/routes/(app)/(internal)/reports/dora-roi/+page.svelte
 rename frontend/src/routes/(app)/(internal)/reports/dora-roi/{ => download}/+server.ts (100%)

diff --git a/backend/tprm/dora_export.py b/backend/tprm/dora_export.py
index 72fdc74a85..3773f2cc95 100644
--- a/backend/tprm/dora_export.py
+++ b/backend/tprm/dora_export.py
@@ -113,7 +113,7 @@ def generate_b_01_02_entities(
     Args:
         zip_file: ZIP file object to write to
         main_entity: The main builtin entity
-        all_entities: List of all entities (main + branches)
+        all_entities: List of entities (main entity + subsidiaries only, no branches)
     """
     csv_buffer = io.StringIO()
     csv_writer = csv.writer(csv_buffer)
@@ -191,10 +191,18 @@ def generate_b_01_03_branches(
     """
     Generate b_01.03.csv - Branches of the main entity.
 
+    Branches are entities with the main entity as parent and dora_provider_person_type not set.
+    Subsidiaries (with dora_provider_person_type set) are NOT included in this report.
+
+    Each row represents a branch with:
+    - c0010: Main entity LEI
+    - c0020: Main entity legal identifier
+    - c0030: Main entity identifier type
+
     Args:
         zip_file: ZIP file object to write to
         main_entity: The main builtin entity
-        branches: List of branch entities
+        branches: List of branch entities (dora_provider_person_type not set)
     """
     csv_buffer = io.StringIO()
     csv_writer = csv.writer(csv_buffer)
@@ -202,13 +210,13 @@ def generate_b_01_03_branches(
     # Write CSV headers
     csv_writer.writerow(["c0010", "c0020", "c0030"])
 
-    # Get main entity LEI
+    # Get main entity identifiers
     main_lei, _ = get_entity_identifier(main_entity, priority=["LEI"])
+    main_code, code_type = get_entity_identifier(main_entity)
 
-    # Write branch data
+    # Write branch data (one row per branch, with main entity identifiers)
     for branch in branches:
-        branch_code, code_type = get_entity_identifier(branch)
-        csv_writer.writerow([main_lei, branch_code, code_type])
+        csv_writer.writerow([main_lei, main_code, code_type])
 
     zip_file.writestr("reports/b_01.03.csv", csv_buffer.getvalue().encode("utf-8"))
 
diff --git a/backend/tprm/dora_linter.py b/backend/tprm/dora_linter.py
new file mode 100644
index 0000000000..e944fcf244
--- /dev/null
+++ b/backend/tprm/dora_linter.py
@@ -0,0 +1,402 @@
+"""
+DORA ROI Linting Module
+
+This module provides validation functions for DORA Register of Information (ROI) exports.
+It checks for mandatory and recommended fields before generating the actual report.
+"""
+
+from typing import List, Dict, Any
+from tprm.models import Entity
+from core.models import Asset
+from django.db.models import Q
+import re
+
+
+def lint_main_entity(entity: Entity) -> List[Dict[str, Any]]:
+    """
+    Validate the main entity for DORA ROI requirements.
+
+    Args:
+        entity: The main Entity instance to validate
+
+    Returns:
+        List of validation results with severity levels (error, warning, ok)
+    """
+    results = []
+
+    # Check legal identifiers (mandatory)
+    has_legal_identifier = False
+    if entity.legal_identifiers:
+        # Check for any of the accepted identifiers: LEI, EUID, VAT, DUNS
+        identifier_types = ["LEI", "EUID", "VAT", "DUNS"]
+        for id_type in identifier_types:
+            if entity.legal_identifiers.get(id_type):
+                has_legal_identifier = True
+                break
+
+    if has_legal_identifier:
+        results.append(
+            {
+                "severity": "ok",
+                "category": "Main Entity",
+                "message": "Legal identifier found",
+                "field": "legal_identifiers",
+                "object_type": "entities",
+                "object_id": str(entity.id),
+                "object_name": entity.name,
+            }
+        )
+    else:
+        results.append(
+            {
+                "severity": "error",
+                "category": "Main Entity",
+                "message": "Main entity must have at least one legal identifier (LEI, EUID, VAT, or DUNS)",
+                "field": "legal_identifiers",
+                "object_type": "entities",
+                "object_id": str(entity.id),
+                "object_name": entity.name,
+            }
+        )
+
+    # Check country (mandatory)
+    if entity.country:
+        results.append(
+            {
+                "severity": "ok",
+                "category": "Main Entity",
+                "message": "Country is set",
+                "field": "country",
+                "object_type": "entities",
+                "object_id": str(entity.id),
+                "object_name": entity.name,
+            }
+        )
+    else:
+        results.append(
+            {
+                "severity": "error",
+                "category": "Main Entity",
+                "message": "Main entity must have a country set",
+                "field": "country",
+                "object_type": "entities",
+                "object_id": str(entity.id),
+                "object_name": entity.name,
+            }
+        )
+
+    # Check DORA entity type (mandatory)
+    if entity.dora_entity_type:
+        results.append(
+            {
+                "severity": "ok",
+                "category": "Main Entity",
+                "message": "Entity type is set",
+                "field": "dora_entity_type",
+                "object_type": "entities",
+                "object_id": str(entity.id),
+                "object_name": entity.name,
+            }
+        )
+    else:
+        results.append(
+            {
+                "severity": "error",
+                "category": "Main Entity",
+                "message": "Main entity must have a DORA entity type set",
+                "field": "dora_entity_type",
+                "object_type": "entities",
+                "object_id": str(entity.id),
+                "object_name": entity.name,
+            }
+        )
+
+    # Check DORA competent authority (mandatory)
+    if entity.dora_competent_authority:
+        results.append(
+            {
+                "severity": "ok",
+                "category": "Main Entity",
+                "message": "Competent authority is set",
+                "field": "dora_competent_authority",
+                "object_type": "entities",
+                "object_id": str(entity.id),
+                "object_name": entity.name,
+            }
+        )
+    else:
+        results.append(
+            {
+                "severity": "error",
+                "category": "Main Entity",
+                "message": "Main entity must have a DORA competent authority set",
+                "field": "dora_competent_authority",
+                "object_type": "entities",
+                "object_id": str(entity.id),
+                "object_name": entity.name,
+            }
+        )
+
+    # Check currency (mandatory)
+    if entity.currency:
+        results.append(
+            {
+                "severity": "ok",
+                "category": "Main Entity",
+                "message": "Currency is set",
+                "field": "currency",
+                "object_type": "entities",
+                "object_id": str(entity.id),
+                "object_name": entity.name,
+            }
+        )
+    else:
+        results.append(
+            {
+                "severity": "error",
+                "category": "Main Entity",
+                "message": "Main entity must have a currency set",
+                "field": "currency",
+                "object_type": "entities",
+                "object_id": str(entity.id),
+                "object_name": entity.name,
+            }
+        )
+
+    return results
+
+
+def lint_subsidiaries(main_entity: Entity) -> List[Dict[str, Any]]:
+    """
+    Validate subsidiaries for DORA ROI requirements.
+
+    Subsidiaries are entities with the main entity as parent and dora_provider_person_type set.
+
+    Args:
+        main_entity: The main Entity instance
+
+    Returns:
+        List of validation results with severity levels (error, warning, ok)
+    """
+    results = []
+
+    # Get all subsidiaries (entities with parent=main_entity and dora_provider_person_type set)
+    subsidiaries = Entity.objects.filter(
+        parent_entity=main_entity, dora_provider_person_type__isnull=False
+    ).exclude(dora_provider_person_type="")
+
+    if not subsidiaries.exists():
+        # No subsidiaries found - this is OK, not an error
+        return results
+
+    # Check each subsidiary
+    for subsidiary in subsidiaries:
+        # Check legal identifiers (mandatory)
+        has_legal_identifier = False
+        if subsidiary.legal_identifiers:
+            identifier_types = ["LEI", "EUID", "VAT", "DUNS"]
+            for id_type in identifier_types:
+                if subsidiary.legal_identifiers.get(id_type):
+                    has_legal_identifier = True
+                    break
+
+        if not has_legal_identifier:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Subsidiaries",
+                    "message": f"Subsidiary '{subsidiary.name}' must have at least one legal identifier (LEI, EUID, VAT, or DUNS)",
+                    "field": "legal_identifiers",
+                    "object_type": "entities",
+                    "object_id": str(subsidiary.id),
+                    "object_name": subsidiary.name,
+                }
+            )
+
+        # Check country (mandatory)
+        if not subsidiary.country:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Subsidiaries",
+                    "message": f"Subsidiary '{subsidiary.name}' must have a country set",
+                    "field": "country",
+                    "object_type": "entities",
+                    "object_id": str(subsidiary.id),
+                    "object_name": subsidiary.name,
+                }
+            )
+
+        # Check DORA entity type (mandatory)
+        if not subsidiary.dora_entity_type:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Subsidiaries",
+                    "message": f"Subsidiary '{subsidiary.name}' must have a DORA entity type set",
+                    "field": "dora_entity_type",
+                    "object_type": "entities",
+                    "object_id": str(subsidiary.id),
+                    "object_name": subsidiary.name,
+                }
+            )
+
+        # Check DORA entity hierarchy (mandatory)
+        if not subsidiary.dora_entity_hierarchy:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Subsidiaries",
+                    "message": f"Subsidiary '{subsidiary.name}' must have a DORA entity hierarchy set",
+                    "field": "dora_entity_hierarchy",
+                    "object_type": "entities",
+                    "object_id": str(subsidiary.id),
+                    "object_name": subsidiary.name,
+                }
+            )
+
+    # If we have subsidiaries and no errors, add a success message
+    if subsidiaries.exists() and not results:
+        results.append(
+            {
+                "severity": "ok",
+                "category": "Subsidiaries",
+                "message": f"All {subsidiaries.count()} subsidiaries have required fields set",
+                "field": None,
+                "object_type": None,
+                "object_id": None,
+                "object_name": None,
+            }
+        )
+
+    return results
+
+
+def lint_business_functions() -> List[Dict[str, Any]]:
+    """
+    Validate that business function assets exist in the system.
+
+    DORA ROI requires at least one asset with is_business_function flag set.
+    Additionally checks that ref_id follows the pattern 'F' + number (e.g., F1, F2, F100).
+
+    Returns:
+        List of validation results with severity levels (error, warning, ok)
+    """
+    results = []
+
+    # Check if there are any business function assets
+    business_functions = Asset.objects.filter(is_business_function=True)
+
+    if not business_functions.exists():
+        results.append(
+            {
+                "severity": "error",
+                "category": "Business Functions",
+                "message": "At least one asset with 'Business Function' flag must be defined",
+                "field": "is_business_function",
+                "object_type": "assets",
+                "object_id": None,
+                "object_name": None,
+            }
+        )
+        return results
+
+    # Pattern for ref_id: F followed by one or more digits
+    ref_id_pattern = re.compile(r"^F\d+$")
+
+    # Check each business function's ref_id
+    invalid_ref_ids = []
+    valid_count = 0
+
+    for bf in business_functions:
+        if not bf.ref_id or not ref_id_pattern.match(bf.ref_id):
+            invalid_ref_ids.append(bf)
+        else:
+            valid_count += 1
+
+    # Report results
+    if invalid_ref_ids:
+        for bf in invalid_ref_ids:
+            ref_id_display = bf.ref_id if bf.ref_id else "(empty)"
+            results.append(
+                {
+                    "severity": "warning",
+                    "category": "Business Functions",
+                    "message": f"Business function '{bf.name}' has ref_id '{ref_id_display}' that doesn't match pattern 'F' + number (e.g., F1, F2)",
+                    "field": "ref_id",
+                    "object_type": "assets",
+                    "object_id": str(bf.id),
+                    "object_name": bf.name,
+                }
+            )
+
+    # Add success message if all business functions have valid ref_ids
+    if valid_count == business_functions.count():
+        results.append(
+            {
+                "severity": "ok",
+                "category": "Business Functions",
+                "message": f"All {business_functions.count()} business function(s) have valid ref_id pattern",
+                "field": None,
+                "object_type": None,
+                "object_id": None,
+                "object_name": None,
+            }
+        )
+    elif valid_count > 0:
+        results.append(
+            {
+                "severity": "ok",
+                "category": "Business Functions",
+                "message": f"{valid_count} of {business_functions.count()} business function(s) have valid ref_id pattern",
+                "field": None,
+                "object_type": None,
+                "object_id": None,
+                "object_name": None,
+            }
+        )
+
+    return results
+
+
+def lint_dora_roi() -> Dict[str, Any]:
+    """
+    Perform comprehensive linting for DORA ROI export.
+
+    Returns:
+        Dictionary containing validation results and summary
+    """
+    results = []
+
+    # Get the main entity
+    main_entity = Entity.get_main_entity()
+
+    if not main_entity:
+        return {
+            "results": [
+                {
+                    "severity": "error",
+                    "category": "Main Entity",
+                    "message": "No main entity found in the system",
+                    "field": None,
+                    "object_type": None,
+                    "object_id": None,
+                    "object_name": None,
+                }
+            ],
+            "summary": {"errors": 1, "warnings": 0, "ok": 0},
+        }
+
+    # Run all validation checks
+    results.extend(lint_main_entity(main_entity))
+    results.extend(lint_subsidiaries(main_entity))
+    results.extend(lint_business_functions())
+
+    # Calculate summary
+    summary = {
+        "errors": sum(1 for r in results if r["severity"] == "error"),
+        "warnings": sum(1 for r in results if r["severity"] == "warning"),
+        "ok": sum(1 for r in results if r["severity"] == "ok"),
+    }
+
+    return {"results": results, "summary": summary}
diff --git a/backend/tprm/views.py b/backend/tprm/views.py
index 879ef71838..bf4e9a2095 100644
--- a/backend/tprm/views.py
+++ b/backend/tprm/views.py
@@ -108,12 +108,29 @@ def generate_dora_roi(self, request):
         )
 
         # Prepare entity lists
-        all_entities = [main_entity] + list(
-            Entity.objects.filter(id__in=viewable_entities, parent_entity=main_entity)
+        # Subsidiaries: entities with main entity as parent AND dora_provider_person_type set (legal person)
+        # Branches: entities with main entity as parent AND dora_provider_person_type not set
+        subsidiaries = list(
+            Entity.objects.filter(
+                id__in=viewable_entities,
+                parent_entity=main_entity,
+                dora_provider_person_type__isnull=False,
+            ).exclude(dora_provider_person_type="")
         )
         branches = list(
-            Entity.objects.filter(id__in=viewable_entities, parent_entity=main_entity)
+            Entity.objects.filter(
+                id__in=viewable_entities,
+                parent_entity=main_entity,
+                dora_provider_person_type__isnull=True,
+            )
+            | Entity.objects.filter(
+                id__in=viewable_entities,
+                parent_entity=main_entity,
+                dora_provider_person_type="",
+            )
         )
+        # b_01.02 includes only main entity and subsidiaries (not branches)
+        entities_for_b_01_02 = [main_entity] + subsidiaries
 
         # Prepare contract QuerySets
         contracts = Contract.objects.filter(id__in=viewable_contracts)
@@ -128,7 +145,9 @@ def generate_dora_roi(self, request):
         with zipfile.ZipFile(zip_buffer, "w", zipfile.ZIP_DEFLATED) as zip_file:
             # Generate all DORA ROI reports
             dora_export.generate_b_01_01_main_entity(zip_file, main_entity)
-            dora_export.generate_b_01_02_entities(zip_file, main_entity, all_entities)
+            dora_export.generate_b_01_02_entities(
+                zip_file, main_entity, entities_for_b_01_02
+            )
             dora_export.generate_b_01_03_branches(zip_file, main_entity, branches)
 
             dora_export.generate_b_02_01_contracts(zip_file, contracts)
@@ -180,6 +199,16 @@ def generate_dora_roi(self, request):
 
         return response
 
+    @action(detail=False, methods=["get"], name="Lint DORA ROI")
+    def dora_roi_lint(self, request):
+        """
+        Validate DORA ROI requirements and return linting results.
+        """
+        from tprm import dora_linter
+
+        lint_results = dora_linter.lint_dora_roi()
+        return Response(lint_results)
+
     @action(detail=False, name="Get country choices")
     def country(self, request):
         return Response(dict(COUNTRY_CHOICES))
diff --git a/frontend/src/routes/(app)/(internal)/reports/dora-roi/+page.server.ts b/frontend/src/routes/(app)/(internal)/reports/dora-roi/+page.server.ts
new file mode 100644
index 0000000000..ebf3ecb31d
--- /dev/null
+++ b/frontend/src/routes/(app)/(internal)/reports/dora-roi/+page.server.ts
@@ -0,0 +1,18 @@
+import { BASE_API_URL } from '$lib/utils/constants';
+import { error } from '@sveltejs/kit';
+import type { PageServerLoad } from './$types';
+
+export const load: PageServerLoad = async ({ fetch }) => {
+	const endpoint = `${BASE_API_URL}/entities/dora_roi_lint/`;
+
+	const res = await fetch(endpoint);
+	if (!res.ok) {
+		error(400, 'Error loading DORA ROI validation');
+	}
+
+	const lintResults = await res.json();
+
+	return {
+		lintResults
+	};
+};
diff --git a/frontend/src/routes/(app)/(internal)/reports/dora-roi/+page.svelte b/frontend/src/routes/(app)/(internal)/reports/dora-roi/+page.svelte
new file mode 100644
index 0000000000..6587bb5c5b
--- /dev/null
+++ b/frontend/src/routes/(app)/(internal)/reports/dora-roi/+page.svelte
@@ -0,0 +1,221 @@
+<script lang="ts">
+	import { m } from '$paraglide/messages';
+	import type { PageData } from './$types';
+
+	interface Props {
+		data: PageData;
+	}
+
+	let { data }: Props = $props();
+
+	const { lintResults } = data;
+
+	// Group results by severity
+	const errors = lintResults.results.filter((r: any) => r.severity === 'error');
+	const warnings = lintResults.results.filter((r: any) => r.severity === 'warning');
+	const oks = lintResults.results.filter((r: any) => r.severity === 'ok');
+
+	// Determine if we can generate the report (no errors)
+	const canGenerate = errors.length === 0;
+
+	function handleGenerateReport() {
+		// Navigate to the download endpoint
+		window.location.href = '/reports/dora-roi/download';
+	}
+
+	function getSeverityColor(severity: string): string {
+		switch (severity) {
+			case 'error':
+				return 'text-red-600 bg-red-50 border-red-200';
+			case 'warning':
+				return 'text-yellow-600 bg-yellow-50 border-yellow-200';
+			case 'ok':
+				return 'text-green-600 bg-green-50 border-green-200';
+			default:
+				return 'text-gray-600 bg-gray-50 border-gray-200';
+		}
+	}
+
+	function getSeverityIcon(severity: string): string {
+		switch (severity) {
+			case 'error':
+				return 'fa-circle-xmark';
+			case 'warning':
+				return 'fa-triangle-exclamation';
+			case 'ok':
+				return 'fa-circle-check';
+			default:
+				return 'fa-circle-info';
+		}
+	}
+
+	function getEditUrl(result: any): string | null {
+		if (!result.object_type || !result.object_id) {
+			return null;
+		}
+		return `/${result.object_type}/${result.object_id}/edit?next=/reports/dora-roi`;
+	}
+</script>
+
+<div class="px-4 py-6 space-y-6 max-w-5xl mx-auto">
+	<!-- Header -->
+	<div class="flex items-center justify-between">
+		<div>
+			<h1 class="text-3xl font-bold text-gray-900">DORA Register of Information</h1>
+			<p class="mt-2 text-gray-600">Validation check before generating the report</p>
+		</div>
+		<a href="/reports" class="text-blue-600 hover:text-blue-800 flex items-center gap-2">
+			<i class="fa-solid fa-arrow-left"></i>
+			Back to Reports
+		</a>
+	</div>
+
+	<!-- Summary Card -->
+	<div class="bg-white rounded-xl shadow-sm border border-gray-200 p-6">
+		<h2 class="text-xl font-semibold text-gray-900 mb-4">Validation Summary</h2>
+		<div class="grid grid-cols-3 gap-4">
+			<div class="text-center p-4 rounded-lg bg-red-50 border border-red-200">
+				<div class="text-3xl font-bold text-red-600">{lintResults.summary.errors}</div>
+				<div class="text-sm text-red-600 mt-1">Errors</div>
+			</div>
+			<div class="text-center p-4 rounded-lg bg-yellow-50 border border-yellow-200">
+				<div class="text-3xl font-bold text-yellow-600">{lintResults.summary.warnings}</div>
+				<div class="text-sm text-yellow-600 mt-1">Warnings</div>
+			</div>
+			<div class="text-center p-4 rounded-lg bg-green-50 border border-green-200">
+				<div class="text-3xl font-bold text-green-600">{lintResults.summary.ok}</div>
+				<div class="text-sm text-green-600 mt-1">Passed</div>
+			</div>
+		</div>
+	</div>
+
+	<!-- Validation Results -->
+	<div class="bg-white rounded-xl shadow-sm border border-gray-200 p-6">
+		<h2 class="text-xl font-semibold text-gray-900 mb-4">Validation Details</h2>
+
+		<div class="space-y-3">
+			{#if errors.length > 0}
+				<div class="space-y-2">
+					<h3 class="text-sm font-semibold text-red-600 uppercase tracking-wide">Errors</h3>
+					{#each errors as result}
+						{@const editUrl = getEditUrl(result)}
+						<div
+							class="flex items-start gap-3 p-4 rounded-lg border {getSeverityColor(
+								result.severity
+							)}"
+						>
+							<i class="fa-solid {getSeverityIcon(result.severity)} mt-0.5"></i>
+							<div class="flex-1">
+								<div class="font-medium text-sm">{result.category}</div>
+								<div class="text-sm mt-1">{result.message}</div>
+								{#if result.field}
+									<div class="text-xs mt-1 opacity-75">Field: {result.field}</div>
+								{/if}
+							</div>
+							{#if editUrl}
+								<a
+									href={editUrl}
+									class="flex-shrink-0 px-3 py-1.5 text-xs font-medium text-blue-600 hover:text-blue-800 bg-blue-50 hover:bg-blue-100 rounded-md transition-colors flex items-center gap-2"
+								>
+									<i class="fa-solid fa-pencil"></i>
+									Fix
+								</a>
+							{/if}
+						</div>
+					{/each}
+				</div>
+			{/if}
+
+			{#if warnings.length > 0}
+				<div class="space-y-2">
+					<h3 class="text-sm font-semibold text-yellow-600 uppercase tracking-wide">Warnings</h3>
+					{#each warnings as result}
+						{@const editUrl = getEditUrl(result)}
+						<div
+							class="flex items-start gap-3 p-4 rounded-lg border {getSeverityColor(
+								result.severity
+							)}"
+						>
+							<i class="fa-solid {getSeverityIcon(result.severity)} mt-0.5"></i>
+							<div class="flex-1">
+								<div class="font-medium text-sm">{result.category}</div>
+								<div class="text-sm mt-1">{result.message}</div>
+								{#if result.field}
+									<div class="text-xs mt-1 opacity-75">Field: {result.field}</div>
+								{/if}
+							</div>
+							{#if editUrl}
+								<a
+									href={editUrl}
+									class="flex-shrink-0 px-3 py-1.5 text-xs font-medium text-blue-600 hover:text-blue-800 bg-blue-50 hover:bg-blue-100 rounded-md transition-colors flex items-center gap-2"
+								>
+									<i class="fa-solid fa-pencil"></i>
+									Review
+								</a>
+							{/if}
+						</div>
+					{/each}
+				</div>
+			{/if}
+
+			{#if oks.length > 0}
+				<div class="space-y-2">
+					<h3 class="text-sm font-semibold text-green-600 uppercase tracking-wide">
+						Passed Checks
+					</h3>
+					{#each oks as result}
+						{@const editUrl = getEditUrl(result)}
+						<div
+							class="flex items-start gap-3 p-4 rounded-lg border {getSeverityColor(
+								result.severity
+							)}"
+						>
+							<i class="fa-solid {getSeverityIcon(result.severity)} mt-0.5"></i>
+							<div class="flex-1">
+								<div class="font-medium text-sm">{result.category}</div>
+								<div class="text-sm mt-1">{result.message}</div>
+								{#if result.field}
+									<div class="text-xs mt-1 opacity-75">Field: {result.field}</div>
+								{/if}
+							</div>
+							{#if editUrl}
+								<a
+									href={editUrl}
+									class="flex-shrink-0 px-3 py-1.5 text-xs font-medium text-gray-600 hover:text-gray-800 bg-gray-50 hover:bg-gray-100 rounded-md transition-colors flex items-center gap-2"
+								>
+									<i class="fa-solid fa-eye"></i>
+									View
+								</a>
+							{/if}
+						</div>
+					{/each}
+				</div>
+			{/if}
+		</div>
+	</div>
+
+	<!-- Action Buttons -->
+	<div class="bg-white rounded-xl shadow-sm border border-gray-200 p-6">
+		<div class="flex items-center justify-between">
+			<div>
+				{#if canGenerate}
+					<p class="text-sm text-gray-600">
+						All validation checks passed. You can now generate the DORA ROI report.
+					</p>
+				{:else}
+					<p class="text-sm text-red-600">Please fix all errors before generating the report.</p>
+				{/if}
+			</div>
+			<button
+				onclick={handleGenerateReport}
+				disabled={!canGenerate}
+				class="px-6 py-3 rounded-lg font-medium transition-colors {canGenerate
+					? 'bg-blue-600 text-white hover:bg-blue-700'
+					: 'bg-gray-300 text-gray-500 cursor-not-allowed'}"
+			>
+				<i class="fa-solid fa-download mr-2"></i>
+				Generate Report
+			</button>
+		</div>
+	</div>
+</div>
diff --git a/frontend/src/routes/(app)/(internal)/reports/dora-roi/+server.ts b/frontend/src/routes/(app)/(internal)/reports/dora-roi/download/+server.ts
similarity index 100%
rename from frontend/src/routes/(app)/(internal)/reports/dora-roi/+server.ts
rename to frontend/src/routes/(app)/(internal)/reports/dora-roi/download/+server.ts

From 9f8a5271401505582250f07027b2d4d08b87f943 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Wed, 12 Nov 2025 09:48:55 +0100
Subject: [PATCH 22/47] support explicit beneficiary field on contract

---
 .../0013_contract_beneficiary_entity.py       | 26 +++++++++++++++++++
 backend/tprm/models.py                        | 17 ++++++++++++
 backend/tprm/serializers.py                   |  1 +
 backend/tprm/views.py                         |  1 +
 frontend/messages/en.json                     |  1 +
 frontend/messages/fr.json                     |  1 +
 .../Forms/ModelForm/ContractForm.svelte       |  8 ++++++
 frontend/src/lib/utils/crud.ts                |  1 +
 frontend/src/lib/utils/schemas.ts             |  1 +
 frontend/src/lib/utils/table.ts               |  3 +++
 10 files changed, 60 insertions(+)
 create mode 100644 backend/tprm/migrations/0013_contract_beneficiary_entity.py

diff --git a/backend/tprm/migrations/0013_contract_beneficiary_entity.py b/backend/tprm/migrations/0013_contract_beneficiary_entity.py
new file mode 100644
index 0000000000..f17c95da0a
--- /dev/null
+++ b/backend/tprm/migrations/0013_contract_beneficiary_entity.py
@@ -0,0 +1,26 @@
+# Generated by Django 5.2.7 on 2025-11-12 08:31
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("tprm", "0012_solution_dora_alternative_providers_and_more"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="contract",
+            name="beneficiary_entity",
+            field=models.ForeignKey(
+                blank=True,
+                help_text="Entity benefiting from/receiving this contract",
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="beneficiary_contracts",
+                to="tprm.entity",
+                verbose_name="Beneficiary entity",
+            ),
+        ),
+    ]
diff --git a/backend/tprm/models.py b/backend/tprm/models.py
index 0637074ec8..53c8a8d706 100644
--- a/backend/tprm/models.py
+++ b/backend/tprm/models.py
@@ -359,6 +359,15 @@ class Status(models.TextChoices):
         verbose_name=_("Provider entity"),
         help_text=_("Entity providing this contract"),
     )
+    beneficiary_entity = models.ForeignKey(
+        Entity,
+        on_delete=models.SET_NULL,
+        null=True,
+        blank=True,
+        related_name="beneficiary_contracts",
+        verbose_name=_("Beneficiary entity"),
+        help_text=_("Entity benefiting from/receiving this contract"),
+    )
     evidences = models.ManyToManyField(
         Evidence,
         blank=True,
@@ -460,6 +469,14 @@ class Status(models.TextChoices):
 
     fields_to_check = ["name"]
 
+    def save(self, *args, **kwargs):
+        # If beneficiary_entity is not set, default to main entity
+        if not self.beneficiary_entity:
+            main_entity = Entity.get_main_entity()
+            if main_entity:
+                self.beneficiary_entity = main_entity
+        super().save(*args, **kwargs)
+
     class Meta:
         verbose_name = _("Contract")
         verbose_name_plural = _("Contracts")
diff --git a/backend/tprm/serializers.py b/backend/tprm/serializers.py
index 1de7db5dee..a0ad67cd51 100644
--- a/backend/tprm/serializers.py
+++ b/backend/tprm/serializers.py
@@ -302,6 +302,7 @@ class ContractReadSerializer(BaseModelSerializer):
     folder = FieldsRelatedField()
     owner = FieldsRelatedField(many=True)
     provider_entity = FieldsRelatedField()
+    beneficiary_entity = FieldsRelatedField()
     evidences = FieldsRelatedField(many=True)
     solution = FieldsRelatedField()
     overarching_contract = FieldsRelatedField()
diff --git a/backend/tprm/views.py b/backend/tprm/views.py
index bf4e9a2095..c3ed67178f 100644
--- a/backend/tprm/views.py
+++ b/backend/tprm/views.py
@@ -428,6 +428,7 @@ class ContractViewSet(BaseModelViewSet):
         "name",
         "folder",
         "provider_entity",
+        "beneficiary_entity",
         "solution",
         "status",
         "owner",
diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index 2775145de3..78830fa3a1 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -840,6 +840,7 @@
 	"addSolution": "Add solution",
 	"solutionsLinkedToAssetHelpText": "Solutions associated with this asset",
 	"providerEntity": "Provider entity",
+	"beneficiaryEntity": "Beneficiary entity",
 	"parentEntity": "Parent entity",
 	"parentEntityHelpText": "Parent entity for branch or subsidiary relationships",
 	"addProduct": "Add product",
diff --git a/frontend/messages/fr.json b/frontend/messages/fr.json
index ed606afa97..1fec36081d 100644
--- a/frontend/messages/fr.json
+++ b/frontend/messages/fr.json
@@ -793,6 +793,7 @@
 	"solution": "Solution",
 	"addSolution": "Ajouter une solution",
 	"providerEntity": "Entité fournisseur",
+	"beneficiaryEntity": "Entité bénéficiaire",
 	"parentEntity": "Entité parente",
 	"parentEntityHelpText": "Entité parente pour les relations de succursale ou de filiale",
 	"addProduct": "Ajouter un produit",
diff --git a/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte b/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
index a5499831bc..b73cac26af 100644
--- a/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
@@ -82,6 +82,14 @@
 	bind:cachedValue={formDataCache['provider_entity']}
 	label={m.providerEntity()}
 />
+<AutocompleteSelect
+	{form}
+	optionsEndpoint="entities"
+	field="beneficiary_entity"
+	cacheLock={cacheLocks['beneficiary_entity']}
+	bind:cachedValue={formDataCache['beneficiary_entity']}
+	label={m.beneficiaryEntity()}
+/>
 <AutocompleteSelect
 	{form}
 	optionsEndpoint="solutions"
diff --git a/frontend/src/lib/utils/crud.ts b/frontend/src/lib/utils/crud.ts
index 2ef414a947..e9562a00db 100644
--- a/frontend/src/lib/utils/crud.ts
+++ b/frontend/src/lib/utils/crud.ts
@@ -860,6 +860,7 @@ export const URL_MODEL_MAP: ModelMap = {
 			{ field: 'folder', urlModel: 'folders' },
 			{ field: 'owner', urlModel: 'users' },
 			{ field: 'provider_entity', urlModel: 'entities' },
+			{ field: 'beneficiary_entity', urlModel: 'entities' },
 			{ field: 'evidences', urlModel: 'evidences' },
 			{ field: 'solution', urlModel: 'solutions' },
 			{ field: 'overarching_contract', urlModel: 'contracts' }
diff --git a/frontend/src/lib/utils/schemas.ts b/frontend/src/lib/utils/schemas.ts
index 2584b53302..3e0478e4db 100644
--- a/frontend/src/lib/utils/schemas.ts
+++ b/frontend/src/lib/utils/schemas.ts
@@ -650,6 +650,7 @@ export const contractSchema = z.object({
 	filtering_labels: z.array(z.string()).optional(),
 	owner: z.array(z.string().optional()).optional(),
 	provider_entity: z.string().optional(),
+	beneficiary_entity: z.string().optional(),
 	evidences: z.array(z.string().optional()).optional(),
 	solution: z.string().optional(),
 	status: z.string().optional().default('draft'),
diff --git a/frontend/src/lib/utils/table.ts b/frontend/src/lib/utils/table.ts
index 2605df88e9..5b0a8d20fd 100644
--- a/frontend/src/lib/utils/table.ts
+++ b/frontend/src/lib/utils/table.ts
@@ -1527,6 +1527,7 @@ export const listViewFields = {
 			'startDate',
 			'endDate',
 			'providerEntity',
+			'beneficiaryEntity',
 			'solution'
 		],
 		body: [
@@ -1537,11 +1538,13 @@ export const listViewFields = {
 			'start_date',
 			'end_date',
 			'provider_entity',
+			'beneficiary_entity',
 			'solution'
 		],
 		filters: {
 			status: CONTRACT_STATUS_FILTER,
 			provider_entity: ENTITY_FILTER,
+			beneficiary_entity: ENTITY_FILTER,
 			solution: SOLUTION_FILTER
 		}
 	},

From c99882d2028a1f442c045198d99413077bad09a8 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Wed, 12 Nov 2025 13:17:36 +0100
Subject: [PATCH 23/47] add entities graph

---
 backend/tprm/views.py                         | 204 ++++++++++++++++++
 frontend/messages/en.json                     |   2 +
 frontend/messages/fr.json                     |   2 +
 .../(internal)/[model=urlmodel]/+page.svelte  |   9 +
 .../(internal)/entities/graph/+page.server.ts |  18 ++
 .../(internal)/entities/graph/+page.svelte    |  33 +++
 6 files changed, 268 insertions(+)
 create mode 100644 frontend/src/routes/(app)/(internal)/entities/graph/+page.server.ts
 create mode 100644 frontend/src/routes/(app)/(internal)/entities/graph/+page.svelte

diff --git a/backend/tprm/views.py b/backend/tprm/views.py
index c3ed67178f..0bb81f9915 100644
--- a/backend/tprm/views.py
+++ b/backend/tprm/views.py
@@ -209,6 +209,210 @@ def dora_roi_lint(self, request):
         lint_results = dora_linter.lint_dora_roi()
         return Response(lint_results)
 
+    @action(detail=False, methods=["get"], name="Get entities graph")
+    def graph(self, request):
+        """
+        Generate graph data for entities, showing:
+        - Entity hierarchy (parent-child relationships)
+        - Solutions provided by entities
+        - Contracts between entities
+        - Assets linked to solutions
+        """
+        # Get accessible objects for the current user
+        (viewable_entities, _, _) = RoleAssignment.get_accessible_object_ids(
+            folder=Folder.get_root_folder(),
+            user=request.user,
+            object_type=Entity,
+        )
+
+        (viewable_contracts, _, _) = RoleAssignment.get_accessible_object_ids(
+            folder=Folder.get_root_folder(),
+            user=request.user,
+            object_type=Contract,
+        )
+
+        (viewable_solutions, _, _) = RoleAssignment.get_accessible_object_ids(
+            folder=Folder.get_root_folder(),
+            user=request.user,
+            object_type=Solution,
+        )
+
+        (viewable_assets, _, _) = RoleAssignment.get_accessible_object_ids(
+            folder=Folder.get_root_folder(),
+            user=request.user,
+            object_type=Asset,
+        )
+
+        # Get entities, solutions, contracts, and assets
+        entities = Entity.objects.filter(id__in=viewable_entities)
+        solutions = Solution.objects.filter(id__in=viewable_solutions).select_related(
+            "provider_entity"
+        )
+        contracts = Contract.objects.filter(id__in=viewable_contracts).select_related(
+            "provider_entity", "beneficiary_entity", "solution"
+        )
+        assets = Asset.objects.filter(id__in=viewable_assets)
+
+        # Build nodes and links
+        nodes = []
+        links = []
+        categories = []
+        category_map = {}
+        node_index = 0
+
+        # Create entity nodes
+        entity_node_map = {}
+        for entity in entities:
+            nodes.append(
+                {
+                    "name": entity.name,
+                    "category": 0,  # Entities category
+                    "symbol": "roundRect",
+                    "symbolSize": 35,
+                    "value": f"Entity: {entity.name}",
+                }
+            )
+            entity_node_map[entity.id] = node_index
+            node_index += 1
+
+        # Add entity hierarchy links (parent-child relationships)
+        for entity in entities:
+            if entity.parent_entity and entity.parent_entity.id in entity_node_map:
+                links.append(
+                    {
+                        "source": entity_node_map[entity.parent_entity.id],
+                        "target": entity_node_map[entity.id],
+                        "value": "parent of",
+                    }
+                )
+
+        # Create solution nodes
+        solution_node_map = {}
+        for solution in solutions:
+            nodes.append(
+                {
+                    "name": solution.name,
+                    "category": 1,  # Solutions category
+                    "symbol": "diamond",
+                    "symbolSize": 30,
+                    "value": f"Solution: {solution.name}",
+                }
+            )
+            solution_node_map[solution.id] = node_index
+
+            # Link solution to provider entity
+            if (
+                solution.provider_entity
+                and solution.provider_entity.id in entity_node_map
+            ):
+                links.append(
+                    {
+                        "source": entity_node_map[solution.provider_entity.id],
+                        "target": node_index,
+                        "value": "provides",
+                    }
+                )
+
+            node_index += 1
+
+        # Create contract nodes
+        contract_node_map = {}
+        for contract in contracts:
+            nodes.append(
+                {
+                    "name": contract.name,
+                    "category": 2,  # Contracts category
+                    "symbol": "circle",
+                    "symbolSize": 25,
+                    "value": f"Contract: {contract.name}",
+                }
+            )
+            contract_node_map[contract.id] = node_index
+
+            # Link contract to provider entity
+            if (
+                contract.provider_entity
+                and contract.provider_entity.id in entity_node_map
+            ):
+                links.append(
+                    {
+                        "source": entity_node_map[contract.provider_entity.id],
+                        "target": node_index,
+                        "value": "provider",
+                    }
+                )
+
+            # Link contract to beneficiary entity
+            if (
+                contract.beneficiary_entity
+                and contract.beneficiary_entity.id in entity_node_map
+            ):
+                links.append(
+                    {
+                        "source": node_index,
+                        "target": entity_node_map[contract.beneficiary_entity.id],
+                        "value": "beneficiary",
+                    }
+                )
+
+            # Link contract to solution
+            if contract.solution and contract.solution.id in solution_node_map:
+                links.append(
+                    {
+                        "source": node_index,
+                        "target": solution_node_map[contract.solution.id],
+                        "value": "for solution",
+                    }
+                )
+
+            node_index += 1
+
+        # Create asset nodes (only those linked to solutions)
+        for asset in assets:
+            # Check if asset is linked to any solution
+            linked_solutions = solutions.filter(assets=asset)
+            if linked_solutions.exists():
+                nodes.append(
+                    {
+                        "name": asset.name,
+                        "category": 3,  # Assets category
+                        "symbol": "triangle",
+                        "symbolSize": 20,
+                        "value": f"Asset: {asset.name}",
+                    }
+                )
+                asset_node_index = node_index
+
+                # Link asset to solutions
+                for solution in linked_solutions:
+                    if solution.id in solution_node_map:
+                        links.append(
+                            {
+                                "source": solution_node_map[solution.id],
+                                "target": asset_node_index,
+                                "value": "uses",
+                            }
+                        )
+
+                node_index += 1
+
+        # Define categories
+        categories = [
+            {"name": "Entities"},
+            {"name": "Solutions"},
+            {"name": "Contracts"},
+            {"name": "Assets"},
+        ]
+
+        return Response(
+            {
+                "nodes": nodes,
+                "links": links,
+                "categories": categories,
+                "meta": {"display_name": "Entities Graph"},
+            }
+        )
+
     @action(detail=False, name="Get country choices")
     def country(self, request):
         return Response(dict(COUNTRY_CHOICES))
diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index 78830fa3a1..f4568125f8 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -789,6 +789,7 @@
 	"maturity": "Maturity",
 	"progress": "Progress",
 	"back": "Back",
+	"backToTable": "Back to table",
 	"duplicate": "Duplicate",
 	"duplicateRiskAssessment": "Duplicate the risk assessment",
 	"duplicateAppliedControl": "Duplicate the applied control",
@@ -822,6 +823,7 @@
 	"accreditationCategory": "Accreditation category",
 	"entity": "Entity",
 	"entities": "Entities",
+	"entitiesGraph": "Entities Graph",
 	"addEntity": "Add entity",
 	"mission": "Mission",
 	"ownedFolders": "Owned domains",
diff --git a/frontend/messages/fr.json b/frontend/messages/fr.json
index 1fec36081d..a8949346ee 100644
--- a/frontend/messages/fr.json
+++ b/frontend/messages/fr.json
@@ -737,6 +737,7 @@
 	"maturity": "Maturité",
 	"progress": "Progression",
 	"back": "Retour",
+	"backToTable": "Retour au tableau",
 	"duplicate": "Dupliquer",
 	"duplicateRiskAssessment": "Dupliquer l’évaluation de risque",
 	"duplicateAppliedControl": "Dupliquer la mesure appliquée",
@@ -775,6 +776,7 @@
 	"entityRelationship": "Relation avec l'entité",
 	"entity": "Entité",
 	"entities": "Entités",
+	"entitiesGraph": "Graphe des entités",
 	"addEntity": "Ajouter une entité",
 	"referenceLink": "Lien de référence",
 	"mission": "Mission",
diff --git a/frontend/src/routes/(app)/(internal)/[model=urlmodel]/+page.svelte b/frontend/src/routes/(app)/(internal)/[model=urlmodel]/+page.svelte
index fdf67ee030..3a5e15febd 100644
--- a/frontend/src/routes/(app)/(internal)/[model=urlmodel]/+page.svelte
+++ b/frontend/src/routes/(app)/(internal)/[model=urlmodel]/+page.svelte
@@ -168,6 +168,15 @@
 										data-testid="viz-button"><i class="fa-solid fa-diagram-project"></i></Anchor
 									>
 								{/if}
+								{#if URLModel === 'entities'}
+									<Anchor
+										href="entities/graph/"
+										class="inline-block p-3 btn-mini-secondary w-12 focus:relative"
+										title={m.exploreButton()}
+										label={m.inspect()}
+										data-testid="viz-button"><i class="fa-solid fa-diagram-project"></i></Anchor
+									>
+								{/if}
 								{#if URLModel === 'folders'}
 									<button
 										class="text-gray-50 inline-block border-e p-3 bg-sky-400 hover:bg-sky-300 w-12 focus:relative"
diff --git a/frontend/src/routes/(app)/(internal)/entities/graph/+page.server.ts b/frontend/src/routes/(app)/(internal)/entities/graph/+page.server.ts
new file mode 100644
index 0000000000..9c868e893a
--- /dev/null
+++ b/frontend/src/routes/(app)/(internal)/entities/graph/+page.server.ts
@@ -0,0 +1,18 @@
+import { BASE_API_URL } from '$lib/utils/constants';
+import { error } from '@sveltejs/kit';
+import type { PageServerLoad } from './$types';
+
+export const load: PageServerLoad = async ({ fetch }) => {
+	const endpoint = `${BASE_API_URL}/entities/graph/`;
+
+	const res = await fetch(endpoint);
+	if (!res.ok) {
+		error(400, 'Error loading entities graph data');
+	}
+
+	const data = await res.json();
+
+	return {
+		data
+	};
+};
diff --git a/frontend/src/routes/(app)/(internal)/entities/graph/+page.svelte b/frontend/src/routes/(app)/(internal)/entities/graph/+page.svelte
new file mode 100644
index 0000000000..36681d12ca
--- /dev/null
+++ b/frontend/src/routes/(app)/(internal)/entities/graph/+page.svelte
@@ -0,0 +1,33 @@
+<script lang="ts">
+	import GraphExplorer from '$lib/components/DataViz/GraphExplorer.svelte';
+	import { m } from '$paraglide/messages';
+	import type { PageData } from './$types';
+
+	interface Props {
+		data: PageData;
+	}
+
+	let { data }: Props = $props();
+</script>
+
+<div class="bg-white shadow-sm flex flex-col overflow-x-auto">
+	<div class="flex justify-between items-center p-4 border-b border-gray-200">
+		<h1 class="text-2xl font-semibold text-gray-900">
+			<i class="fa-solid fa-diagram-project mr-2"></i>
+			{m.entitiesGraph()}
+		</h1>
+		<a href="/entities" class="text-primary-800 hover:text-primary-500 cursor-pointer">
+			<i class="fa-solid fa-arrow-left mr-2"></i>
+			{m.backToTable()}
+		</a>
+	</div>
+	<div class="w-full h-screen">
+		<GraphExplorer
+			title="Entities Graph"
+			data={data.data}
+			edgeLength={120}
+			maxLegendItems={10}
+			showNodeLabels={false}
+		/>
+	</div>
+</div>

From aaf7b0bcd589a490e93c9ebd3577c2cca4501302 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Wed, 12 Nov 2025 17:46:35 +0100
Subject: [PATCH 24/47] more rules and nesting the zip

---
 backend/tprm/dora_export.py                   | 299 ++++++++++++--
 backend/tprm/dora_linter.py                   | 366 +++++++++++++++++-
 backend/tprm/serializers.py                   |  13 +
 backend/tprm/views.py                         |  83 ++--
 frontend/messages/en.json                     |   1 +
 frontend/messages/fr.json                     |   1 +
 .../Forms/LegalIdentifierField.svelte         |  13 +
 frontend/src/lib/utils/table.ts               |   4 +-
 8 files changed, 721 insertions(+), 59 deletions(-)

diff --git a/backend/tprm/dora_export.py b/backend/tprm/dora_export.py
index 3773f2cc95..4fa7729387 100644
--- a/backend/tprm/dora_export.py
+++ b/backend/tprm/dora_export.py
@@ -7,6 +7,7 @@
 
 import csv
 import io
+import json
 from typing import Dict, List, Optional, Any
 
 from django.db.models import QuerySet
@@ -59,13 +60,16 @@ def format_date(date_obj) -> str:
 # Report Generation Functions
 
 
-def generate_b_01_01_main_entity(zip_file, main_entity: Entity) -> None:
+def generate_b_01_01_main_entity(
+    zip_file, main_entity: Entity, folder_prefix: str = ""
+) -> None:
     """
     Generate b_01.01.csv - Main entity information.
 
     Args:
         zip_file: ZIP file object to write to
         main_entity: The main builtin entity
+        folder_prefix: Optional folder prefix to prepend to file path
     """
     from datetime import datetime
 
@@ -100,12 +104,17 @@ def generate_b_01_01_main_entity(zip_file, main_entity: Entity) -> None:
         ]
     )
 
-    # Add CSV to zip
-    zip_file.writestr("reports/b_01.01.csv", csv_buffer.getvalue().encode("utf-8"))
+    # Add CSV to zip with folder prefix
+    path = (
+        f"{folder_prefix}/reports/b_01.01.csv"
+        if folder_prefix
+        else "reports/b_01.01.csv"
+    )
+    zip_file.writestr(path, csv_buffer.getvalue().encode("utf-8"))
 
 
 def generate_b_01_02_entities(
-    zip_file, main_entity: Entity, all_entities: List[Entity]
+    zip_file, main_entity: Entity, all_entities: List[Entity], folder_prefix: str = ""
 ) -> None:
     """
     Generate b_01.02.csv - Entity register with all entity details.
@@ -114,6 +123,7 @@ def generate_b_01_02_entities(
         zip_file: ZIP file object to write to
         main_entity: The main builtin entity
         all_entities: List of entities (main entity + subsidiaries only, no branches)
+        folder_prefix: Optional folder prefix to prepend to file path
     """
     csv_buffer = io.StringIO()
     csv_writer = csv.writer(csv_buffer)
@@ -182,11 +192,16 @@ def generate_b_01_02_entities(
         )
 
     # Add CSV to zip
-    zip_file.writestr("reports/b_01.02.csv", csv_buffer.getvalue().encode("utf-8"))
+    path = (
+        f"{folder_prefix}/reports/b_01.02.csv"
+        if folder_prefix
+        else "reports/b_01.02.csv"
+    )
+    zip_file.writestr(path, csv_buffer.getvalue().encode("utf-8"))
 
 
 def generate_b_01_03_branches(
-    zip_file, main_entity: Entity, branches: List[Entity]
+    zip_file, main_entity: Entity, branches: List[Entity], folder_prefix: str = ""
 ) -> None:
     """
     Generate b_01.03.csv - Branches of the main entity.
@@ -218,10 +233,17 @@ def generate_b_01_03_branches(
     for branch in branches:
         csv_writer.writerow([main_lei, main_code, code_type])
 
-    zip_file.writestr("reports/b_01.03.csv", csv_buffer.getvalue().encode("utf-8"))
+    path = (
+        f"{folder_prefix}/reports/b_01.03.csv"
+        if folder_prefix
+        else "reports/b_01.03.csv"
+    )
+    zip_file.writestr(path, csv_buffer.getvalue().encode("utf-8"))
 
 
-def generate_b_02_01_contracts(zip_file, contracts: QuerySet) -> None:
+def generate_b_02_01_contracts(
+    zip_file, contracts: QuerySet, folder_prefix: str = ""
+) -> None:
     """
     Generate b_02.01.csv - Contractual arrangements for ICT services.
 
@@ -273,10 +295,17 @@ def generate_b_02_01_contracts(zip_file, contracts: QuerySet) -> None:
             ]
         )
 
-    zip_file.writestr("reports/b_02.01.csv", csv_buffer.getvalue().encode("utf-8"))
+    path = (
+        f"{folder_prefix}/reports/b_02.01.csv"
+        if folder_prefix
+        else "reports/b_02.01.csv"
+    )
+    zip_file.writestr(path, csv_buffer.getvalue().encode("utf-8"))
 
 
-def generate_b_02_02_ict_services(zip_file, contracts: QuerySet) -> None:
+def generate_b_02_02_ict_services(
+    zip_file, contracts: QuerySet, folder_prefix: str = ""
+) -> None:
     """
     Generate b_02.02.csv - ICT services supporting functions.
 
@@ -297,10 +326,17 @@ def generate_b_02_02_ict_services(zip_file, contracts: QuerySet) -> None:
 
         csv_writer.writerow([contract_ref, ict_service_type])
 
-    zip_file.writestr("reports/b_02.02.csv", csv_buffer.getvalue().encode("utf-8"))
+    path = (
+        f"{folder_prefix}/reports/b_02.02.csv"
+        if folder_prefix
+        else "reports/b_02.02.csv"
+    )
+    zip_file.writestr(path, csv_buffer.getvalue().encode("utf-8"))
 
 
-def generate_b_02_03_intragroup_contracts(zip_file, contracts: QuerySet) -> None:
+def generate_b_02_03_intragroup_contracts(
+    zip_file, contracts: QuerySet, folder_prefix: str = ""
+) -> None:
     """
     Generate b_02.03.csv - Intra-group contractual arrangements.
 
@@ -329,11 +365,16 @@ def generate_b_02_03_intragroup_contracts(zip_file, contracts: QuerySet) -> None
 
         csv_writer.writerow([subordinate_ref, overarching_ref, arrangement_type])
 
-    zip_file.writestr("reports/b_02.03.csv", csv_buffer.getvalue().encode("utf-8"))
+    path = (
+        f"{folder_prefix}/reports/b_02.03.csv"
+        if folder_prefix
+        else "reports/b_02.03.csv"
+    )
+    zip_file.writestr(path, csv_buffer.getvalue().encode("utf-8"))
 
 
 def generate_b_03_01_signing_entities(
-    zip_file, main_entity: Entity, contracts: QuerySet
+    zip_file, main_entity: Entity, contracts: QuerySet, folder_prefix: str = ""
 ) -> None:
     """
     Generate b_03.01.csv - Signing entities (main entity for all contracts).
@@ -357,10 +398,17 @@ def generate_b_03_01_signing_entities(
         contract_ref = contract.ref_id or str(contract.id)
         csv_writer.writerow([contract_ref, main_code, code_type])
 
-    zip_file.writestr("reports/b_03.01.csv", csv_buffer.getvalue().encode("utf-8"))
+    path = (
+        f"{folder_prefix}/reports/b_03.01.csv"
+        if folder_prefix
+        else "reports/b_03.01.csv"
+    )
+    zip_file.writestr(path, csv_buffer.getvalue().encode("utf-8"))
 
 
-def generate_b_03_02_ict_providers(zip_file, contracts: QuerySet) -> None:
+def generate_b_03_02_ict_providers(
+    zip_file, contracts: QuerySet, folder_prefix: str = ""
+) -> None:
     """
     Generate b_03.02.csv - ICT third-party service providers.
 
@@ -388,11 +436,16 @@ def generate_b_03_02_ict_providers(zip_file, contracts: QuerySet) -> None:
 
         csv_writer.writerow([contract_ref, provider_code, code_type])
 
-    zip_file.writestr("reports/b_03.02.csv", csv_buffer.getvalue().encode("utf-8"))
+    path = (
+        f"{folder_prefix}/reports/b_03.02.csv"
+        if folder_prefix
+        else "reports/b_03.02.csv"
+    )
+    zip_file.writestr(path, csv_buffer.getvalue().encode("utf-8"))
 
 
 def generate_b_03_03_intragroup_providers(
-    zip_file, main_entity: Entity, contracts: QuerySet
+    zip_file, main_entity: Entity, contracts: QuerySet, folder_prefix: str = ""
 ) -> None:
     """
     Generate b_03.03.csv - ICT intra-group service providers.
@@ -419,11 +472,20 @@ def generate_b_03_03_intragroup_providers(
         contract_ref = contract.ref_id or str(contract.id)
         csv_writer.writerow([contract_ref, main_code, code_type])
 
-    zip_file.writestr("reports/b_03.03.csv", csv_buffer.getvalue().encode("utf-8"))
+    path = (
+        f"{folder_prefix}/reports/b_03.03.csv"
+        if folder_prefix
+        else "reports/b_03.03.csv"
+    )
+    zip_file.writestr(path, csv_buffer.getvalue().encode("utf-8"))
 
 
 def generate_b_04_01_service_users(
-    zip_file, main_entity: Entity, branches: List[Entity], contracts: QuerySet
+    zip_file,
+    main_entity: Entity,
+    branches: List[Entity],
+    contracts: QuerySet,
+    folder_prefix: str = "",
 ) -> None:
     """
     Generate b_04.01.csv - Entities using ICT services.
@@ -460,11 +522,16 @@ def generate_b_04_01_service_users(
 
             csv_writer.writerow([contract_ref, main_code, main_code_type, branch_code])
 
-    zip_file.writestr("reports/b_04.01.csv", csv_buffer.getvalue().encode("utf-8"))
+    path = (
+        f"{folder_prefix}/reports/b_04.01.csv"
+        if folder_prefix
+        else "reports/b_04.01.csv"
+    )
+    zip_file.writestr(path, csv_buffer.getvalue().encode("utf-8"))
 
 
 def generate_b_05_01_provider_details(
-    zip_file, main_entity: Entity, contracts: QuerySet
+    zip_file, main_entity: Entity, contracts: QuerySet, folder_prefix: str = ""
 ) -> None:
     """
     Generate b_05.01.csv - Details of ICT third-party service providers.
@@ -545,11 +612,16 @@ def generate_b_05_01_provider_details(
             ]
         )
 
-    zip_file.writestr("reports/b_05.01.csv", csv_buffer.getvalue().encode("utf-8"))
+    path = (
+        f"{folder_prefix}/reports/b_05.01.csv"
+        if folder_prefix
+        else "reports/b_05.01.csv"
+    )
+    zip_file.writestr(path, csv_buffer.getvalue().encode("utf-8"))
 
 
 def generate_b_05_02_supply_chains(
-    zip_file, main_entity: Entity, contracts: QuerySet
+    zip_file, main_entity: Entity, contracts: QuerySet, folder_prefix: str = ""
 ) -> None:
     """
     Generate b_05.02.csv - ICT service supply chains.
@@ -608,11 +680,16 @@ def generate_b_05_02_supply_chains(
             ]
         )
 
-    zip_file.writestr("reports/b_05.02.csv", csv_buffer.getvalue().encode("utf-8"))
+    path = (
+        f"{folder_prefix}/reports/b_05.02.csv"
+        if folder_prefix
+        else "reports/b_05.02.csv"
+    )
+    zip_file.writestr(path, csv_buffer.getvalue().encode("utf-8"))
 
 
 def generate_b_06_01_functions(
-    zip_file, main_entity: Entity, business_functions: QuerySet
+    zip_file, main_entity: Entity, business_functions: QuerySet, folder_prefix: str = ""
 ) -> None:
     """
     Generate b_06.01.csv - Critical or important functions register.
@@ -689,10 +766,17 @@ def generate_b_06_01_functions(
             ]
         )
 
-    zip_file.writestr("reports/b_06.01.csv", csv_buffer.getvalue().encode("utf-8"))
+    path = (
+        f"{folder_prefix}/reports/b_06.01.csv"
+        if folder_prefix
+        else "reports/b_06.01.csv"
+    )
+    zip_file.writestr(path, csv_buffer.getvalue().encode("utf-8"))
 
 
-def generate_b_07_01_assessment(zip_file, contracts: QuerySet) -> None:
+def generate_b_07_01_assessment(
+    zip_file, contracts: QuerySet, folder_prefix: str = ""
+) -> None:
     """
     Generate b_07.01.csv - Assessment of ICT services.
 
@@ -768,11 +852,16 @@ def generate_b_07_01_assessment(zip_file, contracts: QuerySet) -> None:
             ]
         )
 
-    zip_file.writestr("reports/b_07.01.csv", csv_buffer.getvalue().encode("utf-8"))
+    path = (
+        f"{folder_prefix}/reports/b_07.01.csv"
+        if folder_prefix
+        else "reports/b_07.01.csv"
+    )
+    zip_file.writestr(path, csv_buffer.getvalue().encode("utf-8"))
 
 
 def generate_b_99_01_aggregation(
-    zip_file, contracts: QuerySet, business_functions: QuerySet
+    zip_file, contracts: QuerySet, business_functions: QuerySet, folder_prefix: str = ""
 ) -> None:
     """
     Generate b_99.01.csv - Aggregation report placeholder (standard not yet finalized).
@@ -815,4 +904,152 @@ def generate_b_99_01_aggregation(
 
     # TODO: Add data rows once DORA standard is properly defined
 
-    zip_file.writestr("reports/b_99.01.csv", csv_buffer.getvalue().encode("utf-8"))
+    path = (
+        f"{folder_prefix}/reports/b_99.01.csv"
+        if folder_prefix
+        else "reports/b_99.01.csv"
+    )
+    zip_file.writestr(path, csv_buffer.getvalue().encode("utf-8"))
+
+
+def generate_filing_indicators(zip_file, folder_prefix: str = "") -> None:
+    """
+    Generate FilingIndicators.csv - Indicates which templates are included in the report.
+
+    This file lists all the DORA ROI template IDs with a "reported" flag set to TRUE,
+    indicating that each template has been included in the export.
+
+    Args:
+        zip_file: ZIP file object to write to
+    """
+    csv_buffer = io.StringIO()
+    csv_writer = csv.writer(csv_buffer)
+
+    # Write CSV headers
+    csv_writer.writerow(["templateID", "reported"])
+
+    # List of all DORA ROI template IDs
+    template_ids = [
+        "B_01.01",
+        "B_01.02",
+        "B_01.03",
+        "B_02.01",
+        "B_02.02",
+        "B_02.03",
+        "B_03.01",
+        "B_03.02",
+        "B_03.03",
+        "B_04.01",
+        "B_05.01",
+        "B_05.02",
+        "B_06.01",
+        "B_07.01",
+        "B_99.01",
+    ]
+
+    # Write each template ID with reported=true
+    for template_id in template_ids:
+        csv_writer.writerow([template_id, "true"])
+
+    path = (
+        f"{folder_prefix}/reports/FilingIndicators.csv"
+        if folder_prefix
+        else "reports/FilingIndicators.csv"
+    )
+    zip_file.writestr(path, csv_buffer.getvalue().encode("utf-8"))
+
+
+def generate_parameters(zip_file, main_entity: Entity, folder_prefix: str = "") -> None:
+    """
+    Generate parameters.csv - Report metadata and configuration parameters.
+
+    This file contains key metadata about the DORA ROI report including entity
+    identification, reporting period, base currency, and decimal formatting rules.
+
+    Args:
+        zip_file: ZIP file object to write to
+        main_entity: The main builtin entity
+    """
+    csv_buffer = io.StringIO()
+    csv_writer = csv.writer(csv_buffer)
+
+    # Write CSV headers
+    csv_writer.writerow(["name", "value"])
+
+    # Get LEI for entityID
+    lei, _ = get_entity_identifier(main_entity, priority=["LEI"])
+    entity_id = f"rs:{lei}.CON" if lei else "rs:UNKNOWN.CON"
+
+    # Get currency for baseCurrency
+    base_currency = (
+        f"iso4217:{main_entity.currency}" if main_entity.currency else "iso4217:EUR"
+    )
+
+    # Write parameters
+    parameters = [
+        ("entityID", entity_id),
+        ("refPeriod", "2025-03-31"),  # Placeholder - can be made dynamic later
+        ("baseCurrency", base_currency),
+        ("decimalsInteger", "0"),
+        ("decimalsMonetary", "-3"),
+    ]
+
+    for name, value in parameters:
+        csv_writer.writerow([name, value])
+
+    path = (
+        f"{folder_prefix}/reports/parameters.csv"
+        if folder_prefix
+        else "reports/parameters.csv"
+    )
+    zip_file.writestr(path, csv_buffer.getvalue().encode("utf-8"))
+
+
+def generate_report_package_json(zip_file, folder_prefix: str = "") -> None:
+    """
+    Generate META-INF/reportPackage.json - Report package metadata.
+
+    This file contains metadata about the XBRL report package format.
+
+    Args:
+        zip_file: ZIP file object to write to
+    """
+    report_package = {
+        "documentInfo": {"documentType": "https://xbrl.org/report-package/2023"}
+    }
+
+    json_content = json.dumps(report_package, indent=2)
+    path = (
+        f"{folder_prefix}/META-INF/reportPackage.json"
+        if folder_prefix
+        else "META-INF/reportPackage.json"
+    )
+    zip_file.writestr(path, json_content)
+
+
+def generate_report_json(zip_file, folder_prefix: str = "") -> None:
+    """
+    Generate reports/report.json - Report metadata and XBRL CSV configuration.
+
+    This file contains metadata about the XBRL CSV format and references to
+    the DORA taxonomy.
+
+    Args:
+        zip_file: ZIP file object to write to
+    """
+    report_metadata = {
+        "documentInfo": {
+            "documentType": "https://xbrl.org/2021/xbrl-csv",
+            "extends": [
+                "http://www.eba.europa.eu/eu/fr/xbrl/crr/fws/dora/4.0/mod/dora.json"
+            ],
+        }
+    }
+
+    json_content = json.dumps(report_metadata, indent=2)
+    path = (
+        f"{folder_prefix}/reports/report.json"
+        if folder_prefix
+        else "reports/report.json"
+    )
+    zip_file.writestr(path, json_content)
diff --git a/backend/tprm/dora_linter.py b/backend/tprm/dora_linter.py
index e944fcf244..5e4afeea27 100644
--- a/backend/tprm/dora_linter.py
+++ b/backend/tprm/dora_linter.py
@@ -6,7 +6,7 @@
 """
 
 from typing import List, Dict, Any
-from tprm.models import Entity
+from tprm.models import Entity, Contract, Solution
 from core.models import Asset
 from django.db.models import Q
 import re
@@ -59,6 +59,34 @@ def lint_main_entity(entity: Entity) -> List[Dict[str, Any]]:
             }
         )
 
+    # Check LEI length if provided (must be exactly 20 characters)
+    if entity.legal_identifiers and entity.legal_identifiers.get("LEI"):
+        lei = entity.legal_identifiers.get("LEI")
+        if len(lei) != 20:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Main Entity",
+                    "message": f"LEI must be exactly 20 characters long (current: {len(lei)} characters)",
+                    "field": "legal_identifiers",
+                    "object_type": "entities",
+                    "object_id": str(entity.id),
+                    "object_name": entity.name,
+                }
+            )
+        else:
+            results.append(
+                {
+                    "severity": "ok",
+                    "category": "Main Entity",
+                    "message": "LEI has correct length (20 characters)",
+                    "field": "legal_identifiers",
+                    "object_type": "entities",
+                    "object_id": str(entity.id),
+                    "object_name": entity.name,
+                }
+            )
+
     # Check country (mandatory)
     if entity.country:
         results.append(
@@ -213,6 +241,22 @@ def lint_subsidiaries(main_entity: Entity) -> List[Dict[str, Any]]:
                 }
             )
 
+        # Check LEI length if provided (must be exactly 20 characters)
+        if subsidiary.legal_identifiers and subsidiary.legal_identifiers.get("LEI"):
+            lei = subsidiary.legal_identifiers.get("LEI")
+            if len(lei) != 20:
+                results.append(
+                    {
+                        "severity": "error",
+                        "category": "Subsidiaries",
+                        "message": f"Subsidiary '{subsidiary.name}' has LEI with incorrect length (must be 20 characters, current: {len(lei)})",
+                        "field": "legal_identifiers",
+                        "object_type": "entities",
+                        "object_id": str(subsidiary.id),
+                        "object_name": subsidiary.name,
+                    }
+                )
+
         # Check country (mandatory)
         if not subsidiary.country:
             results.append(
@@ -255,6 +299,20 @@ def lint_subsidiaries(main_entity: Entity) -> List[Dict[str, Any]]:
                 }
             )
 
+        # Check currency (warning)
+        if not subsidiary.currency:
+            results.append(
+                {
+                    "severity": "warning",
+                    "category": "Subsidiaries",
+                    "message": f"Subsidiary '{subsidiary.name}' should have a currency set",
+                    "field": "currency",
+                    "object_type": "entities",
+                    "object_id": str(subsidiary.id),
+                    "object_name": subsidiary.name,
+                }
+            )
+
     # If we have subsidiaries and no errors, add a success message
     if subsidiaries.exists() and not results:
         results.append(
@@ -359,6 +417,310 @@ def lint_business_functions() -> List[Dict[str, Any]]:
     return results
 
 
+def lint_contracts() -> List[Dict[str, Any]]:
+    """
+    Validate contracts for DORA ROI requirements.
+
+    Checks that contracts have required fields:
+    - ref_id
+    - currency
+    - dora_contractual_arrangement (type of contract)
+    - annual_expense
+
+    Returns:
+        List of validation results with severity levels (error, warning, ok)
+    """
+    results = []
+
+    # Get all contracts
+    contracts = Contract.objects.all()
+
+    if not contracts.exists():
+        # No contracts found - this could be OK, but let's inform the user
+        results.append(
+            {
+                "severity": "warning",
+                "category": "Contracts",
+                "message": "No contracts found in the system",
+                "field": None,
+                "object_type": None,
+                "object_id": None,
+                "object_name": None,
+            }
+        )
+        return results
+
+    # Track validation statistics
+    total_contracts = contracts.count()
+    contracts_with_errors = 0
+
+    # Check each contract
+    for contract in contracts:
+        contract_has_error = False
+
+        # Check ref_id (mandatory)
+        if not contract.ref_id:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Contracts",
+                    "message": f"Contract '{contract.name}' must have a reference ID (ref_id) set",
+                    "field": "ref_id",
+                    "object_type": "contracts",
+                    "object_id": str(contract.id),
+                    "object_name": contract.name,
+                }
+            )
+            contract_has_error = True
+
+        # Check currency (mandatory)
+        if not contract.currency:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Contracts",
+                    "message": f"Contract '{contract.name}' must have a currency set",
+                    "field": "currency",
+                    "object_type": "contracts",
+                    "object_id": str(contract.id),
+                    "object_name": contract.name,
+                }
+            )
+            contract_has_error = True
+
+        # Check DORA contractual arrangement (mandatory)
+        if not contract.dora_contractual_arrangement:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Contracts",
+                    "message": f"Contract '{contract.name}' must have a DORA contractual arrangement (type) set",
+                    "field": "dora_contractual_arrangement",
+                    "object_type": "contracts",
+                    "object_id": str(contract.id),
+                    "object_name": contract.name,
+                }
+            )
+            contract_has_error = True
+
+        # Check annual expense (mandatory)
+        if contract.annual_expense is None:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Contracts",
+                    "message": f"Contract '{contract.name}' must have an annual expense set",
+                    "field": "annual_expense",
+                    "object_type": "contracts",
+                    "object_id": str(contract.id),
+                    "object_name": contract.name,
+                }
+            )
+            contract_has_error = True
+
+        if contract_has_error:
+            contracts_with_errors += 1
+
+    # Add success message if all contracts are valid
+    contracts_valid = total_contracts - contracts_with_errors
+    if contracts_valid == total_contracts:
+        results.append(
+            {
+                "severity": "ok",
+                "category": "Contracts",
+                "message": f"All {total_contracts} contracts have required fields set",
+                "field": None,
+                "object_type": None,
+                "object_id": None,
+                "object_name": None,
+            }
+        )
+    elif contracts_valid > 0:
+        results.append(
+            {
+                "severity": "ok",
+                "category": "Contracts",
+                "message": f"{contracts_valid} of {total_contracts} contracts have all required fields set",
+                "field": None,
+                "object_type": None,
+                "object_id": None,
+                "object_name": None,
+            }
+        )
+
+    return results
+
+
+def lint_solutions() -> List[Dict[str, Any]]:
+    """
+    Validate solutions for DORA ROI requirements.
+
+    Only validates solutions that are associated with assets marked as business functions,
+    as these are the ones relevant for DORA reporting.
+
+    Checks that solutions have required fields:
+    - dora_ict_service_type (ICT service type)
+    - data_location_storage (location of data at rest)
+    - data_location_processing (location of data at processing)
+    - provider_entity must have country set
+
+    Returns:
+        List of validation results with severity levels (error, warning, ok)
+    """
+    results = []
+
+    # Get only solutions associated with business function assets
+    solutions = (
+        Solution.objects.filter(assets__is_business_function=True)
+        .distinct()
+        .select_related("provider_entity")
+    )
+
+    if not solutions.exists():
+        # No solutions found linked to business functions
+        results.append(
+            {
+                "severity": "warning",
+                "category": "Solutions",
+                "message": "No solutions found linked to business function assets",
+                "field": None,
+                "object_type": None,
+                "object_id": None,
+                "object_name": None,
+            }
+        )
+        return results
+
+    # Track validation statistics
+    total_solutions = solutions.count()
+    solutions_with_errors = 0
+
+    # Check each solution
+    for solution in solutions:
+        solution_has_error = False
+
+        # Check ICT service type (mandatory)
+        if not solution.dora_ict_service_type:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Solutions",
+                    "message": f"Solution '{solution.name}' must have ICT service type set",
+                    "field": "dora_ict_service_type",
+                    "object_type": "solutions",
+                    "object_id": str(solution.id),
+                    "object_name": solution.name,
+                }
+            )
+            solution_has_error = True
+
+        # Check data_location_storage (mandatory)
+        if not solution.data_location_storage:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Solutions",
+                    "message": f"Solution '{solution.name}' must have location of data at rest (data storage location) set",
+                    "field": "data_location_storage",
+                    "object_type": "solutions",
+                    "object_id": str(solution.id),
+                    "object_name": solution.name,
+                }
+            )
+            solution_has_error = True
+        else:
+            # Warning: if data_location_storage is set but storage_of_data flag is not set
+            if not solution.storage_of_data:
+                results.append(
+                    {
+                        "severity": "warning",
+                        "category": "Solutions",
+                        "message": f"Solution '{solution.name}' has data storage location set but 'Storage of data' flag is not enabled",
+                        "field": "storage_of_data",
+                        "object_type": "solutions",
+                        "object_id": str(solution.id),
+                        "object_name": solution.name,
+                    }
+                )
+
+        # Check data_location_processing (mandatory)
+        if not solution.data_location_processing:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Solutions",
+                    "message": f"Solution '{solution.name}' must have location of data processing set",
+                    "field": "data_location_processing",
+                    "object_type": "solutions",
+                    "object_id": str(solution.id),
+                    "object_name": solution.name,
+                }
+            )
+            solution_has_error = True
+
+        # Check provider_entity country (mandatory)
+        if solution.provider_entity:
+            if not solution.provider_entity.country:
+                results.append(
+                    {
+                        "severity": "error",
+                        "category": "Solutions",
+                        "message": f"Solution '{solution.name}' has provider entity '{solution.provider_entity.name}' without a country set",
+                        "field": "country",
+                        "object_type": "entities",
+                        "object_id": str(solution.provider_entity.id),
+                        "object_name": solution.provider_entity.name,
+                    }
+                )
+                solution_has_error = True
+        else:
+            # No provider entity - this is also an error
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Solutions",
+                    "message": f"Solution '{solution.name}' must have a provider entity set",
+                    "field": "provider_entity",
+                    "object_type": "solutions",
+                    "object_id": str(solution.id),
+                    "object_name": solution.name,
+                }
+            )
+            solution_has_error = True
+
+        if solution_has_error:
+            solutions_with_errors += 1
+
+    # Add success message if all solutions are valid
+    solutions_valid = total_solutions - solutions_with_errors
+    if solutions_valid == total_solutions:
+        results.append(
+            {
+                "severity": "ok",
+                "category": "Solutions",
+                "message": f"All {total_solutions} solutions have required fields set",
+                "field": None,
+                "object_type": None,
+                "object_id": None,
+                "object_name": None,
+            }
+        )
+    elif solutions_valid > 0:
+        results.append(
+            {
+                "severity": "ok",
+                "category": "Solutions",
+                "message": f"{solutions_valid} of {total_solutions} solutions have all required fields set",
+                "field": None,
+                "object_type": None,
+                "object_id": None,
+                "object_name": None,
+            }
+        )
+
+    return results
+
+
 def lint_dora_roi() -> Dict[str, Any]:
     """
     Perform comprehensive linting for DORA ROI export.
@@ -391,6 +753,8 @@ def lint_dora_roi() -> Dict[str, Any]:
     results.extend(lint_main_entity(main_entity))
     results.extend(lint_subsidiaries(main_entity))
     results.extend(lint_business_functions())
+    results.extend(lint_contracts())
+    results.extend(lint_solutions())
 
     # Calculate summary
     summary = {
diff --git a/backend/tprm/serializers.py b/backend/tprm/serializers.py
index a0ad67cd51..3e7c0839e7 100644
--- a/backend/tprm/serializers.py
+++ b/backend/tprm/serializers.py
@@ -45,6 +45,19 @@ class Meta:
         model = Entity
         exclude = ["owned_folders"]
 
+    def validate_legal_identifiers(self, value):
+        """
+        Validate legal identifiers, ensuring LEI is exactly 20 characters if provided.
+        """
+        if value and isinstance(value, dict):
+            lei = value.get("LEI", "")
+            # Strip whitespace and check if LEI exists
+            if lei:
+                lei_stripped = lei.strip()
+                if lei_stripped and len(lei_stripped) != 20:
+                    raise serializers.ValidationError(_("leiLengthError"))
+        return value
+
 
 class EntityImportExportSerializer(BaseModelSerializer):
     folder = HashSlugRelatedField(slug_field="pk", read_only=True)
diff --git a/backend/tprm/views.py b/backend/tprm/views.py
index 0bb81f9915..833dabc429 100644
--- a/backend/tprm/views.py
+++ b/backend/tprm/views.py
@@ -79,6 +79,10 @@ def generate_dora_roi(self, request):
         - b_06.01: Critical functions register
         - b_07.01: Assessment of ICT services
         - b_99.01: Aggregation report
+        - FilingIndicators.csv: Template inclusion indicators
+        - parameters.csv: Report metadata and configuration
+        - META-INF/reportPackage.json: XBRL report package metadata
+        - reports/report.json: XBRL CSV configuration and taxonomy references
         """
         from tprm import dora_export
 
@@ -140,59 +144,88 @@ def generate_dora_roi(self, request):
             id__in=viewable_assets, is_business_function=True
         )
 
+        # Calculate folder name for the ZIP structure (without .zip extension)
+        lei, _ = dora_export.get_entity_identifier(main_entity, priority=["LEI"])
+        competent_authority = main_entity.dora_competent_authority or "UNKNOWN"
+
+        if lei:
+            base_folder_name = f"LEI_{lei}.CON_{competent_authority}_DOR_DORA_ROI"
+        else:
+            timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
+            base_folder_name = f"DORA_ROI_{timestamp}"
+
         # Create zip file in memory
         zip_buffer = io.BytesIO()
         with zipfile.ZipFile(zip_buffer, "w", zipfile.ZIP_DEFLATED) as zip_file:
-            # Generate all DORA ROI reports
-            dora_export.generate_b_01_01_main_entity(zip_file, main_entity)
+            # Generate all DORA ROI reports (with folder prefix)
+            dora_export.generate_b_01_01_main_entity(
+                zip_file, main_entity, base_folder_name
+            )
             dora_export.generate_b_01_02_entities(
-                zip_file, main_entity, entities_for_b_01_02
+                zip_file, main_entity, entities_for_b_01_02, base_folder_name
+            )
+            dora_export.generate_b_01_03_branches(
+                zip_file, main_entity, branches, base_folder_name
             )
-            dora_export.generate_b_01_03_branches(zip_file, main_entity, branches)
 
-            dora_export.generate_b_02_01_contracts(zip_file, contracts)
-            dora_export.generate_b_02_02_ict_services(zip_file, contracts)
-            dora_export.generate_b_02_03_intragroup_contracts(zip_file, contracts)
+            dora_export.generate_b_02_01_contracts(
+                zip_file, contracts, base_folder_name
+            )
+            dora_export.generate_b_02_02_ict_services(
+                zip_file, contracts, base_folder_name
+            )
+            dora_export.generate_b_02_03_intragroup_contracts(
+                zip_file, contracts, base_folder_name
+            )
 
             dora_export.generate_b_03_01_signing_entities(
-                zip_file, main_entity, contracts
+                zip_file, main_entity, contracts, base_folder_name
+            )
+            dora_export.generate_b_03_02_ict_providers(
+                zip_file, contracts, base_folder_name
             )
-            dora_export.generate_b_03_02_ict_providers(zip_file, contracts)
             dora_export.generate_b_03_03_intragroup_providers(
-                zip_file, main_entity, contracts
+                zip_file, main_entity, contracts, base_folder_name
             )
 
             dora_export.generate_b_04_01_service_users(
-                zip_file, main_entity, branches, contracts
+                zip_file, main_entity, branches, contracts, base_folder_name
             )
 
             dora_export.generate_b_05_01_provider_details(
-                zip_file, main_entity, contracts
+                zip_file, main_entity, contracts, base_folder_name
+            )
+            dora_export.generate_b_05_02_supply_chains(
+                zip_file, main_entity, contracts, base_folder_name
             )
-            dora_export.generate_b_05_02_supply_chains(zip_file, main_entity, contracts)
 
             dora_export.generate_b_06_01_functions(
-                zip_file, main_entity, business_functions
+                zip_file, main_entity, business_functions, base_folder_name
             )
 
-            dora_export.generate_b_07_01_assessment(zip_file, contracts)
+            dora_export.generate_b_07_01_assessment(
+                zip_file, contracts, base_folder_name
+            )
 
             dora_export.generate_b_99_01_aggregation(
-                zip_file, contracts, business_functions
+                zip_file, contracts, business_functions, base_folder_name
             )
 
+            # Generate FilingIndicators.csv
+            dora_export.generate_filing_indicators(zip_file, base_folder_name)
+
+            # Generate parameters.csv
+            dora_export.generate_parameters(zip_file, main_entity, base_folder_name)
+
+            # Generate JSON metadata files
+            dora_export.generate_report_package_json(zip_file, base_folder_name)
+            dora_export.generate_report_json(zip_file, base_folder_name)
+
         # Prepare response
         zip_buffer.seek(0)
 
-        # Extract LEI for filename
-        lei, _ = dora_export.get_entity_identifier(main_entity, priority=["LEI"])
-
-        # Use LEI in filename, fallback to timestamp if no LEI
-        if lei:
-            filename = f"LEI_{lei}_DORA_ROI.zip"
-        else:
-            timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
-            filename = f"DORA_ROI_{timestamp}.zip"
+        # Use the same base folder name for the ZIP filename
+        filename = f"{base_folder_name}.zip"
 
         response = HttpResponse(zip_buffer.getvalue(), content_type="application/zip")
         response["Content-Disposition"] = f'attachment; filename="{filename}"'
diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index f4568125f8..ec7b181fe1 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -858,6 +858,7 @@
 	"identifierType": "Identifier type",
 	"identifierValue": "Identifier value",
 	"identifierErrorMessage": "Invalid identifier",
+	"leiLengthError": "LEI must be exactly 20 characters long",
 	"enterIdentifierValue": "Enter identifier value...",
 	"removeIdentifier": "Remove identifier",
 	"phone": "Phone",
diff --git a/frontend/messages/fr.json b/frontend/messages/fr.json
index a8949346ee..43ad8860b7 100644
--- a/frontend/messages/fr.json
+++ b/frontend/messages/fr.json
@@ -808,6 +808,7 @@
 	"recipientEntity": "Entité destinataire",
 	"financial": "Financier",
 	"legal": "Juridique",
+	"leiLengthError": "Le LEI doit contenir exactement 20 caractères",
 	"reputation": "Réputation",
 	"operational": "Opérationnel",
 	"confidentiality": "Confidentialité",
diff --git a/frontend/src/lib/components/Forms/LegalIdentifierField.svelte b/frontend/src/lib/components/Forms/LegalIdentifierField.svelte
index 48e5550431..ad8b6db4ef 100644
--- a/frontend/src/lib/components/Forms/LegalIdentifierField.svelte
+++ b/frontend/src/lib/components/Forms/LegalIdentifierField.svelte
@@ -104,6 +104,19 @@
 		</button>
 	</div>
 
+	<!-- Display field-level errors -->
+	{#if $errors && !Array.isArray($errors) && typeof $errors === 'string'}
+		<div class="text-sm text-red-600 bg-red-50 border border-red-200 rounded px-3 py-2">
+			{m[$errors] || $errors}
+		</div>
+	{:else if $errors && Array.isArray($errors) && $errors.length > 0}
+		<div class="text-sm text-red-600 bg-red-50 border border-red-200 rounded px-3 py-2">
+			{#each $errors as error}
+				<div>{m[error] || error}</div>
+			{/each}
+		</div>
+	{/if}
+
 	{#if Object.keys(legalIdentifiers).length === 0}
 		<div
 			class="text-gray-500 text-sm italic text-center py-4 border-2 border-dashed border-gray-200 rounded"
diff --git a/frontend/src/lib/utils/table.ts b/frontend/src/lib/utils/table.ts
index 5b0a8d20fd..799bbb5fc2 100644
--- a/frontend/src/lib/utils/table.ts
+++ b/frontend/src/lib/utils/table.ts
@@ -1511,8 +1511,8 @@ export const listViewFields = {
 		}
 	},
 	solutions: {
-		head: ['name', 'description', 'providerEntity', 'recipientEntity', 'criticality'],
-		body: ['name', 'description', 'provider_entity', 'recipient_entity', 'criticality'],
+		head: ['refId', 'name', 'description', 'providerEntity', 'recipientEntity', 'criticality'],
+		body: ['ref_id', 'name', 'description', 'provider_entity', 'recipient_entity', 'criticality'],
 		filters: {
 			provider_entity: ENTITY_FILTER,
 			criticality: SOLUTION_CRITICALITY_FILTER

From 4707558a36cad9f81115b104b7c367064b611fc5 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Thu, 13 Nov 2025 09:29:52 +0100
Subject: [PATCH 25/47] default ebios attributes

---
 backend/tprm/dora_export.py                   | 362 ++++++++++++++----
 backend/tprm/dora_linter.py                   | 225 ++++++++++-
 ...filtering_labels_entity_ref_id_and_more.py |  44 +++
 ...y_is_active_solution_is_active_and_more.py |  27 ++
 ...ndency_entity_default_maturity_and_more.py |  63 +++
 backend/tprm/models.py                        |  42 +-
 backend/tprm/views.py                         |  14 +-
 frontend/messages/en.json                     |   6 +-
 .../Forms/ModelForm/EntityForm.svelte         | 134 ++++++-
 frontend/src/lib/utils/schemas.ts             |   9 +-
 10 files changed, 829 insertions(+), 97 deletions(-)
 create mode 100644 backend/tprm/migrations/0014_entity_filtering_labels_entity_ref_id_and_more.py
 create mode 100644 backend/tprm/migrations/0015_entity_is_active_solution_is_active_and_more.py
 create mode 100644 backend/tprm/migrations/0016_entity_default_dependency_entity_default_maturity_and_more.py

diff --git a/backend/tprm/dora_export.py b/backend/tprm/dora_export.py
index 4fa7729387..2ece5367a4 100644
--- a/backend/tprm/dora_export.py
+++ b/backend/tprm/dora_export.py
@@ -209,10 +209,11 @@ def generate_b_01_03_branches(
     Branches are entities with the main entity as parent and dora_provider_person_type not set.
     Subsidiaries (with dora_provider_person_type set) are NOT included in this report.
 
-    Each row represents a branch with:
-    - c0010: Main entity LEI
-    - c0020: Main entity legal identifier
-    - c0030: Main entity identifier type
+    Columns:
+    - c0010: Identification code of the branch
+    - c0020: LEI of the financial entity head office of the branch
+    - c0030: Name of the branch
+    - c0040: Country of the branch
 
     Args:
         zip_file: ZIP file object to write to
@@ -223,15 +224,28 @@ def generate_b_01_03_branches(
     csv_writer = csv.writer(csv_buffer)
 
     # Write CSV headers
-    csv_writer.writerow(["c0010", "c0020", "c0030"])
+    csv_writer.writerow(["c0010", "c0020", "c0030", "c0040"])
 
-    # Get main entity identifiers
+    # Get main entity LEI (head office)
     main_lei, _ = get_entity_identifier(main_entity, priority=["LEI"])
-    main_code, code_type = get_entity_identifier(main_entity)
 
-    # Write branch data (one row per branch, with main entity identifiers)
+    # Write branch data (one row per branch)
     for branch in branches:
-        csv_writer.writerow([main_lei, main_code, code_type])
+        # c0010: Identification code of the branch
+        branch_code, _ = get_entity_identifier(branch)
+
+        # c0020: LEI of the financial entity head office
+        head_office_lei = main_lei
+
+        # c0030: Name of the branch
+        branch_name = branch.name
+
+        # c0040: Country of the branch
+        branch_country = ""
+        if branch.country:
+            branch_country = f"eba_GA:{branch.country}"
+
+        csv_writer.writerow([branch_code, head_office_lei, branch_name, branch_country])
 
     path = (
         f"{folder_prefix}/reports/b_01.03.csv"
@@ -245,7 +259,16 @@ def generate_b_02_01_contracts(
     zip_file, contracts: QuerySet, folder_prefix: str = ""
 ) -> None:
     """
-    Generate b_02.01.csv - Contractual arrangements for ICT services.
+    Generate b_02.01.csv - Contractual arrangements – General Information.
+
+    Only includes contracts associated with solutions that are linked to business function assets.
+
+    Columns:
+    - b_02.01.0010: Contractual arrangement reference number
+    - b_02.01.0020: Type of contractual arrangement
+    - b_02.01.0030: Overarching contractual arrangement reference number
+    - b_02.01.0040: Currency of the amount reported in RT.02.01.0050
+    - b_02.01.0050: Annual expense or estimated cost
 
     Args:
         zip_file: ZIP file object to write to
@@ -257,39 +280,53 @@ def generate_b_02_01_contracts(
     # Write CSV headers
     csv_writer.writerow(
         [
-            "c0010",  # Contract reference
+            "c0010",  # Contractual arrangement reference number
             "c0020",  # Type of contractual arrangement
-            "c0030",  # Start date
-            "c0040",  # End date
-            "c0050",  # Notice period for entity
-            "c0060",  # Notice period for provider
-            "c0070",  # Governing law country
-            "c0080",  # Currency
-            "c0090",  # Annual expense
+            "c0030",  # Overarching contractual arrangement reference number
+            "c0040",  # Currency
+            "c0050",  # Annual expense
         ]
     )
 
+    # Filter contracts: only those with solutions linked to business function assets
+    filtered_contracts = (
+        contracts.filter(
+            solution__isnull=False, solution__assets__is_business_function=True
+        )
+        .distinct()
+        .select_related("solution", "overarching_contract")
+    )
+
     # Write contract data
-    for contract in contracts:
+    for contract in filtered_contracts:
+        # b_02.01.0010: Contractual arrangement reference number
         contract_ref = contract.ref_id or str(contract.id)
+
+        # b_02.01.0020: Type of contractual arrangement
         arrangement_type = contract.dora_contractual_arrangement or ""
-        start_date = format_date(contract.start_date)
-        end_date = format_date(contract.end_date)
-        notice_entity = contract.notice_period_entity or ""
-        notice_provider = contract.notice_period_provider or ""
-        governing_law = contract.governing_law_country or ""
-        currency = contract.currency or ""
-        annual_expense = contract.annual_expense or ""
+
+        # b_02.01.0030: Overarching contractual arrangement reference number
+        overarching_ref = ""
+        if contract.overarching_contract:
+            overarching_ref = contract.overarching_contract.ref_id or str(
+                contract.overarching_contract.id
+            )
+
+        # b_02.01.0040: Currency
+        currency = ""
+        if contract.currency:
+            currency = f"iso4217:{contract.currency}"
+
+        # b_02.01.0050: Annual expense
+        annual_expense = (
+            contract.annual_expense if contract.annual_expense is not None else ""
+        )
 
         csv_writer.writerow(
             [
                 contract_ref,
                 arrangement_type,
-                start_date,
-                end_date,
-                notice_entity,
-                notice_provider,
-                governing_law,
+                overarching_ref,
                 currency,
                 annual_expense,
             ]
@@ -304,27 +341,160 @@ def generate_b_02_01_contracts(
 
 
 def generate_b_02_02_ict_services(
-    zip_file, contracts: QuerySet, folder_prefix: str = ""
+    zip_file, main_entity: Entity, contracts: QuerySet, folder_prefix: str = ""
 ) -> None:
     """
     Generate b_02.02.csv - ICT services supporting functions.
 
+    Only includes contracts associated with solutions that are linked to business function assets.
+    One row per contract-function combination.
+
     Args:
         zip_file: ZIP file object to write to
+        main_entity: The main builtin entity
         contracts: QuerySet of Contract objects with solutions
     """
     csv_buffer = io.StringIO()
     csv_writer = csv.writer(csv_buffer)
 
-    # Write CSV headers
-    csv_writer.writerow(["c0010", "c0020"])
+    # Write CSV headers (18 columns)
+    csv_writer.writerow(
+        [
+            "c0010",  # Contractual arrangement reference number
+            "c0020",  # LEI of the entity making use of the ICT service(s)
+            "c0030",  # Identification code of the ICT third-party service provider
+            "c0040",  # Type of code to identify the ICT third-party service provider
+            "c0050",  # Function identifier
+            "c0060",  # Type of ICT services
+            "c0070",  # Start date of the contractual arrangement
+            "c0080",  # End date of the contractual arrangement
+            "c0090",  # Reason of the termination or ending
+            "c0100",  # Notice period for the financial entity
+            "c0110",  # Notice period for the ICT third-party service provider
+            "c0120",  # Country of the governing law
+            "c0130",  # Country of provision of the ICT services
+            "c0140",  # Storage of data
+            "c0150",  # Location of the data at rest (storage)
+            "c0160",  # Location of management of the data (processing)
+            "c0170",  # Sensitiveness of the data stored
+            "c0180",  # Level of reliance on the ICT service
+        ]
+    )
 
-    # Write contract-solution data
-    for contract in contracts.filter(solution__isnull=False).select_related("solution"):
-        contract_ref = contract.ref_id or str(contract.id)
-        ict_service_type = contract.solution.dora_ict_service_type or ""
+    # Get main entity LEI
+    main_lei, _ = get_entity_identifier(main_entity, priority=["LEI"])
+
+    # Filter contracts: only those with solutions linked to business function assets
+    filtered_contracts = (
+        contracts.filter(
+            solution__isnull=False, solution__assets__is_business_function=True
+        )
+        .distinct()
+        .select_related("solution", "provider_entity")
+        .prefetch_related("solution__assets")
+    )
+
+    # Write contract-solution-function data
+    for contract in filtered_contracts:
+        solution = contract.solution
+
+        # Get business functions associated with this solution
+        business_functions = solution.assets.filter(is_business_function=True)
 
-        csv_writer.writerow([contract_ref, ict_service_type])
+        for function in business_functions:
+            # c0010: Contract reference
+            contract_ref = contract.ref_id or str(contract.id)
+
+            # c0020: LEI of entity using the service (main entity)
+            entity_lei = main_lei
+
+            # c0030, c0040: Provider identification
+            provider_code, provider_code_type = "", ""
+            if contract.provider_entity:
+                provider_code, provider_code_type = get_entity_identifier(
+                    contract.provider_entity, priority=["LEI", "EUID", "VAT", "DUNS"]
+                )
+
+            # c0050: Function identifier
+            function_id = function.ref_id or str(function.id)
+
+            # c0060: Type of ICT services
+            ict_service_type = solution.dora_ict_service_type or ""
+
+            # c0070: Start date
+            start_date = format_date(contract.start_date) if contract.start_date else ""
+
+            # c0080: End date
+            end_date = format_date(contract.end_date) if contract.end_date else ""
+
+            # c0090: Termination reason
+            termination_reason = contract.termination_reason or ""
+
+            # c0100: Notice period for entity (days)
+            notice_period_entity = (
+                contract.notice_period_entity
+                if contract.notice_period_entity is not None
+                else ""
+            )
+
+            # c0110: Notice period for provider (days)
+            notice_period_provider = (
+                contract.notice_period_provider
+                if contract.notice_period_provider is not None
+                else ""
+            )
+
+            # c0120: Country of governing law
+            governing_law_country = ""
+            if contract.governing_law_country:
+                governing_law_country = f"eba_GA:{contract.governing_law_country}"
+
+            # c0130: Country of provision of ICT services (provider country)
+            provider_country = ""
+            if contract.provider_entity and contract.provider_entity.country:
+                provider_country = f"eba_GA:{contract.provider_entity.country}"
+
+            # c0140: Storage of data (Yes/No)
+            storage_of_data = "eba_BT:x28" if solution.storage_of_data else "eba_BT:x29"
+
+            # c0150: Location of data at rest
+            data_location_storage = ""
+            if solution.data_location_storage:
+                data_location_storage = f"eba_GA:{solution.data_location_storage}"
+
+            # c0160: Location of data processing
+            data_location_processing = ""
+            if solution.data_location_processing:
+                data_location_processing = f"eba_GA:{solution.data_location_processing}"
+
+            # c0170: Data sensitiveness
+            data_sensitiveness = solution.dora_data_sensitiveness or ""
+
+            # c0180: Level of reliance
+            reliance_level = solution.dora_reliance_level or ""
+
+            csv_writer.writerow(
+                [
+                    contract_ref,
+                    entity_lei,
+                    provider_code,
+                    provider_code_type,
+                    function_id,
+                    ict_service_type,
+                    start_date,
+                    end_date,
+                    termination_reason,
+                    notice_period_entity,
+                    notice_period_provider,
+                    governing_law_country,
+                    provider_country,
+                    storage_of_data,
+                    data_location_storage,
+                    data_location_processing,
+                    data_sensitiveness,
+                    reliance_level,
+                ]
+            )
 
     path = (
         f"{folder_prefix}/reports/b_02.02.csv"
@@ -412,6 +582,12 @@ def generate_b_03_02_ict_providers(
     """
     Generate b_03.02.csv - ICT third-party service providers.
 
+    Columns:
+    - c0010: Contractual arrangement reference number
+    - c0020: Identification code of ICT third-party service provider
+    - c0030: Type of code to identify the ICT third-party service provider
+    - c0045: Link (fill with "true" for each populated row)
+
     Args:
         zip_file: ZIP file object to write to
         contracts: QuerySet of Contract objects with providers
@@ -420,7 +596,7 @@ def generate_b_03_02_ict_providers(
     csv_writer = csv.writer(csv_buffer)
 
     # Write CSV headers
-    csv_writer.writerow(["c0010", "c0020", "c0030"])
+    csv_writer.writerow(["c0010", "c0020", "c0030", "c0045"])
 
     # Get third-party contracts with providers
     third_party_contracts = contracts.filter(
@@ -432,9 +608,12 @@ def generate_b_03_02_ict_providers(
         contract_ref = contract.ref_id or str(contract.id)
         provider = contract.provider_entity
 
-        provider_code, code_type = get_entity_identifier(provider)
+        # Get provider identifier (prioritize LEI)
+        provider_code, code_type = get_entity_identifier(
+            provider, priority=["LEI", "EUID", "VAT", "DUNS"]
+        )
 
-        csv_writer.writerow([contract_ref, provider_code, code_type])
+        csv_writer.writerow([contract_ref, provider_code, code_type, "true"])
 
     path = (
         f"{folder_prefix}/reports/b_03.02.csv"
@@ -448,7 +627,13 @@ def generate_b_03_03_intragroup_providers(
     zip_file, main_entity: Entity, contracts: QuerySet, folder_prefix: str = ""
 ) -> None:
     """
-    Generate b_03.03.csv - ICT intra-group service providers.
+    Generate b_03.03.csv - Entities signing the Contractual arrangements for providing ICT service(s)
+    to other entity within the scope of consolidation.
+
+    Columns:
+    - b_03.03.0010 (c0010): Contractual arrangement reference number
+    - b_03.03.0020 (c0020): LEI of the entity providing ICT services
+    - b_03.03.0031 (c0031): Link (fill with "true" for each populated row)
 
     Args:
         zip_file: ZIP file object to write to
@@ -459,10 +644,10 @@ def generate_b_03_03_intragroup_providers(
     csv_writer = csv.writer(csv_buffer)
 
     # Write CSV headers
-    csv_writer.writerow(["c0010", "c0020", "c0030"])
+    csv_writer.writerow(["c0010", "c0020", "c0031"])
 
-    # Get main entity identifier
-    main_code, code_type = get_entity_identifier(main_entity)
+    # Get main entity LEI
+    main_lei, _ = get_entity_identifier(main_entity, priority=["LEI"])
 
     # Get intra-group contracts
     intragroup_contracts = contracts.filter(is_intragroup=True)
@@ -470,7 +655,7 @@ def generate_b_03_03_intragroup_providers(
     # Write provider data (main entity provides intra-group services)
     for contract in intragroup_contracts:
         contract_ref = contract.ref_id or str(contract.id)
-        csv_writer.writerow([contract_ref, main_code, code_type])
+        csv_writer.writerow([contract_ref, main_lei, "true"])
 
     path = (
         f"{folder_prefix}/reports/b_03.03.csv"
@@ -490,6 +675,10 @@ def generate_b_04_01_service_users(
     """
     Generate b_04.01.csv - Entities using ICT services.
 
+    For each contract, reports which entities use the service.
+    - One row per contract for the main entity (branch code empty)
+    - Additional rows for each branch that uses the contract (branch code filled)
+
     Args:
         zip_file: ZIP file object to write to
         main_entity: The main builtin entity
@@ -502,25 +691,31 @@ def generate_b_04_01_service_users(
     # Write CSV headers
     csv_writer.writerow(["c0010", "c0020", "c0030", "c0040"])
 
-    # Combine main entity and branches
-    all_entities = [main_entity] + list(branches)
-
     # Get main entity identifier
     main_code, main_code_type = get_entity_identifier(main_entity)
 
+    # Track written combinations to avoid duplicates
+    written_combinations = set()
+
     # Write user data for each contract
     for contract in contracts:
         contract_ref = contract.ref_id or str(contract.id)
 
-        for entity in all_entities:
-            entity_code, code_type = get_entity_identifier(entity)
-
-            # Determine if this is a branch
-            branch_code = ""
-            if entity.parent_entity:
-                branch_code = entity_code
-
-            csv_writer.writerow([contract_ref, main_code, main_code_type, branch_code])
+        # Write row for main entity (always included, branch code empty)
+        combination = (contract_ref, main_code, "")
+        if combination not in written_combinations:
+            csv_writer.writerow([contract_ref, main_code, main_code_type, ""])
+            written_combinations.add(combination)
+
+        # Write rows for branches (branch code filled)
+        for branch in branches:
+            branch_code, _ = get_entity_identifier(branch)
+            combination = (contract_ref, main_code, branch_code)
+            if combination not in written_combinations:
+                csv_writer.writerow(
+                    [contract_ref, main_code, main_code_type, branch_code]
+                )
+                written_combinations.add(combination)
 
     path = (
         f"{folder_prefix}/reports/b_04.01.csv"
@@ -547,15 +742,15 @@ def generate_b_05_01_provider_details(
     # Write CSV headers
     csv_writer.writerow(
         [
-            "c0010",  # Provider code
-            "c0020",  # Provider code type
-            "c0030",  # Country
+            "c0010",  # Identification code of ICT third-party service provider
+            "c0020",  # Type of code
+            "c0030",  # Name of the ICT third-party service provider
             "c0040",  # Type of person
-            "c0050",  # Expense currency
-            "c0060",  # Total annual expense
-            "c0070",  # Competent authority
-            "c0080",  # Parent code
-            "c0090",  # Parent code type
+            "c0050",  # Country
+            "c0060",  # Currency
+            "c0070",  # Total annual expense
+            "c0080",  # Identification code of parent undertaking
+            "c0090",  # Type of code for parent undertaking
         ]
     )
 
@@ -584,29 +779,46 @@ def generate_b_05_01_provider_details(
     for provider_id, data in providers_data.items():
         provider = data["provider"]
 
-        provider_code, code_type = get_entity_identifier(provider)
-        country = provider.country or ""
+        # c0010, c0020: Provider identifier (prioritize LEI)
+        provider_code, code_type = get_entity_identifier(
+            provider, priority=["LEI", "EUID", "VAT", "DUNS"]
+        )
+
+        # c0030: Provider name
+        provider_name = provider.name
+
+        # c0040: Type of person
         person_type = provider.dora_provider_person_type or ""
-        currency = data["currency"]
+
+        # c0050: Country with eba_GA prefix
+        country = ""
+        if provider.country:
+            country = f"eba_GA:{provider.country}"
+
+        # c0060: Currency with iso4217 prefix
+        currency = ""
+        if data["currency"]:
+            currency = f"iso4217:{data['currency']}"
+
+        # c0070: Total annual expense
         total_expense = data["total_expense"]
-        competent_authority = provider.dora_competent_authority or ""
 
-        # Get parent entity identifier
+        # c0080, c0090: Parent entity identifier (prioritize LEI)
         parent_code, parent_code_type = "", ""
         if provider.parent_entity:
             parent_code, parent_code_type = get_entity_identifier(
-                provider.parent_entity
+                provider.parent_entity, priority=["LEI", "EUID", "VAT", "DUNS"]
             )
 
         csv_writer.writerow(
             [
                 provider_code,
                 code_type,
-                country,
+                provider_name,
                 person_type,
+                country,
                 currency,
                 total_expense,
-                competent_authority,
                 parent_code,
                 parent_code_type,
             ]
diff --git a/backend/tprm/dora_linter.py b/backend/tprm/dora_linter.py
index 5e4afeea27..e18dbf3c37 100644
--- a/backend/tprm/dora_linter.py
+++ b/backend/tprm/dora_linter.py
@@ -12,6 +12,128 @@
 import re
 
 
+def lint_provider_entities() -> List[Dict[str, Any]]:
+    """
+    Validate provider entities used in DORA ROI reports.
+
+    Checks that third-party providers have:
+    - At least one legal identifier (LEI, EUID, VAT, DUNS)
+    - Country set
+    - Parent entity with legal identifier (if parent exists)
+
+    Returns:
+        List of validation results with severity levels (error, warning, ok)
+    """
+    results = []
+
+    # Get all provider entities from third-party contracts
+    provider_entities = Entity.objects.filter(
+        contracts__is_intragroup=False, contracts__isnull=False
+    ).distinct()
+
+    if not provider_entities.exists():
+        return results
+
+    providers_with_errors = 0
+
+    for provider in provider_entities:
+        provider_has_error = False
+
+        # Check legal identifiers (mandatory)
+        has_legal_identifier = False
+        if provider.legal_identifiers:
+            identifier_types = ["LEI", "EUID", "VAT", "DUNS"]
+            for id_type in identifier_types:
+                if provider.legal_identifiers.get(id_type):
+                    has_legal_identifier = True
+                    break
+
+        if not has_legal_identifier:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Provider Entities",
+                    "message": f"Provider entity '{provider.name}' must have at least one legal identifier (LEI, EUID, VAT, or DUNS) for DORA reporting",
+                    "field": "legal_identifiers",
+                    "object_type": "entities",
+                    "object_id": str(provider.id),
+                    "object_name": provider.name,
+                }
+            )
+            provider_has_error = True
+
+        # Check country (mandatory)
+        if not provider.country:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Provider Entities",
+                    "message": f"Provider entity '{provider.name}' must have a country set for DORA reporting",
+                    "field": "country",
+                    "object_type": "entities",
+                    "object_id": str(provider.id),
+                    "object_name": provider.name,
+                }
+            )
+            provider_has_error = True
+
+        # Check parent entity has legal identifier (if parent exists)
+        if provider.parent_entity:
+            parent_has_identifier = False
+            if provider.parent_entity.legal_identifiers:
+                identifier_types = ["LEI", "EUID", "VAT", "DUNS"]
+                for id_type in identifier_types:
+                    if provider.parent_entity.legal_identifiers.get(id_type):
+                        parent_has_identifier = True
+                        break
+
+            if not parent_has_identifier:
+                results.append(
+                    {
+                        "severity": "error",
+                        "category": "Provider Entities",
+                        "message": f"Parent entity '{provider.parent_entity.name}' of provider '{provider.name}' must have at least one legal identifier for DORA reporting",
+                        "field": "legal_identifiers",
+                        "object_type": "entities",
+                        "object_id": str(provider.parent_entity.id),
+                        "object_name": provider.parent_entity.name,
+                    }
+                )
+                provider_has_error = True
+
+        if provider_has_error:
+            providers_with_errors += 1
+
+    # Add success message if all providers are valid
+    valid_providers = provider_entities.count() - providers_with_errors
+    if valid_providers == provider_entities.count():
+        results.append(
+            {
+                "severity": "ok",
+                "category": "Provider Entities",
+                "message": f"All {provider_entities.count()} provider entities have required fields set",
+                "field": None,
+                "object_type": None,
+                "object_id": None,
+                "object_name": None,
+            }
+        )
+    elif valid_providers > 0:
+        results.append(
+            {
+                "severity": "ok",
+                "category": "Provider Entities",
+                "message": f"{valid_providers} of {provider_entities.count()} provider entities have all required fields set",
+                "field": None,
+                "object_type": None,
+                "object_id": None,
+                "object_name": None,
+            }
+        )
+
+    return results
+
+
 def lint_main_entity(entity: Entity) -> List[Dict[str, Any]]:
     """
     Validate the main entity for DORA ROI requirements.
@@ -362,16 +484,22 @@ def lint_business_functions() -> List[Dict[str, Any]]:
     # Pattern for ref_id: F followed by one or more digits
     ref_id_pattern = re.compile(r"^F\d+$")
 
-    # Check each business function's ref_id
+    # Check each business function's ref_id and licensed activity
     invalid_ref_ids = []
+    missing_licensed_activity = []
     valid_count = 0
 
     for bf in business_functions:
+        # Check ref_id pattern
         if not bf.ref_id or not ref_id_pattern.match(bf.ref_id):
             invalid_ref_ids.append(bf)
         else:
             valid_count += 1
 
+        # Check licensed activity (mandatory for DORA reporting)
+        if not bf.dora_licenced_activity:
+            missing_licensed_activity.append(bf)
+
     # Report results
     if invalid_ref_ids:
         for bf in invalid_ref_ids:
@@ -388,6 +516,21 @@ def lint_business_functions() -> List[Dict[str, Any]]:
                 }
             )
 
+    # Report missing licensed activity
+    if missing_licensed_activity:
+        for bf in missing_licensed_activity:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Business Functions",
+                    "message": f"Business function '{bf.name}' must have a licensed activity set for DORA reporting",
+                    "field": "dora_licenced_activity",
+                    "object_type": "assets",
+                    "object_id": str(bf.id),
+                    "object_name": bf.name,
+                }
+            )
+
     # Add success message if all business functions have valid ref_ids
     if valid_count == business_functions.count():
         results.append(
@@ -414,6 +557,20 @@ def lint_business_functions() -> List[Dict[str, Any]]:
             }
         )
 
+    # Add success message if all business functions have licensed activity
+    if not missing_licensed_activity:
+        results.append(
+            {
+                "severity": "ok",
+                "category": "Business Functions",
+                "message": f"All {business_functions.count()} business function(s) have licensed activity set",
+                "field": None,
+                "object_type": None,
+                "object_id": None,
+                "object_name": None,
+            }
+        )
+
     return results
 
 
@@ -721,6 +878,70 @@ def lint_solutions() -> List[Dict[str, Any]]:
     return results
 
 
+def lint_unique_leis(main_entity: Entity) -> List[Dict[str, Any]]:
+    """
+    Validate that LEIs are unique across entities included in DORA ROI report.
+
+    The b_01.02 report includes main entity + subsidiaries, and each must have a unique LEI.
+
+    Args:
+        main_entity: The main Entity instance
+
+    Returns:
+        List of validation results with severity levels (error, warning, ok)
+    """
+    results = []
+
+    # Get all entities for b_01.02: main entity + subsidiaries
+    subsidiaries = Entity.objects.filter(
+        parent_entity=main_entity, dora_provider_person_type__isnull=False
+    ).exclude(dora_provider_person_type="")
+
+    all_entities = [main_entity] + list(subsidiaries)
+
+    # Collect LEIs
+    lei_map = {}  # lei -> list of entities with that LEI
+    for entity in all_entities:
+        if entity.legal_identifiers and entity.legal_identifiers.get("LEI"):
+            lei = entity.legal_identifiers.get("LEI")
+            if lei not in lei_map:
+                lei_map[lei] = []
+            lei_map[lei].append(entity)
+
+    # Check for duplicates
+    has_duplicates = False
+    for lei, entities in lei_map.items():
+        if len(entities) > 1:
+            has_duplicates = True
+            entity_names = ", ".join([f"'{e.name}'" for e in entities])
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Unique LEIs",
+                    "message": f"LEI '{lei}' is used by multiple entities: {entity_names}. Each entity in the DORA ROI report must have a unique LEI.",
+                    "field": "legal_identifiers",
+                    "object_type": None,
+                    "object_id": None,
+                    "object_name": None,
+                }
+            )
+
+    if not has_duplicates and lei_map:
+        results.append(
+            {
+                "severity": "ok",
+                "category": "Unique LEIs",
+                "message": "All entities have unique LEIs",
+                "field": None,
+                "object_type": None,
+                "object_id": None,
+                "object_name": None,
+            }
+        )
+
+    return results
+
+
 def lint_dora_roi() -> Dict[str, Any]:
     """
     Perform comprehensive linting for DORA ROI export.
@@ -752,9 +973,11 @@ def lint_dora_roi() -> Dict[str, Any]:
     # Run all validation checks
     results.extend(lint_main_entity(main_entity))
     results.extend(lint_subsidiaries(main_entity))
+    results.extend(lint_unique_leis(main_entity))
     results.extend(lint_business_functions())
     results.extend(lint_contracts())
     results.extend(lint_solutions())
+    results.extend(lint_provider_entities())
 
     # Calculate summary
     summary = {
diff --git a/backend/tprm/migrations/0014_entity_filtering_labels_entity_ref_id_and_more.py b/backend/tprm/migrations/0014_entity_filtering_labels_entity_ref_id_and_more.py
new file mode 100644
index 0000000000..5febb0b810
--- /dev/null
+++ b/backend/tprm/migrations/0014_entity_filtering_labels_entity_ref_id_and_more.py
@@ -0,0 +1,44 @@
+# Generated by Django 5.2.7 on 2025-11-12 19:50
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("core", "0114_remove_asset_is_critical_and_more"),
+        ("tprm", "0013_contract_beneficiary_entity"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="entity",
+            name="filtering_labels",
+            field=models.ManyToManyField(
+                blank=True, to="core.filteringlabel", verbose_name="Labels"
+            ),
+        ),
+        migrations.AddField(
+            model_name="entity",
+            name="ref_id",
+            field=models.CharField(blank=True, max_length=255),
+        ),
+        migrations.AddField(
+            model_name="representative",
+            name="filtering_labels",
+            field=models.ManyToManyField(
+                blank=True, to="core.filteringlabel", verbose_name="Labels"
+            ),
+        ),
+        migrations.AddField(
+            model_name="representative",
+            name="ref_id",
+            field=models.CharField(blank=True, max_length=255),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="filtering_labels",
+            field=models.ManyToManyField(
+                blank=True, to="core.filteringlabel", verbose_name="Labels"
+            ),
+        ),
+    ]
diff --git a/backend/tprm/migrations/0015_entity_is_active_solution_is_active_and_more.py b/backend/tprm/migrations/0015_entity_is_active_solution_is_active_and_more.py
new file mode 100644
index 0000000000..cc41314db8
--- /dev/null
+++ b/backend/tprm/migrations/0015_entity_is_active_solution_is_active_and_more.py
@@ -0,0 +1,27 @@
+# Generated by Django 5.2.7 on 2025-11-12 20:03
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("tprm", "0014_entity_filtering_labels_entity_ref_id_and_more"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="entity",
+            name="is_active",
+            field=models.BooleanField(default=True, verbose_name="Is active"),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="is_active",
+            field=models.BooleanField(default=True, verbose_name="Is active"),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="reference_link",
+            field=models.URLField(blank=True, max_length=2048, null=True),
+        ),
+    ]
diff --git a/backend/tprm/migrations/0016_entity_default_dependency_entity_default_maturity_and_more.py b/backend/tprm/migrations/0016_entity_default_dependency_entity_default_maturity_and_more.py
new file mode 100644
index 0000000000..fc1fc842bd
--- /dev/null
+++ b/backend/tprm/migrations/0016_entity_default_dependency_entity_default_maturity_and_more.py
@@ -0,0 +1,63 @@
+# Generated by Django 5.2.7 on 2025-11-12 22:04
+
+import django.core.validators
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("tprm", "0015_entity_is_active_solution_is_active_and_more"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="entity",
+            name="default_dependency",
+            field=models.PositiveSmallIntegerField(
+                blank=True,
+                default=0,
+                help_text="Default dependency level for stakeholder assessment (0-4)",
+                validators=[django.core.validators.MaxValueValidator(4)],
+                verbose_name="Default dependency",
+            ),
+        ),
+        migrations.AddField(
+            model_name="entity",
+            name="default_maturity",
+            field=models.PositiveSmallIntegerField(
+                blank=True,
+                default=1,
+                help_text="Default maturity level for stakeholder assessment (1-4)",
+                validators=[
+                    django.core.validators.MinValueValidator(1),
+                    django.core.validators.MaxValueValidator(4),
+                ],
+                verbose_name="Default maturity",
+            ),
+        ),
+        migrations.AddField(
+            model_name="entity",
+            name="default_penetration",
+            field=models.PositiveSmallIntegerField(
+                blank=True,
+                default=0,
+                help_text="Default penetration level for stakeholder assessment (0-4)",
+                validators=[django.core.validators.MaxValueValidator(4)],
+                verbose_name="Default penetration",
+            ),
+        ),
+        migrations.AddField(
+            model_name="entity",
+            name="default_trust",
+            field=models.PositiveSmallIntegerField(
+                blank=True,
+                default=1,
+                help_text="Default trust level for stakeholder assessment (1-4)",
+                validators=[
+                    django.core.validators.MinValueValidator(1),
+                    django.core.validators.MaxValueValidator(4),
+                ],
+                verbose_name="Default trust",
+            ),
+        ),
+    ]
diff --git a/backend/tprm/models.py b/backend/tprm/models.py
index 53c8a8d706..9e98aa8e8b 100644
--- a/backend/tprm/models.py
+++ b/backend/tprm/models.py
@@ -1,5 +1,6 @@
 from django.db import models
 from django.utils.translation import gettext_lazy as _
+from django.core.validators import MaxValueValidator, MinValueValidator
 from core.base_models import NameDescriptionMixin, AbstractBaseModel
 from core.models import (
     Assessment,
@@ -31,11 +32,43 @@
 from auditlog.registry import auditlog
 
 
-class Entity(NameDescriptionMixin, FolderMixin, PublishInRootFolderMixin):
+class Entity(
+    NameDescriptionMixin, FolderMixin, PublishInRootFolderMixin, FilteringLabelMixin
+):
     """
     An entity represents a legal entity, a corporate body, an administrative body, an association
     """
 
+    ref_id = models.CharField(max_length=255, blank=True)
+    is_active = models.BooleanField(default=True, verbose_name=_("Is active"))
+    default_dependency = models.PositiveSmallIntegerField(
+        verbose_name=_("Default dependency"),
+        default=0,
+        blank=True,
+        validators=[MaxValueValidator(4)],
+        help_text=_("Default dependency level for stakeholder assessment (0-4)"),
+    )
+    default_penetration = models.PositiveSmallIntegerField(
+        verbose_name=_("Default penetration"),
+        default=0,
+        blank=True,
+        validators=[MaxValueValidator(4)],
+        help_text=_("Default penetration level for stakeholder assessment (0-4)"),
+    )
+    default_maturity = models.PositiveSmallIntegerField(
+        verbose_name=_("Default maturity"),
+        default=1,
+        blank=True,
+        validators=[MinValueValidator(1), MaxValueValidator(4)],
+        help_text=_("Default maturity level for stakeholder assessment (1-4)"),
+    )
+    default_trust = models.PositiveSmallIntegerField(
+        verbose_name=_("Default trust"),
+        default=1,
+        blank=True,
+        validators=[MinValueValidator(1), MaxValueValidator(4)],
+        help_text=_("Default trust level for stakeholder assessment (1-4)"),
+    )
     mission = models.TextField(blank=True)
     reference_link = models.URLField(blank=True, null=True, max_length=2048)
     owned_folders = models.ManyToManyField(
@@ -182,12 +215,13 @@ class Meta:
         verbose_name_plural = _("Entity assessments")
 
 
-class Representative(AbstractBaseModel):
+class Representative(AbstractBaseModel, FilteringLabelMixin):
     """
     This represents a person that is linked to an entity (typically an employee),
     and that is relevant for the main entity, like a contact person for an assessment
     """
 
+    ref_id = models.CharField(max_length=255, blank=True)
     entity = models.ForeignKey(
         Entity,
         on_delete=models.CASCADE,
@@ -205,7 +239,7 @@ class Representative(AbstractBaseModel):
     fields_to_check = ["email"]
 
 
-class Solution(NameDescriptionMixin):
+class Solution(NameDescriptionMixin, FilteringLabelMixin):
     """
     A solution represents a product or service that is offered by an entity
     """
@@ -225,6 +259,8 @@ class Solution(NameDescriptionMixin):
         blank=True,
     )
     ref_id = models.CharField(max_length=255, blank=True)
+    is_active = models.BooleanField(default=True, verbose_name=_("Is active"))
+    reference_link = models.URLField(blank=True, null=True, max_length=2048)
     criticality = models.IntegerField(default=0, verbose_name=_("Criticality"))
 
     assets = models.ManyToManyField(
diff --git a/backend/tprm/views.py b/backend/tprm/views.py
index 833dabc429..545a77fb48 100644
--- a/backend/tprm/views.py
+++ b/backend/tprm/views.py
@@ -51,6 +51,8 @@ class EntityViewSet(BaseModelViewSet):
     model = Entity
     filterset_fields = [
         "name",
+        "ref_id",
+        "is_active",
         "folder",
         "parent_entity",
         "relationship",
@@ -61,6 +63,11 @@ class EntityViewSet(BaseModelViewSet):
         "dora_entity_type",
         "dora_entity_hierarchy",
         "dora_competent_authority",
+        "filtering_labels",
+        "default_dependency",
+        "default_penetration",
+        "default_maturity",
+        "default_trust",
     ]
 
     @action(detail=False, methods=["get"], name="Generate DORA ROI")
@@ -172,7 +179,7 @@ def generate_dora_roi(self, request):
                 zip_file, contracts, base_folder_name
             )
             dora_export.generate_b_02_02_ict_services(
-                zip_file, contracts, base_folder_name
+                zip_file, main_entity, contracts, base_folder_name
             )
             dora_export.generate_b_02_03_intragroup_contracts(
                 zip_file, contracts, base_folder_name
@@ -574,7 +581,7 @@ def destroy(self, request, *args, **kwargs):
         return super().destroy(request, *args, **kwargs)
 
     model = Representative
-    filterset_fields = ["entity"]
+    filterset_fields = ["entity", "ref_id", "filtering_labels"]
     search_fields = ["email"]
 
 
@@ -586,6 +593,8 @@ class SolutionViewSet(BaseModelViewSet):
     model = Solution
     filterset_fields = [
         "name",
+        "ref_id",
+        "is_active",
         "provider_entity",
         "assets",
         "criticality",
@@ -602,6 +611,7 @@ class SolutionViewSet(BaseModelViewSet):
         "dora_reintegration_possibility",
         "dora_discontinuing_impact",
         "dora_alternative_providers_identified",
+        "filtering_labels",
     ]
 
     @action(detail=False, name="Get data location storage choices")
diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index ec7b181fe1..a2b14ba4d3 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -2636,6 +2636,8 @@
 	"impactRequirements": "All values must be provided and greater than 0. Values must increase from top to bottom (e.g., Minor: 5,000 → Major: 50,000 → Critical: 500,000).",
 	"reports": "Reports",
 	"doraSpecific": "DORA specific",
+	"ebiosRmDefaults": "Rapid criticality assessment (EBIOS RM)",
+	"ebiosRmDefaultsHelpText": "Default values for dependency, penetration, maturity, and trust used when creating stakeholders in EBIOS RM Workshop 3",
 	"doraEntityType": "Entity Type",
 	"doraEntityHierarchy": "Entity Hierarchy",
 	"doraAssetsValue": "Value of total assets",
@@ -2660,9 +2662,9 @@
 	"doraNonSubstitutabilityReason": "Non-Substitutability Reason",
 	"doraHasExitPlan": "Exit Plan",
 	"doraReintegrationPossibility": "Reintegration Possibility",
-	"doraDiscontinuingImpact": "Discontinuing Impact",
 	"doraAlternativeProvidersIdentified": "Alternative Providers Identified",
 	"doraAlternativeProviders": "Alternative Providers",
 	"doraAttributes": "DORA Attributes",
-	"doraAssessment": "DORA Assessment"
+	"doraAssessment": "DORA Assessment",
+	"moreOnTerminologiesHelpText": "Hint: more options can be defined through terminologies"
 }
diff --git a/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte b/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
index abf92f4437..3004c5f3d7 100644
--- a/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
@@ -5,6 +5,8 @@
 	import NumberField from '$lib/components/Forms/NumberField.svelte';
 	import LegalIdentifierField from '../LegalIdentifierField.svelte';
 	import Dropdown from '$lib/components/Dropdown/Dropdown.svelte';
+	import RadioGroup from '../RadioGroup.svelte';
+	import Checkbox from '../Checkbox.svelte';
 	import type { SuperValidated } from 'sveltekit-superforms';
 	import type { ModelInfo, CacheLock } from '$lib/utils/types';
 	import { m } from '$paraglide/messages';
@@ -28,12 +30,19 @@
 	}: Props = $props();
 </script>
 
-<TextArea
+<TextField
 	{form}
-	field="mission"
-	label={m.mission()}
-	cacheLock={cacheLocks['mission']}
-	bind:cachedValue={formDataCache['mission']}
+	field="ref_id"
+	label={m.refId()}
+	cacheLock={cacheLocks['ref_id']}
+	bind:cachedValue={formDataCache['ref_id']}
+/>
+<Checkbox
+	{form}
+	field="is_active"
+	label={m.isActive()}
+	cacheLock={cacheLocks['is_active']}
+	bind:cachedValue={formDataCache['is_active']}
 />
 <AutocompleteSelect
 	{form}
@@ -53,6 +62,7 @@
 		cacheLock={cacheLocks['relationship']}
 		bind:cachedValue={formDataCache['relationship']}
 		label={m.relationship()}
+		helpText={m.moreOnTerminologiesHelpText()}
 		multiple
 	/>
 {/if}
@@ -64,6 +74,13 @@
 />
 
 <Dropdown open={false} style="hover:text-primary-700" icon="fa-solid fa-ellipsis" header={m.more()}>
+	<TextArea
+		{form}
+		field="mission"
+		label={m.mission()}
+		cacheLock={cacheLocks['mission']}
+		bind:cachedValue={formDataCache['mission']}
+	/>
 	<AutocompleteSelect
 		{form}
 		optionsEndpoint="entities"
@@ -73,14 +90,6 @@
 		label={m.parentEntity()}
 		helpText={m.parentEntityHelpText()}
 	/>
-	<TextField
-		{form}
-		field="reference_link"
-		label={m.referenceLink()}
-		helpText={m.linkHelpText()}
-		cacheLock={cacheLocks['reference_link']}
-		bind:cachedValue={formDataCache['reference_link']}
-	/>
 	<AutocompleteSelect
 		{form}
 		field="country"
@@ -105,6 +114,28 @@
 		cacheLock={cacheLocks['dora_provider_person_type']}
 		bind:cachedValue={formDataCache['dora_provider_person_type']}
 	/>
+	<TextField
+		{form}
+		field="reference_link"
+		label={m.referenceLink()}
+		helpText={m.linkHelpText()}
+		cacheLock={cacheLocks['reference_link']}
+		bind:cachedValue={formDataCache['reference_link']}
+	/>
+	<AutocompleteSelect
+		multiple
+		{form}
+		createFromSelection={true}
+		optionsEndpoint="filtering-labels"
+		optionsLabelField="label"
+		field="filtering_labels"
+		helpText={m.labelsHelpText()}
+		label={m.labels()}
+		translateOptions={false}
+		allowUserOptions="append"
+		cacheLock={cacheLocks['filtering_labels']}
+		bind:cachedValue={formDataCache['filtering_labels']}
+	/>
 </Dropdown>
 
 <Dropdown
@@ -144,3 +175,80 @@
 		bind:cachedValue={formDataCache['dora_competent_authority']}
 	/>
 </Dropdown>
+
+<Dropdown
+	open={false}
+	style="hover:text-primary-700"
+	icon="fa-solid fa-shield-halved"
+	header={m.ebiosRmDefaults()}
+>
+	<p class="text-sm text-surface-500 mb-4">{m.ebiosRmDefaultsHelpText()}</p>
+	<div class="flex flex-col space-y-4">
+		<RadioGroup
+			{form}
+			possibleOptions={[
+				{ label: '0', value: 0 },
+				{ label: '1', value: 1 },
+				{ label: '2', value: 2 },
+				{ label: '3', value: 3 },
+				{ label: '4', value: 4 }
+			]}
+			label={m.dependency()}
+			field="default_dependency"
+			labelKey="label"
+			key="value"
+			cacheLock={cacheLocks['default_dependency']}
+			bind:cachedValue={formDataCache['default_dependency']}
+			helpText={m.dependencyHelpText()}
+		/>
+		<RadioGroup
+			{form}
+			possibleOptions={[
+				{ label: '0', value: 0 },
+				{ label: '1', value: 1 },
+				{ label: '2', value: 2 },
+				{ label: '3', value: 3 },
+				{ label: '4', value: 4 }
+			]}
+			label={m.penetration()}
+			field="default_penetration"
+			labelKey="label"
+			key="value"
+			cacheLock={cacheLocks['default_penetration']}
+			bind:cachedValue={formDataCache['default_penetration']}
+			helpText={m.penetrationHelpText()}
+		/>
+		<RadioGroup
+			{form}
+			possibleOptions={[
+				{ label: '1', value: 1 },
+				{ label: '2', value: 2 },
+				{ label: '3', value: 3 },
+				{ label: '4', value: 4 }
+			]}
+			label={m.maturity()}
+			field="default_maturity"
+			labelKey="label"
+			key="value"
+			cacheLock={cacheLocks['default_maturity']}
+			bind:cachedValue={formDataCache['default_maturity']}
+			helpText={m.maturityHelpText()}
+		/>
+		<RadioGroup
+			{form}
+			possibleOptions={[
+				{ label: '1', value: 1 },
+				{ label: '2', value: 2 },
+				{ label: '3', value: 3 },
+				{ label: '4', value: 4 }
+			]}
+			label={m.trust()}
+			field="default_trust"
+			labelKey="label"
+			key="value"
+			cacheLock={cacheLocks['default_trust']}
+			bind:cachedValue={formDataCache['default_trust']}
+			helpText={m.trustHelpText()}
+		/>
+	</div>
+</Dropdown>
diff --git a/frontend/src/lib/utils/schemas.ts b/frontend/src/lib/utils/schemas.ts
index 3e0478e4db..51f0430f5a 100644
--- a/frontend/src/lib/utils/schemas.ts
+++ b/frontend/src/lib/utils/schemas.ts
@@ -567,6 +567,8 @@ export const SSOSettingsSchema = z.object({
 export const EntitiesSchema = z.object({
 	...NameDescriptionMixin,
 	folder: z.string(),
+	ref_id: z.string().optional(),
+	is_active: z.boolean().optional(),
 	parent_entity: z.string().optional(),
 	mission: z.string().optional(),
 	reference_link: z
@@ -583,7 +585,12 @@ export const EntitiesSchema = z.object({
 	dora_entity_hierarchy: z.string().optional(),
 	dora_assets_value: z.number().optional().nullable(),
 	dora_competent_authority: z.string().optional(),
-	dora_provider_person_type: z.string().optional()
+	dora_provider_person_type: z.string().optional(),
+	default_dependency: z.number().optional(),
+	default_penetration: z.number().optional(),
+	default_maturity: z.number().optional(),
+	default_trust: z.number().optional(),
+	filtering_labels: z.array(z.string()).optional()
 });
 
 export const EntityAssessmentSchema = z.object({

From c256f47f4eada9a96b366d4bcc90e042aac24e9d Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Thu, 13 Nov 2025 13:41:56 +0100
Subject: [PATCH 26/47] manage default criticality

---
 backend/tprm/models.py                        |  14 ++
 backend/tprm/serializers.py                   |   1 +
 frontend/messages/en.json                     |   1 +
 .../Forms/ModelForm/EntityForm.svelte         | 175 +++++++++++-------
 frontend/src/lib/utils/table.ts               |  22 ++-
 5 files changed, 143 insertions(+), 70 deletions(-)

diff --git a/backend/tprm/models.py b/backend/tprm/models.py
index 9e98aa8e8b..e59124b570 100644
--- a/backend/tprm/models.py
+++ b/backend/tprm/models.py
@@ -158,6 +158,20 @@ class Meta:
         verbose_name = _("Entity")
         verbose_name_plural = _("Entities")
 
+    @property
+    def default_criticality(self) -> float:
+        """
+        Compute default criticality based on the formula:
+        (default_dependency * default_penetration) / (default_maturity * default_trust)
+        """
+        if self.default_maturity == 0 or self.default_trust == 0:
+            return 0.0
+        return round(
+            (self.default_dependency * self.default_penetration)
+            / (self.default_maturity * self.default_trust),
+            2,
+        )
+
     @classmethod
     def get_main_entity(cls):
         return (
diff --git a/backend/tprm/serializers.py b/backend/tprm/serializers.py
index 3e7c0839e7..5840033516 100644
--- a/backend/tprm/serializers.py
+++ b/backend/tprm/serializers.py
@@ -26,6 +26,7 @@ class EntityReadSerializer(BaseModelSerializer):
     relationship = FieldsRelatedField(many=True)
     contracts = FieldsRelatedField(many=True)
     legal_identifiers = serializers.SerializerMethodField()
+    default_criticality = serializers.ReadOnlyField()
 
     def get_legal_identifiers(self, obj):
         """Format legal identifiers as a readable string for display"""
diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index a2b14ba4d3..4f4acb5da4 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -833,6 +833,7 @@
 	"entityAssessments": "Entity assessments",
 	"addEntityAssessment": "Add entity assessment",
 	"criticality": "Criticality",
+	"defaultCriticality": "Default criticality",
 	"penetration": "Penetration",
 	"dependency": "Dependency",
 	"trust": "Trust",
diff --git a/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte b/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
index 3004c5f3d7..93bbce9fe4 100644
--- a/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
@@ -28,6 +28,27 @@
 		initialData = {},
 		object = {}
 	}: Props = $props();
+
+	const formData = form.form;
+
+	const getCriticality = (
+		dependency: number,
+		penetration: number,
+		maturity: number,
+		trust: number
+	) => {
+		if (maturity === 0 || trust === 0) return 0;
+		return ((dependency * penetration) / (maturity * trust)).toFixed(2).replace(/\.?0+$/, '');
+	};
+
+	let defaultCriticality = $derived(
+		getCriticality(
+			$formData.default_dependency,
+			$formData.default_penetration,
+			$formData.default_maturity,
+			$formData.default_trust
+		)
+	);
 </script>
 
 <TextField
@@ -183,72 +204,92 @@
 	header={m.ebiosRmDefaults()}
 >
 	<p class="text-sm text-surface-500 mb-4">{m.ebiosRmDefaultsHelpText()}</p>
-	<div class="flex flex-col space-y-4">
-		<RadioGroup
-			{form}
-			possibleOptions={[
-				{ label: '0', value: 0 },
-				{ label: '1', value: 1 },
-				{ label: '2', value: 2 },
-				{ label: '3', value: 3 },
-				{ label: '4', value: 4 }
-			]}
-			label={m.dependency()}
-			field="default_dependency"
-			labelKey="label"
-			key="value"
-			cacheLock={cacheLocks['default_dependency']}
-			bind:cachedValue={formDataCache['default_dependency']}
-			helpText={m.dependencyHelpText()}
-		/>
-		<RadioGroup
-			{form}
-			possibleOptions={[
-				{ label: '0', value: 0 },
-				{ label: '1', value: 1 },
-				{ label: '2', value: 2 },
-				{ label: '3', value: 3 },
-				{ label: '4', value: 4 }
-			]}
-			label={m.penetration()}
-			field="default_penetration"
-			labelKey="label"
-			key="value"
-			cacheLock={cacheLocks['default_penetration']}
-			bind:cachedValue={formDataCache['default_penetration']}
-			helpText={m.penetrationHelpText()}
-		/>
-		<RadioGroup
-			{form}
-			possibleOptions={[
-				{ label: '1', value: 1 },
-				{ label: '2', value: 2 },
-				{ label: '3', value: 3 },
-				{ label: '4', value: 4 }
-			]}
-			label={m.maturity()}
-			field="default_maturity"
-			labelKey="label"
-			key="value"
-			cacheLock={cacheLocks['default_maturity']}
-			bind:cachedValue={formDataCache['default_maturity']}
-			helpText={m.maturityHelpText()}
-		/>
-		<RadioGroup
-			{form}
-			possibleOptions={[
-				{ label: '1', value: 1 },
-				{ label: '2', value: 2 },
-				{ label: '3', value: 3 },
-				{ label: '4', value: 4 }
-			]}
-			label={m.trust()}
-			field="default_trust"
-			labelKey="label"
-			key="value"
-			cacheLock={cacheLocks['default_trust']}
-			bind:cachedValue={formDataCache['default_trust']}
-			helpText={m.trustHelpText()}
-		/>
+	<div class="flex flex-row items-center space-x-4">
+		<div class="flex flex-col space-y-4 w-fit items-center">
+			<span class="flex flex-row items-center space-x-4">
+				<RadioGroup
+					{form}
+					possibleOptions={[
+						{ label: '0', value: 0 },
+						{ label: '1', value: 1 },
+						{ label: '2', value: 2 },
+						{ label: '3', value: 3 },
+						{ label: '4', value: 4 }
+					]}
+					label={m.dependency()}
+					field="default_dependency"
+					labelKey="label"
+					key="value"
+					cacheLock={cacheLocks['default_dependency']}
+					bind:cachedValue={formDataCache['default_dependency']}
+					helpText={m.dependencyHelpText()}
+				/>
+				<i class="fa-solid fa-times"></i>
+				<RadioGroup
+					{form}
+					possibleOptions={[
+						{ label: '0', value: 0 },
+						{ label: '1', value: 1 },
+						{ label: '2', value: 2 },
+						{ label: '3', value: 3 },
+						{ label: '4', value: 4 }
+					]}
+					label={m.penetration()}
+					field="default_penetration"
+					labelKey="label"
+					key="value"
+					cacheLock={cacheLocks['default_penetration']}
+					bind:cachedValue={formDataCache['default_penetration']}
+					helpText={m.penetrationHelpText()}
+				/>
+			</span>
+
+			<hr class="border-t-2! border-surface-900! self-stretch" />
+
+			<span class="flex flex-row items-center space-x-4">
+				<RadioGroup
+					{form}
+					possibleOptions={[
+						{ label: '1', value: 1 },
+						{ label: '2', value: 2 },
+						{ label: '3', value: 3 },
+						{ label: '4', value: 4 }
+					]}
+					label={m.maturity()}
+					field="default_maturity"
+					labelKey="label"
+					key="value"
+					cacheLock={cacheLocks['default_maturity']}
+					bind:cachedValue={formDataCache['default_maturity']}
+					helpText={m.maturityHelpText()}
+				/>
+				<i class="fa-solid fa-times"></i>
+				<RadioGroup
+					{form}
+					possibleOptions={[
+						{ label: '1', value: 1 },
+						{ label: '2', value: 2 },
+						{ label: '3', value: 3 },
+						{ label: '4', value: 4 }
+					]}
+					label={m.trust()}
+					field="default_trust"
+					labelKey="label"
+					key="value"
+					cacheLock={cacheLocks['default_trust']}
+					bind:cachedValue={formDataCache['default_trust']}
+					helpText={m.trustHelpText()}
+				/></span
+			>
+		</div>
+		<i class="fa-solid fa-equals"></i>
+		<div class="flex flex-col mb-5">
+			<label for="default_criticality" class="text-sm font-semibold">
+				{m.criticality()}
+			</label>
+			<span class="chip text-base text-center px-4 py-1 rounded-base preset-filled">
+				{defaultCriticality}
+			</span>
+		</div>
 	</div>
 </Dropdown>
diff --git a/frontend/src/lib/utils/table.ts b/frontend/src/lib/utils/table.ts
index 799bbb5fc2..52cb8c4b80 100644
--- a/frontend/src/lib/utils/table.ts
+++ b/frontend/src/lib/utils/table.ts
@@ -702,7 +702,7 @@ const PERTINENCE_FILTER: ListViewFilterConfig = {
 const ENTITY_FILTER: ListViewFilterConfig = {
 	component: AutocompleteSelect,
 	props: {
-		label: 'entity',
+		label: 'parentEntity',
 		optionsEndpoint: 'entities',
 		multiple: true
 	}
@@ -1491,8 +1491,24 @@ export const listViewFields = {
 		}
 	},
 	entities: {
-		head: ['refId', 'name', 'description', 'domain', 'parentEntity', 'relationship'],
-		body: ['ref_id', 'name', 'description', 'folder', 'parent_entity', 'relationship'],
+		head: [
+			'refId',
+			'name',
+			'description',
+			'domain',
+			'parentEntity',
+			'relationship',
+			'defaultCriticality'
+		],
+		body: [
+			'ref_id',
+			'name',
+			'description',
+			'folder',
+			'parent_entity',
+			'relationship',
+			'default_criticality'
+		],
 		filters: {
 			folder: DOMAIN_FILTER,
 			parent_entity: ENTITY_FILTER,

From 56e221bbc7e761fa2317838e3a4397cc7afb1baf Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Thu, 13 Nov 2025 13:57:38 +0100
Subject: [PATCH 27/47] sortable entities criticality

---
 backend/tprm/models.py | 14 --------------
 backend/tprm/views.py  | 27 ++++++++++++++++++++++++++-
 2 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/backend/tprm/models.py b/backend/tprm/models.py
index e59124b570..9e98aa8e8b 100644
--- a/backend/tprm/models.py
+++ b/backend/tprm/models.py
@@ -158,20 +158,6 @@ class Meta:
         verbose_name = _("Entity")
         verbose_name_plural = _("Entities")
 
-    @property
-    def default_criticality(self) -> float:
-        """
-        Compute default criticality based on the formula:
-        (default_dependency * default_penetration) / (default_maturity * default_trust)
-        """
-        if self.default_maturity == 0 or self.default_trust == 0:
-            return 0.0
-        return round(
-            (self.default_dependency * self.default_penetration)
-            / (self.default_maturity * self.default_trust),
-            2,
-        )
-
     @classmethod
     def get_main_entity(cls):
         return (
diff --git a/backend/tprm/views.py b/backend/tprm/views.py
index 545a77fb48..a277e46c6f 100644
--- a/backend/tprm/views.py
+++ b/backend/tprm/views.py
@@ -11,7 +11,8 @@
 
 from django.utils.formats import date_format
 from django.http import HttpResponse
-from django.db.models import Sum
+from django.db.models import Sum, F, FloatField, Case, When, Value
+from django.db.models.functions import Cast, Greatest, Coalesce
 
 from core.constants import COUNTRY_CHOICES, CURRENCY_CHOICES
 from core.dora import (
@@ -70,6 +71,30 @@ class EntityViewSet(BaseModelViewSet):
         "default_trust",
     ]
 
+    def get_queryset(self):
+        """Add annotation for default_criticality to enable sorting"""
+        qs = super().get_queryset()
+
+        # Annotate with default_criticality calculation
+        # Formula: (default_dependency * default_penetration) / (default_maturity * default_trust)
+        # Handle division by zero by using Case/When
+        qs = qs.annotate(
+            default_criticality=Case(
+                # If maturity or trust is 0, return 0.0
+                When(default_maturity=0, then=Value(0.0)),
+                When(default_trust=0, then=Value(0.0)),
+                # Otherwise, calculate criticality
+                default=Cast(
+                    (F("default_dependency") * F("default_penetration"))
+                    / (F("default_maturity") * F("default_trust")),
+                    output_field=FloatField(),
+                ),
+                output_field=FloatField(),
+            )
+        )
+
+        return qs
+
     @action(detail=False, methods=["get"], name="Generate DORA ROI")
     def generate_dora_roi(self, request):
         """

From 203edff64a2ba9ce8c1ca2e6fa1f6ba2d533fd76 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Thu, 13 Nov 2025 17:06:53 +0100
Subject: [PATCH 28/47] data wizard for ecosystem

---
 backend/data_wizard/views.py                  | 460 +++++++++++++++++-
 .../(internal)/extra/data-wizard/+page.svelte |  24 +-
 2 files changed, 472 insertions(+), 12 deletions(-)

diff --git a/backend/data_wizard/views.py b/backend/data_wizard/views.py
index 9ed365a630..d4902431cc 100644
--- a/backend/data_wizard/views.py
+++ b/backend/data_wizard/views.py
@@ -34,6 +34,12 @@
     ThreatWriteSerializer,
 )
 from ebios_rm.serializers import ElementaryActionWriteSerializer
+from tprm.models import Entity, Solution, Contract
+from tprm.serializers import (
+    EntityWriteSerializer,
+    SolutionWriteSerializer,
+    ContractWriteSerializer,
+)
 from iam.models import RoleAssignment
 
 logger = logging.getLogger(__name__)
@@ -78,17 +84,24 @@ def process_excel_file(self, request, excel_data):
 
         res = None
         try:
-            # Read Excel file into a pandas DataFrame
-            df = pd.read_excel(excel_data).fillna("")
-            res = self.process_data(
-                request,
-                df,
-                model_type,
-                folder_id,
-                perimeter_id,
-                framework_id,
-                matrix_id,
-            )
+            # Special handling for TPRM multi-sheet import
+            if model_type == "TPRM":
+                folders_map = get_accessible_objects(request.user)
+                res = self._process_tprm_file(
+                    request, excel_data, folders_map, folder_id
+                )
+            else:
+                # Read Excel file into a pandas DataFrame
+                df = pd.read_excel(excel_data).fillna("")
+                res = self.process_data(
+                    request,
+                    df,
+                    model_type,
+                    folder_id,
+                    perimeter_id,
+                    framework_id,
+                    matrix_id,
+                )
 
         except Exception as e:
             logger.error("Error parsing Excel file", exc_info=e)
@@ -151,6 +164,8 @@ def process_data(
             )
         elif model_type == "Threat":
             return self._process_threats(request, records, folders_map, folder_id)
+        elif model_type == "TPRM":
+            return self._process_tprm(request, records, folders_map, folder_id)
         else:
             return {
                 "successful": 0,
@@ -849,6 +864,429 @@ def _process_compliance_assessment(
 
         return results
 
+    def _process_tprm_file(self, request, excel_data, folders_map, folder_id):
+        """
+        Process TPRM multi-sheet Excel file with Entities, Solutions, and Contracts
+        """
+        try:
+            # Read all sheets from Excel file
+            excel_file = pd.ExcelFile(excel_data)
+
+            # Track overall results
+            overall_results = {
+                "entities": {"successful": 0, "failed": 0, "errors": []},
+                "solutions": {"successful": 0, "failed": 0, "errors": []},
+                "contracts": {"successful": 0, "failed": 0, "errors": []},
+            }
+
+            # Track ref_id to actual ID mappings
+            entity_ref_map = {}  # ref_id -> actual UUID
+            solution_ref_map = {}  # ref_id -> actual UUID
+
+            # Process Entities sheet first
+            if "Entities" in excel_file.sheet_names:
+                logger.info("Processing Entities sheet")
+                entities_df = pd.read_excel(excel_data, sheet_name="Entities").fillna(
+                    ""
+                )
+                entities_records = entities_df.to_dict(orient="records")
+                entities_result, entity_ref_map = self._process_entities(
+                    request, entities_records, folders_map, folder_id
+                )
+                overall_results["entities"] = entities_result
+            else:
+                logger.warning("No 'Entities' sheet found in Excel file")
+
+            # Process Solutions sheet second (requires entities to exist)
+            if "Solutions" in excel_file.sheet_names:
+                logger.info("Processing Solutions sheet")
+                solutions_df = pd.read_excel(excel_data, sheet_name="Solutions").fillna(
+                    ""
+                )
+                solutions_records = solutions_df.to_dict(orient="records")
+                solutions_result, solution_ref_map = self._process_solutions(
+                    request, solutions_records, folders_map, folder_id, entity_ref_map
+                )
+                overall_results["solutions"] = solutions_result
+            else:
+                logger.warning("No 'Solutions' sheet found in Excel file")
+
+            # Process Contracts sheet last (requires entities and solutions)
+            if "Contracts" in excel_file.sheet_names:
+                logger.info("Processing Contracts sheet")
+                contracts_df = pd.read_excel(excel_data, sheet_name="Contracts").fillna(
+                    ""
+                )
+                contracts_records = contracts_df.to_dict(orient="records")
+                contracts_result = self._process_contracts(
+                    request,
+                    contracts_records,
+                    folders_map,
+                    folder_id,
+                    entity_ref_map,
+                    solution_ref_map,
+                )
+                overall_results["contracts"] = contracts_result
+            else:
+                logger.warning("No 'Contracts' sheet found in Excel file")
+
+            # Calculate totals
+            total_successful = (
+                overall_results["entities"]["successful"]
+                + overall_results["solutions"]["successful"]
+                + overall_results["contracts"]["successful"]
+            )
+            total_failed = (
+                overall_results["entities"]["failed"]
+                + overall_results["solutions"]["failed"]
+                + overall_results["contracts"]["failed"]
+            )
+
+            logger.info(
+                f"TPRM import complete. Total success: {total_successful}, Total failed: {total_failed}"
+            )
+
+            return overall_results
+
+        except Exception as e:
+            logger.error(f"Error processing TPRM file: {str(e)}")
+            return {
+                "entities": {
+                    "successful": 0,
+                    "failed": 0,
+                    "errors": [{"error": str(e)}],
+                },
+                "solutions": {"successful": 0, "failed": 0, "errors": []},
+                "contracts": {"successful": 0, "failed": 0, "errors": []},
+            }
+
+    def _process_entities(self, request, records, folders_map, folder_id):
+        """Process entities from TPRM import"""
+        results = {"successful": 0, "failed": 0, "errors": []}
+        ref_id_map = {}  # Map ref_id to actual UUID
+
+        for record in records:
+            try:
+                ref_id = record.get("ref_id", "").strip()
+                if not ref_id:
+                    results["failed"] += 1
+                    results["errors"].append(
+                        {"record": record, "error": "ref_id field is mandatory"}
+                    )
+                    continue
+
+                # Check if name is provided
+                if not record.get("name"):
+                    results["failed"] += 1
+                    results["errors"].append(
+                        {"record": record, "error": "name field is mandatory"}
+                    )
+                    continue
+
+                # Get domain from record or use fallback
+                domain = folder_id
+                if record.get("domain") != "":
+                    domain = folders_map.get(record.get("domain"), folder_id)
+
+                # Prepare entity data
+                entity_data = {
+                    "ref_id": ref_id,
+                    "name": record.get("name"),
+                    "description": record.get("description", ""),
+                    "mission": record.get("mission", ""),
+                    "folder": domain,
+                }
+
+                # Add optional fields
+                if record.get("country"):
+                    entity_data["country"] = record.get("country")
+                if record.get("currency"):
+                    entity_data["currency"] = record.get("currency")
+
+                # Add EBIOS RM fields with type conversion
+                for field in ["dependency", "penetration", "maturity", "trust"]:
+                    value = record.get(field)
+                    if value != "" and value is not None:
+                        try:
+                            entity_data[f"default_{field}"] = int(value)
+                        except (ValueError, TypeError):
+                            pass
+
+                # Create the entity first, then handle parent relationship
+                serializer = EntityWriteSerializer(
+                    data=entity_data, context={"request": request}
+                )
+
+                if serializer.is_valid(raise_exception=True):
+                    entity = serializer.save()
+                    ref_id_map[ref_id] = str(entity.id)
+                    results["successful"] += 1
+                    logger.debug(f"Created entity: {entity.name} with ref_id: {ref_id}")
+                else:
+                    results["failed"] += 1
+                    results["errors"].append(
+                        {"record": record, "errors": serializer.errors}
+                    )
+
+            except Exception as e:
+                logger.warning(f"Error creating entity: {str(e)}")
+                results["failed"] += 1
+                results["errors"].append({"record": record, "error": str(e)})
+
+        # Second pass: handle parent_entity relationships
+        for record in records:
+            try:
+                ref_id = record.get("ref_id", "").strip()
+                parent_ref_id = record.get("parent_entity_ref_id", "").strip()
+
+                if ref_id and parent_ref_id and ref_id in ref_id_map:
+                    if parent_ref_id in ref_id_map:
+                        entity = Entity.objects.get(id=ref_id_map[ref_id])
+                        entity.parent_entity_id = ref_id_map[parent_ref_id]
+                        entity.save()
+                        logger.debug(
+                            f"Linked entity {ref_id} to parent {parent_ref_id}"
+                        )
+                    else:
+                        logger.warning(
+                            f"Parent entity ref_id '{parent_ref_id}' not found for entity '{ref_id}'"
+                        )
+            except Exception as e:
+                logger.warning(f"Error linking parent entity: {str(e)}")
+
+        logger.info(
+            f"Entity import complete. Success: {results['successful']}, Failed: {results['failed']}"
+        )
+        return results, ref_id_map
+
+    def _process_solutions(
+        self, request, records, folders_map, folder_id, entity_ref_map
+    ):
+        """Process solutions from TPRM import"""
+        results = {"successful": 0, "failed": 0, "errors": []}
+        ref_id_map = {}  # Map ref_id to actual UUID
+
+        for record in records:
+            try:
+                ref_id = record.get("ref_id", "").strip()
+                if not ref_id:
+                    results["failed"] += 1
+                    results["errors"].append(
+                        {"record": record, "error": "ref_id field is mandatory"}
+                    )
+                    continue
+
+                # Check if name is provided
+                if not record.get("name"):
+                    results["failed"] += 1
+                    results["errors"].append(
+                        {"record": record, "error": "name field is mandatory"}
+                    )
+                    continue
+
+                # Check provider_entity_ref_id
+                provider_ref_id = record.get("provider_entity_ref_id", "").strip()
+                if not provider_ref_id:
+                    results["failed"] += 1
+                    results["errors"].append(
+                        {
+                            "record": record,
+                            "error": "provider_entity_ref_id field is mandatory",
+                        }
+                    )
+                    continue
+
+                # Lookup provider entity UUID
+                if provider_ref_id not in entity_ref_map:
+                    results["failed"] += 1
+                    results["errors"].append(
+                        {
+                            "record": record,
+                            "error": f"Provider entity with ref_id '{provider_ref_id}' not found",
+                        }
+                    )
+                    continue
+
+                provider_entity_id = entity_ref_map[provider_ref_id]
+
+                # Prepare solution data
+                solution_data = {
+                    "ref_id": ref_id,
+                    "name": record.get("name"),
+                    "description": record.get("description", ""),
+                    "provider_entity": provider_entity_id,
+                }
+
+                # Add criticality if provided
+                if (
+                    record.get("criticality") != ""
+                    and record.get("criticality") is not None
+                ):
+                    try:
+                        solution_data["criticality"] = int(record.get("criticality"))
+                    except (ValueError, TypeError):
+                        pass
+
+                # Create the solution
+                serializer = SolutionWriteSerializer(
+                    data=solution_data, context={"request": request}
+                )
+
+                if serializer.is_valid(raise_exception=True):
+                    solution = serializer.save()
+                    ref_id_map[ref_id] = str(solution.id)
+                    results["successful"] += 1
+                    logger.debug(
+                        f"Created solution: {solution.name} with ref_id: {ref_id}"
+                    )
+                else:
+                    results["failed"] += 1
+                    results["errors"].append(
+                        {"record": record, "errors": serializer.errors}
+                    )
+
+            except Exception as e:
+                logger.warning(f"Error creating solution: {str(e)}")
+                results["failed"] += 1
+                results["errors"].append({"record": record, "error": str(e)})
+
+        logger.info(
+            f"Solution import complete. Success: {results['successful']}, Failed: {results['failed']}"
+        )
+        return results, ref_id_map
+
+    def _process_contracts(
+        self, request, records, folders_map, folder_id, entity_ref_map, solution_ref_map
+    ):
+        """Process contracts from TPRM import"""
+        results = {"successful": 0, "failed": 0, "errors": []}
+
+        for record in records:
+            try:
+                ref_id = record.get("ref_id", "").strip()
+                if not ref_id:
+                    results["failed"] += 1
+                    results["errors"].append(
+                        {"record": record, "error": "ref_id field is mandatory"}
+                    )
+                    continue
+
+                # Check if name is provided
+                if not record.get("name"):
+                    results["failed"] += 1
+                    results["errors"].append(
+                        {"record": record, "error": "name field is mandatory"}
+                    )
+                    continue
+
+                # Check provider_entity_ref_id
+                provider_ref_id = record.get("provider_entity_ref_id", "").strip()
+                if not provider_ref_id:
+                    results["failed"] += 1
+                    results["errors"].append(
+                        {
+                            "record": record,
+                            "error": "provider_entity_ref_id field is mandatory",
+                        }
+                    )
+                    continue
+
+                # Lookup provider entity UUID
+                if provider_ref_id not in entity_ref_map:
+                    results["failed"] += 1
+                    results["errors"].append(
+                        {
+                            "record": record,
+                            "error": f"Provider entity with ref_id '{provider_ref_id}' not found",
+                        }
+                    )
+                    continue
+
+                provider_entity_id = entity_ref_map[provider_ref_id]
+
+                # Get domain from record or use fallback
+                domain = folder_id
+                if record.get("domain") != "":
+                    domain = folders_map.get(record.get("domain"), folder_id)
+
+                # Prepare contract data
+                contract_data = {
+                    "ref_id": ref_id,
+                    "name": record.get("name"),
+                    "description": record.get("description", ""),
+                    "provider_entity": provider_entity_id,
+                    "folder": domain,
+                }
+
+                # Add optional solution reference
+                solution_ref_id = record.get("solution_ref_id", "").strip()
+                if solution_ref_id:
+                    if solution_ref_id in solution_ref_map:
+                        contract_data["solutions"] = [solution_ref_map[solution_ref_id]]
+                    else:
+                        logger.warning(
+                            f"Solution with ref_id '{solution_ref_id}' not found for contract '{ref_id}'"
+                        )
+
+                # Add optional fields
+                if record.get("status"):
+                    contract_data["status"] = record.get("status")
+                if record.get("start_date"):
+                    contract_data["start_date"] = record.get("start_date")
+                if record.get("end_date"):
+                    contract_data["end_date"] = record.get("end_date")
+                if (
+                    record.get("annual_expense") != ""
+                    and record.get("annual_expense") is not None
+                ):
+                    try:
+                        contract_data["annual_expense"] = float(
+                            record.get("annual_expense")
+                        )
+                    except (ValueError, TypeError):
+                        pass
+                if record.get("currency"):
+                    contract_data["currency"] = record.get("currency")
+
+                # Create the contract
+                serializer = ContractWriteSerializer(
+                    data=contract_data, context={"request": request}
+                )
+
+                if serializer.is_valid(raise_exception=True):
+                    contract = serializer.save()
+                    results["successful"] += 1
+                    logger.debug(
+                        f"Created contract: {contract.name} with ref_id: {ref_id}"
+                    )
+                else:
+                    results["failed"] += 1
+                    results["errors"].append(
+                        {"record": record, "errors": serializer.errors}
+                    )
+
+            except Exception as e:
+                logger.warning(f"Error creating contract: {str(e)}")
+                results["failed"] += 1
+                results["errors"].append({"record": record, "error": str(e)})
+
+        logger.info(
+            f"Contract import complete. Success: {results['successful']}, Failed: {results['failed']}"
+        )
+        return results
+
+    def _process_tprm(self, request, records, folders_map, folder_id):
+        """Legacy handler - TPRM should use _process_tprm_file for multi-sheet support"""
+        return {
+            "successful": 0,
+            "failed": 0,
+            "errors": [
+                {
+                    "error": "TPRM import requires multi-sheet Excel file. Please use the proper TPRM template."
+                }
+            ],
+        }
+
     def post(self, request, *args, **kwargs):
         # if not request.user.has_file_permission:
         #     logger.error("Unauthorized user tried to load a file", user=request.user)
diff --git a/enterprise/frontend/src/routes/(app)/(internal)/extra/data-wizard/+page.svelte b/enterprise/frontend/src/routes/(app)/(internal)/extra/data-wizard/+page.svelte
index abc9f22de8..a0fe21d071 100644
--- a/enterprise/frontend/src/routes/(app)/(internal)/extra/data-wizard/+page.svelte
+++ b/enterprise/frontend/src/routes/(app)/(internal)/extra/data-wizard/+page.svelte
@@ -64,7 +64,8 @@
 			selectedModel === 'Perimeter' ||
 			selectedModel === 'ElementaryAction' ||
 			selectedModel === 'ReferenceControl' ||
-			selectedModel === 'Threat'
+			selectedModel === 'Threat' ||
+			selectedModel === 'TPRM'
 	);
 
 	// Fixed: Check files correctly
@@ -348,6 +349,27 @@
 							/>
 						</label>
 					</div>
+
+					<div>
+						<label
+							for="TPRM"
+							class="flex cursor-pointer justify-between gap-4 rounded-lg border border-gray-100 bg-white p-4 text-sm font-medium shadow-2xs hover:border-gray-200 has-checked:border-blue-500 has-checked:ring-1 has-checked:ring-blue-500"
+						>
+							<div>
+								<p class="text-gray-700">TPRM (Third-Party Risk Management)</p>
+								<p class="text-gray-500 text-xs">Import entities, solutions, and contracts from a multi-sheet Excel file</p>
+							</div>
+
+							<input
+								type="radio"
+								name="model"
+								value="TPRM"
+								id="TPRM"
+								class="size-5 border-gray-300 text-blue-500"
+								bind:group={selectedModel}
+							/>
+						</label>
+					</div>
 				</fieldset>
 			</div>
 

From 104ce4cc9e995b0fdb61245855325ae61735f846 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Thu, 13 Nov 2025 17:40:15 +0100
Subject: [PATCH 29/47] fix migrations

---
 .../core/migrations/0112_asset_is_critical.py |  17 --
 .../0113_asset_is_business_function.py        |  19 --
 ...t_dora_criticality_assessment_and_more.py} |  15 +-
 ...entity_country_entity_currency_and_more.py | 261 +++++++++++++++++-
 ...ties_remove_contract_solutions_and_more.py |  47 ----
 .../migrations/0010_entity_parent_entity.py   |  26 --
 .../0011_entity_dora_provider_person_type.py  |  29 --
 ...ion_dora_alternative_providers_and_more.py | 108 --------
 .../0013_contract_beneficiary_entity.py       |  26 --
 ...filtering_labels_entity_ref_id_and_more.py |  44 ---
 ...y_is_active_solution_is_active_and_more.py |  27 --
 ...ndency_entity_default_maturity_and_more.py |  63 -----
 12 files changed, 259 insertions(+), 423 deletions(-)
 delete mode 100644 backend/core/migrations/0112_asset_is_critical.py
 delete mode 100644 backend/core/migrations/0113_asset_is_business_function.py
 rename backend/core/migrations/{0114_remove_asset_is_critical_and_more.py => 0114_asset_dora_criticality_assessment_and_more.py} (98%)
 delete mode 100644 backend/tprm/migrations/0009_remove_contract_entities_remove_contract_solutions_and_more.py
 delete mode 100644 backend/tprm/migrations/0010_entity_parent_entity.py
 delete mode 100644 backend/tprm/migrations/0011_entity_dora_provider_person_type.py
 delete mode 100644 backend/tprm/migrations/0012_solution_dora_alternative_providers_and_more.py
 delete mode 100644 backend/tprm/migrations/0013_contract_beneficiary_entity.py
 delete mode 100644 backend/tprm/migrations/0014_entity_filtering_labels_entity_ref_id_and_more.py
 delete mode 100644 backend/tprm/migrations/0015_entity_is_active_solution_is_active_and_more.py
 delete mode 100644 backend/tprm/migrations/0016_entity_default_dependency_entity_default_maturity_and_more.py

diff --git a/backend/core/migrations/0112_asset_is_critical.py b/backend/core/migrations/0112_asset_is_critical.py
deleted file mode 100644
index 4a61888349..0000000000
--- a/backend/core/migrations/0112_asset_is_critical.py
+++ /dev/null
@@ -1,17 +0,0 @@
-# Generated by Django 5.2.7 on 2025-11-07 17:17
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("core", "0111_finding_priority"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="asset",
-            name="is_critical",
-            field=models.BooleanField(default=False, verbose_name="is_critical"),
-        ),
-    ]
diff --git a/backend/core/migrations/0113_asset_is_business_function.py b/backend/core/migrations/0113_asset_is_business_function.py
deleted file mode 100644
index 3523fc2e31..0000000000
--- a/backend/core/migrations/0113_asset_is_business_function.py
+++ /dev/null
@@ -1,19 +0,0 @@
-# Generated by Django 5.2.7 on 2025-11-11 08:44
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("core", "0112_asset_is_critical"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="asset",
-            name="is_business_function",
-            field=models.BooleanField(
-                default=False, verbose_name="is_business_function"
-            ),
-        ),
-    ]
diff --git a/backend/core/migrations/0114_remove_asset_is_critical_and_more.py b/backend/core/migrations/0114_asset_dora_criticality_assessment_and_more.py
similarity index 98%
rename from backend/core/migrations/0114_remove_asset_is_critical_and_more.py
rename to backend/core/migrations/0114_asset_dora_criticality_assessment_and_more.py
index 9b367c1423..3d3208a2aa 100644
--- a/backend/core/migrations/0114_remove_asset_is_critical_and_more.py
+++ b/backend/core/migrations/0114_asset_dora_criticality_assessment_and_more.py
@@ -1,18 +1,14 @@
-# Generated by Django 5.2.7 on 2025-11-11 09:10
+# Generated by Django 5.2.7 on 2025-11-13 16:37
 
 from django.db import migrations, models
 
 
 class Migration(migrations.Migration):
     dependencies = [
-        ("core", "0113_asset_is_business_function"),
+        ("core", "0113_autoload_mappingsets"),
     ]
 
     operations = [
-        migrations.RemoveField(
-            model_name="asset",
-            name="is_critical",
-        ),
         migrations.AddField(
             model_name="asset",
             name="dora_criticality_assessment",
@@ -374,4 +370,11 @@ class Migration(migrations.Migration):
                 verbose_name="DORA Licensed Activity",
             ),
         ),
+        migrations.AddField(
+            model_name="asset",
+            name="is_business_function",
+            field=models.BooleanField(
+                default=False, verbose_name="is_business_function"
+            ),
+        ),
     ]
diff --git a/backend/tprm/migrations/0008_entity_country_entity_currency_and_more.py b/backend/tprm/migrations/0008_entity_country_entity_currency_and_more.py
index 87afaaf9d8..3c80b5c915 100644
--- a/backend/tprm/migrations/0008_entity_country_entity_currency_and_more.py
+++ b/backend/tprm/migrations/0008_entity_country_entity_currency_and_more.py
@@ -1,5 +1,6 @@
-# Generated by Django 5.2.7 on 2025-11-10 19:34
+# Generated by Django 5.2.7 on 2025-11-13 16:37
 
+import django.core.validators
 import django.db.models.deletion
 import iam.models
 import uuid
@@ -9,7 +10,7 @@
 
 class Migration(migrations.Migration):
     dependencies = [
-        ("core", "0112_asset_is_critical"),
+        ("core", "0114_asset_dora_criticality_assessment_and_more"),
         ("iam", "0016_folder_filtering_labels"),
         ("tprm", "0007_entity_relationship"),
         migrations.swappable_dependency(settings.AUTH_USER_MODEL),
@@ -457,6 +458,56 @@ class Migration(migrations.Migration):
                 verbose_name="Currency",
             ),
         ),
+        migrations.AddField(
+            model_name="entity",
+            name="default_dependency",
+            field=models.PositiveSmallIntegerField(
+                blank=True,
+                default=0,
+                help_text="Default dependency level for stakeholder assessment (0-4)",
+                validators=[django.core.validators.MaxValueValidator(4)],
+                verbose_name="Default dependency",
+            ),
+        ),
+        migrations.AddField(
+            model_name="entity",
+            name="default_maturity",
+            field=models.PositiveSmallIntegerField(
+                blank=True,
+                default=1,
+                help_text="Default maturity level for stakeholder assessment (1-4)",
+                validators=[
+                    django.core.validators.MinValueValidator(1),
+                    django.core.validators.MaxValueValidator(4),
+                ],
+                verbose_name="Default maturity",
+            ),
+        ),
+        migrations.AddField(
+            model_name="entity",
+            name="default_penetration",
+            field=models.PositiveSmallIntegerField(
+                blank=True,
+                default=0,
+                help_text="Default penetration level for stakeholder assessment (0-4)",
+                validators=[django.core.validators.MaxValueValidator(4)],
+                verbose_name="Default penetration",
+            ),
+        ),
+        migrations.AddField(
+            model_name="entity",
+            name="default_trust",
+            field=models.PositiveSmallIntegerField(
+                blank=True,
+                default=1,
+                help_text="Default trust level for stakeholder assessment (1-4)",
+                validators=[
+                    django.core.validators.MinValueValidator(1),
+                    django.core.validators.MaxValueValidator(4),
+                ],
+                verbose_name="Default trust",
+            ),
+        ),
         migrations.AddField(
             model_name="entity",
             name="dora_assets_value",
@@ -542,6 +593,35 @@ class Migration(migrations.Migration):
                 verbose_name="DORA entity type",
             ),
         ),
+        migrations.AddField(
+            model_name="entity",
+            name="dora_provider_person_type",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    (
+                        "eba_CT:x212",
+                        "Legal person, excluding individual acting in a business capacity",
+                    ),
+                    ("eba_CT:x213", "Individual acting in a business capacity"),
+                ],
+                help_text="Type of person for ICT third-party service providers",
+                max_length=20,
+                verbose_name="DORA provider person type",
+            ),
+        ),
+        migrations.AddField(
+            model_name="entity",
+            name="filtering_labels",
+            field=models.ManyToManyField(
+                blank=True, to="core.filteringlabel", verbose_name="Labels"
+            ),
+        ),
+        migrations.AddField(
+            model_name="entity",
+            name="is_active",
+            field=models.BooleanField(default=True, verbose_name="Is active"),
+        ),
         migrations.AddField(
             model_name="entity",
             name="legal_identifiers",
@@ -552,6 +632,36 @@ class Migration(migrations.Migration):
                 verbose_name="Legal identifiers",
             ),
         ),
+        migrations.AddField(
+            model_name="entity",
+            name="parent_entity",
+            field=models.ForeignKey(
+                blank=True,
+                help_text="Parent entity for branch/subsidiary relationships",
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="branches",
+                to="tprm.entity",
+                verbose_name="Parent entity",
+            ),
+        ),
+        migrations.AddField(
+            model_name="entity",
+            name="ref_id",
+            field=models.CharField(blank=True, max_length=255),
+        ),
+        migrations.AddField(
+            model_name="representative",
+            name="filtering_labels",
+            field=models.ManyToManyField(
+                blank=True, to="core.filteringlabel", verbose_name="Labels"
+            ),
+        ),
+        migrations.AddField(
+            model_name="representative",
+            name="ref_id",
+            field=models.CharField(blank=True, max_length=255),
+        ),
         migrations.AddField(
             model_name="solution",
             name="data_location_processing",
@@ -1078,6 +1188,26 @@ class Migration(migrations.Migration):
                 verbose_name="Location of data at rest",
             ),
         ),
+        migrations.AddField(
+            model_name="solution",
+            name="dora_alternative_providers",
+            field=models.TextField(
+                blank=True,
+                help_text="Identification of alternative ICT third-party service providers",
+                verbose_name="Alternative providers",
+            ),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="dora_alternative_providers_identified",
+            field=models.CharField(
+                blank=True,
+                choices=[("eba_BT:x28", "Yes"), ("eba_BT:x29", "No")],
+                help_text="Are there alternative ICT third-party service providers identified?",
+                max_length=20,
+                verbose_name="Alternative providers identified",
+            ),
+        ),
         migrations.AddField(
             model_name="solution",
             name="dora_data_sensitiveness",
@@ -1093,6 +1223,33 @@ class Migration(migrations.Migration):
                 verbose_name="Data sensitiveness",
             ),
         ),
+        migrations.AddField(
+            model_name="solution",
+            name="dora_discontinuing_impact",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("eba_ZZ:x791", "Low"),
+                    ("eba_ZZ:x792", "Medium"),
+                    ("eba_ZZ:x793", "High"),
+                    ("eba_ZZ:x799", "Assessment not performed"),
+                ],
+                help_text="Impact of discontinuing the ICT services",
+                max_length=20,
+                verbose_name="Discontinuing impact",
+            ),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="dora_has_exit_plan",
+            field=models.CharField(
+                blank=True,
+                choices=[("eba_BT:x28", "Yes"), ("eba_BT:x29", "No")],
+                help_text="Existence of an exit plan",
+                max_length=20,
+                verbose_name="Exit plan",
+            ),
+        ),
         migrations.AddField(
             model_name="solution",
             name="dora_ict_service_type",
@@ -1127,6 +1284,39 @@ class Migration(migrations.Migration):
                 verbose_name="DORA ICT service type",
             ),
         ),
+        migrations.AddField(
+            model_name="solution",
+            name="dora_non_substitutability_reason",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("eba_ZZ:x963", "Lack of real alternatives"),
+                    ("eba_ZZ:x964", "Difficulties in migrating or reintegrating"),
+                    (
+                        "eba_ZZ:x965",
+                        "Lack of real alternatives and difficulties in migrating or reintegrating",
+                    ),
+                ],
+                help_text="Reason if the ICT third-party service provider is considered not substitutable or difficult to be substitutable",
+                max_length=20,
+                verbose_name="Non-substitutability reason",
+            ),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="dora_reintegration_possibility",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("eba_ZZ:x798", "Easy"),
+                    ("eba_ZZ:x966", "Difficult"),
+                    ("eba_ZZ:x967", "Highly complex"),
+                ],
+                help_text="Possibility of reintegration of the contracted ICT service",
+                max_length=20,
+                verbose_name="Reintegration possibility",
+            ),
+        ),
         migrations.AddField(
             model_name="solution",
             name="dora_reliance_level",
@@ -1143,6 +1333,39 @@ class Migration(migrations.Migration):
                 verbose_name="Level of reliance",
             ),
         ),
+        migrations.AddField(
+            model_name="solution",
+            name="dora_substitutability",
+            field=models.CharField(
+                blank=True,
+                choices=[
+                    ("eba_ZZ:x959", "Not substitutable"),
+                    ("eba_ZZ:x962", "Easily substitutable"),
+                    ("eba_ZZ:x961", "Medium complexity in terms of substitutability"),
+                    ("eba_ZZ:x960", "Highly complex substitutability"),
+                ],
+                help_text="Substitutability of the ICT third-party service provider",
+                max_length=20,
+                verbose_name="Substitutability",
+            ),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="filtering_labels",
+            field=models.ManyToManyField(
+                blank=True, to="core.filteringlabel", verbose_name="Labels"
+            ),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="is_active",
+            field=models.BooleanField(default=True, verbose_name="Is active"),
+        ),
+        migrations.AddField(
+            model_name="solution",
+            name="reference_link",
+            field=models.URLField(blank=True, max_length=2048, null=True),
+        ),
         migrations.AddField(
             model_name="solution",
             name="storage_of_data",
@@ -1733,13 +1956,15 @@ class Migration(migrations.Migration):
                     ),
                 ),
                 (
-                    "entities",
-                    models.ManyToManyField(
+                    "beneficiary_entity",
+                    models.ForeignKey(
                         blank=True,
-                        help_text="Entities involved in this contract",
-                        related_name="contracts",
+                        help_text="Entity benefiting from/receiving this contract",
+                        null=True,
+                        on_delete=django.db.models.deletion.SET_NULL,
+                        related_name="beneficiary_contracts",
                         to="tprm.entity",
-                        verbose_name="Entities",
+                        verbose_name="Beneficiary entity",
                     ),
                 ),
                 (
@@ -1789,13 +2014,27 @@ class Migration(migrations.Migration):
                     ),
                 ),
                 (
-                    "solutions",
-                    models.ManyToManyField(
+                    "provider_entity",
+                    models.ForeignKey(
                         blank=True,
-                        help_text="Solutions covered by this contract",
+                        help_text="Entity providing this contract",
+                        null=True,
+                        on_delete=django.db.models.deletion.SET_NULL,
+                        related_name="contracts",
+                        to="tprm.entity",
+                        verbose_name="Provider entity",
+                    ),
+                ),
+                (
+                    "solution",
+                    models.ForeignKey(
+                        blank=True,
+                        help_text="Solution covered by this contract",
+                        null=True,
+                        on_delete=django.db.models.deletion.SET_NULL,
                         related_name="contracts",
                         to="tprm.solution",
-                        verbose_name="Solutions",
+                        verbose_name="Solution",
                     ),
                 ),
             ],
diff --git a/backend/tprm/migrations/0009_remove_contract_entities_remove_contract_solutions_and_more.py b/backend/tprm/migrations/0009_remove_contract_entities_remove_contract_solutions_and_more.py
deleted file mode 100644
index 81ac7cdb64..0000000000
--- a/backend/tprm/migrations/0009_remove_contract_entities_remove_contract_solutions_and_more.py
+++ /dev/null
@@ -1,47 +0,0 @@
-# Generated by Django 5.2.7 on 2025-11-11 11:20
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("tprm", "0008_entity_country_entity_currency_and_more"),
-    ]
-
-    operations = [
-        migrations.RemoveField(
-            model_name="contract",
-            name="entities",
-        ),
-        migrations.RemoveField(
-            model_name="contract",
-            name="solutions",
-        ),
-        migrations.AddField(
-            model_name="contract",
-            name="provider_entity",
-            field=models.ForeignKey(
-                blank=True,
-                help_text="Entity providing this contract",
-                null=True,
-                on_delete=django.db.models.deletion.SET_NULL,
-                related_name="contracts",
-                to="tprm.entity",
-                verbose_name="Provider entity",
-            ),
-        ),
-        migrations.AddField(
-            model_name="contract",
-            name="solution",
-            field=models.ForeignKey(
-                blank=True,
-                help_text="Solution covered by this contract",
-                null=True,
-                on_delete=django.db.models.deletion.SET_NULL,
-                related_name="contracts",
-                to="tprm.solution",
-                verbose_name="Solution",
-            ),
-        ),
-    ]
diff --git a/backend/tprm/migrations/0010_entity_parent_entity.py b/backend/tprm/migrations/0010_entity_parent_entity.py
deleted file mode 100644
index f8d88b80a9..0000000000
--- a/backend/tprm/migrations/0010_entity_parent_entity.py
+++ /dev/null
@@ -1,26 +0,0 @@
-# Generated by Django 5.2.7 on 2025-11-11 12:44
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("tprm", "0009_remove_contract_entities_remove_contract_solutions_and_more"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="entity",
-            name="parent_entity",
-            field=models.ForeignKey(
-                blank=True,
-                help_text="Parent entity for branch/subsidiary relationships",
-                null=True,
-                on_delete=django.db.models.deletion.SET_NULL,
-                related_name="branches",
-                to="tprm.entity",
-                verbose_name="Parent entity",
-            ),
-        ),
-    ]
diff --git a/backend/tprm/migrations/0011_entity_dora_provider_person_type.py b/backend/tprm/migrations/0011_entity_dora_provider_person_type.py
deleted file mode 100644
index b41e700a92..0000000000
--- a/backend/tprm/migrations/0011_entity_dora_provider_person_type.py
+++ /dev/null
@@ -1,29 +0,0 @@
-# Generated by Django 5.2.7 on 2025-11-11 13:30
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("tprm", "0010_entity_parent_entity"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="entity",
-            name="dora_provider_person_type",
-            field=models.CharField(
-                blank=True,
-                choices=[
-                    (
-                        "eba_CT:x212",
-                        "Legal person, excluding individual acting in a business capacity",
-                    ),
-                    ("eba_CT:x213", "Individual acting in a business capacity"),
-                ],
-                help_text="Type of person for ICT third-party service providers",
-                max_length=20,
-                verbose_name="DORA provider person type",
-            ),
-        ),
-    ]
diff --git a/backend/tprm/migrations/0012_solution_dora_alternative_providers_and_more.py b/backend/tprm/migrations/0012_solution_dora_alternative_providers_and_more.py
deleted file mode 100644
index 990c4541ac..0000000000
--- a/backend/tprm/migrations/0012_solution_dora_alternative_providers_and_more.py
+++ /dev/null
@@ -1,108 +0,0 @@
-# Generated by Django 5.2.7 on 2025-11-11 16:04
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("tprm", "0011_entity_dora_provider_person_type"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="solution",
-            name="dora_alternative_providers",
-            field=models.TextField(
-                blank=True,
-                help_text="Identification of alternative ICT third-party service providers",
-                verbose_name="Alternative providers",
-            ),
-        ),
-        migrations.AddField(
-            model_name="solution",
-            name="dora_alternative_providers_identified",
-            field=models.CharField(
-                blank=True,
-                choices=[("eba_BT:x28", "Yes"), ("eba_BT:x29", "No")],
-                help_text="Are there alternative ICT third-party service providers identified?",
-                max_length=20,
-                verbose_name="Alternative providers identified",
-            ),
-        ),
-        migrations.AddField(
-            model_name="solution",
-            name="dora_discontinuing_impact",
-            field=models.CharField(
-                blank=True,
-                choices=[
-                    ("eba_ZZ:x791", "Low"),
-                    ("eba_ZZ:x792", "Medium"),
-                    ("eba_ZZ:x793", "High"),
-                    ("eba_ZZ:x799", "Assessment not performed"),
-                ],
-                help_text="Impact of discontinuing the ICT services",
-                max_length=20,
-                verbose_name="Discontinuing impact",
-            ),
-        ),
-        migrations.AddField(
-            model_name="solution",
-            name="dora_has_exit_plan",
-            field=models.CharField(
-                blank=True,
-                choices=[("eba_BT:x28", "Yes"), ("eba_BT:x29", "No")],
-                help_text="Existence of an exit plan",
-                max_length=20,
-                verbose_name="Exit plan",
-            ),
-        ),
-        migrations.AddField(
-            model_name="solution",
-            name="dora_non_substitutability_reason",
-            field=models.CharField(
-                blank=True,
-                choices=[
-                    ("eba_ZZ:x963", "Lack of real alternatives"),
-                    ("eba_ZZ:x964", "Difficulties in migrating or reintegrating"),
-                    (
-                        "eba_ZZ:x965",
-                        "Lack of real alternatives and difficulties in migrating or reintegrating",
-                    ),
-                ],
-                help_text="Reason if the ICT third-party service provider is considered not substitutable or difficult to be substitutable",
-                max_length=20,
-                verbose_name="Non-substitutability reason",
-            ),
-        ),
-        migrations.AddField(
-            model_name="solution",
-            name="dora_reintegration_possibility",
-            field=models.CharField(
-                blank=True,
-                choices=[
-                    ("eba_ZZ:x798", "Easy"),
-                    ("eba_ZZ:x966", "Difficult"),
-                    ("eba_ZZ:x967", "Highly complex"),
-                ],
-                help_text="Possibility of reintegration of the contracted ICT service",
-                max_length=20,
-                verbose_name="Reintegration possibility",
-            ),
-        ),
-        migrations.AddField(
-            model_name="solution",
-            name="dora_substitutability",
-            field=models.CharField(
-                blank=True,
-                choices=[
-                    ("eba_ZZ:x959", "Not substitutable"),
-                    ("eba_ZZ:x962", "Easily substitutable"),
-                    ("eba_ZZ:x961", "Medium complexity in terms of substitutability"),
-                    ("eba_ZZ:x960", "Highly complex substitutability"),
-                ],
-                help_text="Substitutability of the ICT third-party service provider",
-                max_length=20,
-                verbose_name="Substitutability",
-            ),
-        ),
-    ]
diff --git a/backend/tprm/migrations/0013_contract_beneficiary_entity.py b/backend/tprm/migrations/0013_contract_beneficiary_entity.py
deleted file mode 100644
index f17c95da0a..0000000000
--- a/backend/tprm/migrations/0013_contract_beneficiary_entity.py
+++ /dev/null
@@ -1,26 +0,0 @@
-# Generated by Django 5.2.7 on 2025-11-12 08:31
-
-import django.db.models.deletion
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("tprm", "0012_solution_dora_alternative_providers_and_more"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="contract",
-            name="beneficiary_entity",
-            field=models.ForeignKey(
-                blank=True,
-                help_text="Entity benefiting from/receiving this contract",
-                null=True,
-                on_delete=django.db.models.deletion.SET_NULL,
-                related_name="beneficiary_contracts",
-                to="tprm.entity",
-                verbose_name="Beneficiary entity",
-            ),
-        ),
-    ]
diff --git a/backend/tprm/migrations/0014_entity_filtering_labels_entity_ref_id_and_more.py b/backend/tprm/migrations/0014_entity_filtering_labels_entity_ref_id_and_more.py
deleted file mode 100644
index 5febb0b810..0000000000
--- a/backend/tprm/migrations/0014_entity_filtering_labels_entity_ref_id_and_more.py
+++ /dev/null
@@ -1,44 +0,0 @@
-# Generated by Django 5.2.7 on 2025-11-12 19:50
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("core", "0114_remove_asset_is_critical_and_more"),
-        ("tprm", "0013_contract_beneficiary_entity"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="entity",
-            name="filtering_labels",
-            field=models.ManyToManyField(
-                blank=True, to="core.filteringlabel", verbose_name="Labels"
-            ),
-        ),
-        migrations.AddField(
-            model_name="entity",
-            name="ref_id",
-            field=models.CharField(blank=True, max_length=255),
-        ),
-        migrations.AddField(
-            model_name="representative",
-            name="filtering_labels",
-            field=models.ManyToManyField(
-                blank=True, to="core.filteringlabel", verbose_name="Labels"
-            ),
-        ),
-        migrations.AddField(
-            model_name="representative",
-            name="ref_id",
-            field=models.CharField(blank=True, max_length=255),
-        ),
-        migrations.AddField(
-            model_name="solution",
-            name="filtering_labels",
-            field=models.ManyToManyField(
-                blank=True, to="core.filteringlabel", verbose_name="Labels"
-            ),
-        ),
-    ]
diff --git a/backend/tprm/migrations/0015_entity_is_active_solution_is_active_and_more.py b/backend/tprm/migrations/0015_entity_is_active_solution_is_active_and_more.py
deleted file mode 100644
index cc41314db8..0000000000
--- a/backend/tprm/migrations/0015_entity_is_active_solution_is_active_and_more.py
+++ /dev/null
@@ -1,27 +0,0 @@
-# Generated by Django 5.2.7 on 2025-11-12 20:03
-
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("tprm", "0014_entity_filtering_labels_entity_ref_id_and_more"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="entity",
-            name="is_active",
-            field=models.BooleanField(default=True, verbose_name="Is active"),
-        ),
-        migrations.AddField(
-            model_name="solution",
-            name="is_active",
-            field=models.BooleanField(default=True, verbose_name="Is active"),
-        ),
-        migrations.AddField(
-            model_name="solution",
-            name="reference_link",
-            field=models.URLField(blank=True, max_length=2048, null=True),
-        ),
-    ]
diff --git a/backend/tprm/migrations/0016_entity_default_dependency_entity_default_maturity_and_more.py b/backend/tprm/migrations/0016_entity_default_dependency_entity_default_maturity_and_more.py
deleted file mode 100644
index fc1fc842bd..0000000000
--- a/backend/tprm/migrations/0016_entity_default_dependency_entity_default_maturity_and_more.py
+++ /dev/null
@@ -1,63 +0,0 @@
-# Generated by Django 5.2.7 on 2025-11-12 22:04
-
-import django.core.validators
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("tprm", "0015_entity_is_active_solution_is_active_and_more"),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="entity",
-            name="default_dependency",
-            field=models.PositiveSmallIntegerField(
-                blank=True,
-                default=0,
-                help_text="Default dependency level for stakeholder assessment (0-4)",
-                validators=[django.core.validators.MaxValueValidator(4)],
-                verbose_name="Default dependency",
-            ),
-        ),
-        migrations.AddField(
-            model_name="entity",
-            name="default_maturity",
-            field=models.PositiveSmallIntegerField(
-                blank=True,
-                default=1,
-                help_text="Default maturity level for stakeholder assessment (1-4)",
-                validators=[
-                    django.core.validators.MinValueValidator(1),
-                    django.core.validators.MaxValueValidator(4),
-                ],
-                verbose_name="Default maturity",
-            ),
-        ),
-        migrations.AddField(
-            model_name="entity",
-            name="default_penetration",
-            field=models.PositiveSmallIntegerField(
-                blank=True,
-                default=0,
-                help_text="Default penetration level for stakeholder assessment (0-4)",
-                validators=[django.core.validators.MaxValueValidator(4)],
-                verbose_name="Default penetration",
-            ),
-        ),
-        migrations.AddField(
-            model_name="entity",
-            name="default_trust",
-            field=models.PositiveSmallIntegerField(
-                blank=True,
-                default=1,
-                help_text="Default trust level for stakeholder assessment (1-4)",
-                validators=[
-                    django.core.validators.MinValueValidator(1),
-                    django.core.validators.MaxValueValidator(4),
-                ],
-                verbose_name="Default trust",
-            ),
-        ),
-    ]

From e361f75b3ded472434148683a7f6ab5d5453421a Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Thu, 13 Nov 2025 17:54:38 +0100
Subject: [PATCH 30/47] fixup

---
 backend/data_wizard/views.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/backend/data_wizard/views.py b/backend/data_wizard/views.py
index d4902431cc..a110435624 100644
--- a/backend/data_wizard/views.py
+++ b/backend/data_wizard/views.py
@@ -1012,6 +1012,16 @@ def _process_entities(self, request, records, folders_map, folder_id):
                         except (ValueError, TypeError):
                             pass
 
+                # Handle legal identifiers (LEI, EUID, DUNS, VAT, etc.)
+                legal_identifiers = {}
+                for identifier_type in ["lei", "euid", "duns", "vat"]:
+                    value = record.get(identifier_type, "")
+                    if value and str(value).strip():
+                        legal_identifiers[identifier_type.upper()] = str(value).strip()
+
+                if legal_identifiers:
+                    entity_data["legal_identifiers"] = legal_identifiers
+
                 # Create the entity first, then handle parent relationship
                 serializer = EntityWriteSerializer(
                     data=entity_data, context={"request": request}

From 8055de9d1cbbc37fe459218e08381a085de8559b Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Thu, 13 Nov 2025 20:15:21 +0100
Subject: [PATCH 31/47] feature flags

---
 backend/global_settings/serializers.py        |  8 ++++++
 .../src/lib/components/SideBar/navData.ts     | 27 +++++++++++++++----
 .../(internal)/extra/data-wizard/+page.svelte |  4 ++-
 frontend/messages/en.json                     |  7 +++--
 frontend/messages/fr.json                     |  9 ++++---
 .../ModelForm/FeatureFlagsSettingForm.svelte  |  4 ++-
 frontend/src/lib/utils/schemas.ts             |  4 ++-
 frontend/src/lib/utils/sidebar-config.ts      |  8 +++++-
 8 files changed, 55 insertions(+), 16 deletions(-)

diff --git a/backend/global_settings/serializers.py b/backend/global_settings/serializers.py
index 070f3ca9eb..d2138bc3ec 100644
--- a/backend/global_settings/serializers.py
+++ b/backend/global_settings/serializers.py
@@ -191,6 +191,12 @@ class FeatureFlagsSerializer(serializers.ModelSerializer):
     project_management = serializers.BooleanField(
         source="value.project_management", required=False, default=False
     )
+    contracts = serializers.BooleanField(
+        source="value.contracts", required=False, default=False
+    )
+    reports = serializers.BooleanField(
+        source="value.reports", required=False, default=False
+    )
 
     class Meta:
         model = GlobalSettings
@@ -215,6 +221,8 @@ class Meta:
             "terminologies",
             "bia",
             "project_management",
+            "contracts",
+            "reports",
         ]
         read_only_fields = ["name"]
 
diff --git a/enterprise/frontend/src/lib/components/SideBar/navData.ts b/enterprise/frontend/src/lib/components/SideBar/navData.ts
index 629c4cefe9..bc5fbb3309 100644
--- a/enterprise/frontend/src/lib/components/SideBar/navData.ts
+++ b/enterprise/frontend/src/lib/components/SideBar/navData.ts
@@ -15,6 +15,17 @@ export const navData = {
 						'view_riskassessment'
 					]
 				},
+				{
+					name: 'reports',
+					fa_icon: 'fas fa-file-invoice',
+					href: '/reports',
+					permissions: [
+						'view_perimeter',
+						'view_riskscenario',
+						'view_referencecontrol',
+						'view_riskassessment'
+					]
+				},
 				{
 					name: 'domainAnalytics',
 					fa_icon: 'fa-solid fa-folder-tree',
@@ -317,6 +328,7 @@ export const navData = {
 						'view_appliedcontrol',
 						'view_entity',
 						'view_solution',
+						'view_contract',
 						'view_entityassessment'
 					]
 				},
@@ -325,11 +337,6 @@ export const navData = {
 					fa_icon: 'fa-solid fa-building',
 					href: '/entities'
 				},
-				{
-					name: 'entityAssessments',
-					fa_icon: 'fa-solid fa-clipboard-list',
-					href: '/entity-assessments'
-				},
 				{
 					name: 'representatives',
 					fa_icon: 'fa-solid fa-user-tie',
@@ -339,6 +346,16 @@ export const navData = {
 					name: 'solutions',
 					fa_icon: 'fa-solid fa-box',
 					href: '/solutions'
+				},
+				{
+					name: 'contracts',
+					fa_icon: 'fa-solid fa-file-contract',
+					href: '/contracts'
+				},
+				{
+					name: 'entityAssessments',
+					fa_icon: 'fa-solid fa-clipboard-list',
+					href: '/entity-assessments'
 				}
 			]
 		},
diff --git a/enterprise/frontend/src/routes/(app)/(internal)/extra/data-wizard/+page.svelte b/enterprise/frontend/src/routes/(app)/(internal)/extra/data-wizard/+page.svelte
index a0fe21d071..153bc66010 100644
--- a/enterprise/frontend/src/routes/(app)/(internal)/extra/data-wizard/+page.svelte
+++ b/enterprise/frontend/src/routes/(app)/(internal)/extra/data-wizard/+page.svelte
@@ -357,7 +357,9 @@
 						>
 							<div>
 								<p class="text-gray-700">TPRM (Third-Party Risk Management)</p>
-								<p class="text-gray-500 text-xs">Import entities, solutions, and contracts from a multi-sheet Excel file</p>
+								<p class="text-gray-500 text-xs">
+									Import entities, solutions, and contracts from a multi-sheet Excel file
+								</p>
 							</div>
 
 							<input
diff --git a/frontend/messages/en.json b/frontend/messages/en.json
index b028183b01..8aa306cc3c 100644
--- a/frontend/messages/en.json
+++ b/frontend/messages/en.json
@@ -54,7 +54,6 @@
 	"associatedRepresentatives": "Associated representatives",
 	"associatedSolutions": "Associated solutions",
 	"associatedContracts": "Associated contracts",
-	"associatedEntities": "Associated entities",
 	"associatedTaskTemplates": "Associated tasks",
 	"associatedObjectsCount": "Associated objects",
 	"home": "Home",
@@ -823,7 +822,7 @@
 	"accreditationCategory": "Accreditation category",
 	"entity": "Entity",
 	"entities": "Entities",
-	"entitiesGraph": "Entities Graph",
+	"entitiesGraph": "Entities ecosystem",
 	"addEntity": "Add entity",
 	"mission": "Mission",
 	"ownedFolders": "Owned domains",
@@ -842,8 +841,8 @@
 	"solution": "Solution",
 	"addSolution": "Add solution",
 	"solutionsLinkedToAssetHelpText": "Solutions associated with this asset",
-	"providerEntity": "Provider entity",
-	"beneficiaryEntity": "Beneficiary entity",
+	"providerEntity": "Provider",
+	"beneficiaryEntity": "Beneficiary",
 	"parentEntity": "Parent entity",
 	"parentEntityHelpText": "Parent entity for branch or subsidiary relationships",
 	"addProduct": "Add product",
diff --git a/frontend/messages/fr.json b/frontend/messages/fr.json
index c1090e8d6f..8508bf00b7 100644
--- a/frontend/messages/fr.json
+++ b/frontend/messages/fr.json
@@ -776,7 +776,7 @@
 	"entityRelationship": "Relation avec l'entité",
 	"entity": "Entité",
 	"entities": "Entités",
-	"entitiesGraph": "Graphe des entités",
+	"entitiesGraph": "Ecosystème des entités",
 	"addEntity": "Ajouter une entité",
 	"referenceLink": "Lien de référence",
 	"mission": "Mission",
@@ -794,11 +794,14 @@
 	"tpSolutions": "Solutions tierces",
 	"solution": "Solution",
 	"addSolution": "Ajouter une solution",
-	"providerEntity": "Entité fournisseur",
-	"beneficiaryEntity": "Entité bénéficiaire",
+	"providerEntity": "Fournisseur",
+	"beneficiaryEntity": "Bénéficiaire",
 	"parentEntity": "Entité parente",
 	"parentEntityHelpText": "Entité parente pour les relations de succursale ou de filiale",
 	"addProduct": "Ajouter un produit",
+	"contracts": "Contrats",
+	"contract": "Contrat",
+	"addContract": "Ajouter un contract",
 	"representatives": "Représentants",
 	"representative": "Représentant",
 	"addRepresentative": "Ajouter un représentant",
diff --git a/frontend/src/lib/components/Forms/ModelForm/FeatureFlagsSettingForm.svelte b/frontend/src/lib/components/Forms/ModelForm/FeatureFlagsSettingForm.svelte
index efefc94cac..45fb191630 100644
--- a/frontend/src/lib/components/Forms/ModelForm/FeatureFlagsSettingForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/FeatureFlagsSettingForm.svelte
@@ -30,7 +30,9 @@
 		{ field: 'quantitative_risk_studies', label: m.quantitativeRiskStudies() },
 		{ field: 'terminologies', label: m.terminologies() },
 		{ field: 'bia', label: m.businessImpactAnalysis() },
-		{ field: 'project_management', label: m.projectManagement() }
+		{ field: 'project_management', label: m.projectManagement() },
+		{ field: 'contracts', label: m.contracts() },
+		{ field: 'reports', label: m.reports() }
 	];
 </script>
 
diff --git a/frontend/src/lib/utils/schemas.ts b/frontend/src/lib/utils/schemas.ts
index 51f0430f5a..c573f30f2e 100644
--- a/frontend/src/lib/utils/schemas.ts
+++ b/frontend/src/lib/utils/schemas.ts
@@ -503,7 +503,9 @@ export const FeatureFlagsSchema = z.object({
 	quantitative_risk_studies: z.boolean().optional(),
 	terminologies: z.boolean().optional(),
 	bia: z.boolean().optional(),
-	project_management: z.boolean().optional()
+	project_management: z.boolean().optional(),
+	contracts: z.boolean().optional(),
+	reports: z.boolean().optional()
 });
 
 export const SSOSettingsSchema = z.object({
diff --git a/frontend/src/lib/utils/sidebar-config.ts b/frontend/src/lib/utils/sidebar-config.ts
index 0d02a369ef..0041273ff1 100644
--- a/frontend/src/lib/utils/sidebar-config.ts
+++ b/frontend/src/lib/utils/sidebar-config.ts
@@ -18,6 +18,8 @@ type SidebarBackendKeys = {
 	terminologies: boolean;
 	bia: boolean;
 	project_management: boolean;
+	contracts: boolean;
+	reports: boolean;
 };
 
 type SidebarFrontendKeys = {
@@ -40,6 +42,8 @@ type SidebarFrontendKeys = {
 	terminologies: boolean;
 	businessImpactAnalysis: boolean;
 	projectManagement: boolean;
+	contracts: boolean;
+	reports: boolean;
 };
 
 export function getSidebarVisibleItems(
@@ -64,6 +68,8 @@ export function getSidebarVisibleItems(
 		quantitativeRiskStudies: featureFlags?.quantitative_risk_studies ?? false,
 		terminologies: featureFlags?.terminologies ?? true,
 		businessImpactAnalysis: featureFlags?.bia ?? true,
-		projectManagement: featureFlags?.project_management ?? false
+		projectManagement: featureFlags?.project_management ?? false,
+		contracts: featureFlags?.contracts ?? false,
+		reports: featureFlags?.reports ?? false
 	};
 }

From d9bc5994f8376ee1d5a53183941698d852c32eef Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Thu, 13 Nov 2025 20:30:50 +0100
Subject: [PATCH 32/47] breathing room for FF

---
 .../Forms/ModelForm/FeatureFlagsSettingForm.svelte          | 2 +-
 frontend/src/routes/(app)/(internal)/settings/+page.svelte  | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/frontend/src/lib/components/Forms/ModelForm/FeatureFlagsSettingForm.svelte b/frontend/src/lib/components/Forms/ModelForm/FeatureFlagsSettingForm.svelte
index 45fb191630..49532b8d90 100644
--- a/frontend/src/lib/components/Forms/ModelForm/FeatureFlagsSettingForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/FeatureFlagsSettingForm.svelte
@@ -37,7 +37,7 @@
 </script>
 
 <div
-	class="mx-auto grid grid-cols-1 sm:grid-cols-2 md:grid-cols-3 lg:grid-cols-5 xl:grid-cols-6 2xl:grid-cols-7 gap-y-2 gap-x-4"
+	class="mx-auto grid grid-cols-1 sm:grid-cols-2 md:grid-cols-3 lg:grid-cols-5 xl:grid-cols-6 2xl:grid-cols-7 gap-y-4 gap-x-4"
 >
 	{#each featureFlagFields as { field, label }}
 		<div class="ml-auto">
diff --git a/frontend/src/routes/(app)/(internal)/settings/+page.svelte b/frontend/src/routes/(app)/(internal)/settings/+page.svelte
index a97722ff70..5738261cec 100644
--- a/frontend/src/routes/(app)/(internal)/settings/+page.svelte
+++ b/frontend/src/routes/(app)/(internal)/settings/+page.svelte
@@ -29,7 +29,7 @@
 	{#snippet content()}
 		<Tabs.Panel value="general">
 			<div>
-				<span class="text-gray-500">{m.generalSettingsDescription()}</span>
+				<span class="text-gray-500 block mb-6">{m.generalSettingsDescription()}</span>
 				<ModelForm
 					form={data.generalSettingForm}
 					schema={GeneralSettingsSchema}
@@ -41,7 +41,7 @@
 		</Tabs.Panel>
 		<Tabs.Panel value="sso">
 			<div>
-				<span class="text-gray-500">{m.ssoSettingsDescription()}</span>
+				<span class="text-gray-500 block mb-6">{m.ssoSettingsDescription()}</span>
 				<ModelForm
 					form={data.ssoForm}
 					schema={SSOSettingsSchema}
@@ -53,7 +53,7 @@
 		</Tabs.Panel>
 		<Tabs.Panel value="featureFlags">
 			<div>
-				<span class="text-gray-500">{m.configureFeatureFlags()}</span>
+				<span class="text-gray-500 block mb-6">{m.configureFeatureFlags()}</span>
 				<ModelForm
 					form={data.featureFlagForm}
 					schema={FeatureFlagsSchema}

From ba4ac46a107e430698ca39aa5eaf0e8b5484c1b9 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Thu, 13 Nov 2025 20:58:02 +0100
Subject: [PATCH 33/47] minor fixes

---
 backend/tprm/dora_export.py |  29 ++++----
 backend/tprm/dora_linter.py | 137 ++++++++++++++++++++++++++++++++++++
 backend/tprm/views.py       |   4 +-
 3 files changed, 154 insertions(+), 16 deletions(-)

diff --git a/backend/tprm/dora_export.py b/backend/tprm/dora_export.py
index 2ece5367a4..45219119af 100644
--- a/backend/tprm/dora_export.py
+++ b/backend/tprm/dora_export.py
@@ -201,24 +201,26 @@ def generate_b_01_02_entities(
 
 
 def generate_b_01_03_branches(
-    zip_file, main_entity: Entity, branches: List[Entity], folder_prefix: str = ""
+    zip_file, branches: List[Entity], folder_prefix: str = ""
 ) -> None:
     """
-    Generate b_01.03.csv - Branches of the main entity.
+    Generate b_01.03.csv - Branches register.
 
-    Branches are entities with the main entity as parent and dora_provider_person_type not set.
+    Branches are entities with dora_provider_person_type not set.
     Subsidiaries (with dora_provider_person_type set) are NOT included in this report.
 
+    For each branch, the LEI of its parent entity (head office) is reported in c0020.
+
     Columns:
     - c0010: Identification code of the branch
-    - c0020: LEI of the financial entity head office of the branch
+    - c0020: LEI of the financial entity head office of the branch (parent entity)
     - c0030: Name of the branch
     - c0040: Country of the branch
 
     Args:
         zip_file: ZIP file object to write to
-        main_entity: The main builtin entity
         branches: List of branch entities (dora_provider_person_type not set)
+        folder_prefix: Optional folder prefix to prepend to file path
     """
     csv_buffer = io.StringIO()
     csv_writer = csv.writer(csv_buffer)
@@ -226,16 +228,17 @@ def generate_b_01_03_branches(
     # Write CSV headers
     csv_writer.writerow(["c0010", "c0020", "c0030", "c0040"])
 
-    # Get main entity LEI (head office)
-    main_lei, _ = get_entity_identifier(main_entity, priority=["LEI"])
-
     # Write branch data (one row per branch)
     for branch in branches:
         # c0010: Identification code of the branch
         branch_code, _ = get_entity_identifier(branch)
 
-        # c0020: LEI of the financial entity head office
-        head_office_lei = main_lei
+        # c0020: LEI of the financial entity head office (parent entity)
+        head_office_lei = ""
+        if branch.parent_entity:
+            head_office_lei, _ = get_entity_identifier(
+                branch.parent_entity, priority=["LEI"]
+            )
 
         # c0030: Name of the branch
         branch_name = branch.name
@@ -315,7 +318,7 @@ def generate_b_02_01_contracts(
         # b_02.01.0040: Currency
         currency = ""
         if contract.currency:
-            currency = f"iso4217:{contract.currency}"
+            currency = f"eba_CU:{contract.currency}"
 
         # b_02.01.0050: Annual expense
         annual_expense = (
@@ -795,10 +798,10 @@ def generate_b_05_01_provider_details(
         if provider.country:
             country = f"eba_GA:{provider.country}"
 
-        # c0060: Currency with iso4217 prefix
+        # c0060: Currency with eba_CU prefix
         currency = ""
         if data["currency"]:
-            currency = f"iso4217:{data['currency']}"
+            currency = f"eba_CU:{data['currency']}"
 
         # c0070: Total annual expense
         total_expense = data["total_expense"]
diff --git a/backend/tprm/dora_linter.py b/backend/tprm/dora_linter.py
index e18dbf3c37..ad9bde2fcf 100644
--- a/backend/tprm/dora_linter.py
+++ b/backend/tprm/dora_linter.py
@@ -452,6 +452,142 @@ def lint_subsidiaries(main_entity: Entity) -> List[Dict[str, Any]]:
     return results
 
 
+def lint_branches() -> List[Dict[str, Any]]:
+    """
+    Validate branches for DORA ROI requirements.
+
+    Branches are entities without dora_provider_person_type set.
+    Each branch must have a parent entity with a legal identifier (for b_01.03 report).
+
+    Returns:
+        List of validation results with severity levels (error, warning, ok)
+    """
+    results = []
+
+    # Get all branches (entities with no dora_provider_person_type)
+    branches = Entity.objects.filter(
+        Q(dora_provider_person_type__isnull=True) | Q(dora_provider_person_type="")
+    ).exclude(builtin=True)
+
+    if not branches.exists():
+        # No branches found - this is OK, not an error
+        return results
+
+    branches_with_errors = 0
+
+    # Check each branch
+    for branch in branches:
+        branch_has_error = False
+
+        # Check that branch has a parent entity
+        if not branch.parent_entity:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Branches",
+                    "message": f"Branch '{branch.name}' must have a parent entity set for DORA b_01.03 reporting",
+                    "field": "parent_entity",
+                    "object_type": "entities",
+                    "object_id": str(branch.id),
+                    "object_name": branch.name,
+                }
+            )
+            branch_has_error = True
+        else:
+            # Check that parent entity has a legal identifier
+            parent_has_identifier = False
+            if branch.parent_entity.legal_identifiers:
+                identifier_types = ["LEI", "EUID", "VAT", "DUNS"]
+                for id_type in identifier_types:
+                    if branch.parent_entity.legal_identifiers.get(id_type):
+                        parent_has_identifier = True
+                        break
+
+            if not parent_has_identifier:
+                results.append(
+                    {
+                        "severity": "error",
+                        "category": "Branches",
+                        "message": f"Parent entity '{branch.parent_entity.name}' of branch '{branch.name}' must have at least one legal identifier (LEI, EUID, VAT, or DUNS) for DORA b_01.03 reporting",
+                        "field": "legal_identifiers",
+                        "object_type": "entities",
+                        "object_id": str(branch.parent_entity.id),
+                        "object_name": branch.parent_entity.name,
+                    }
+                )
+                branch_has_error = True
+
+        # Check branch itself has legal identifier
+        branch_has_identifier = False
+        if branch.legal_identifiers:
+            identifier_types = ["LEI", "EUID", "VAT", "DUNS"]
+            for id_type in identifier_types:
+                if branch.legal_identifiers.get(id_type):
+                    branch_has_identifier = True
+                    break
+
+        if not branch_has_identifier:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Branches",
+                    "message": f"Branch '{branch.name}' must have at least one legal identifier (LEI, EUID, VAT, or DUNS) for DORA b_01.03 reporting",
+                    "field": "legal_identifiers",
+                    "object_type": "entities",
+                    "object_id": str(branch.id),
+                    "object_name": branch.name,
+                }
+            )
+            branch_has_error = True
+
+        # Check country (mandatory)
+        if not branch.country:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Branches",
+                    "message": f"Branch '{branch.name}' must have a country set for DORA b_01.03 reporting",
+                    "field": "country",
+                    "object_type": "entities",
+                    "object_id": str(branch.id),
+                    "object_name": branch.name,
+                }
+            )
+            branch_has_error = True
+
+        if branch_has_error:
+            branches_with_errors += 1
+
+    # If we have branches and no errors, add a success message
+    valid_branches = branches.count() - branches_with_errors
+    if valid_branches == branches.count():
+        results.append(
+            {
+                "severity": "ok",
+                "category": "Branches",
+                "message": f"All {branches.count()} branch(es) have required fields set",
+                "field": None,
+                "object_type": None,
+                "object_id": None,
+                "object_name": None,
+            }
+        )
+    elif valid_branches > 0:
+        results.append(
+            {
+                "severity": "ok",
+                "category": "Branches",
+                "message": f"{valid_branches} of {branches.count()} branch(es) have all required fields set",
+                "field": None,
+                "object_type": None,
+                "object_id": None,
+                "object_name": None,
+            }
+        )
+
+    return results
+
+
 def lint_business_functions() -> List[Dict[str, Any]]:
     """
     Validate that business function assets exist in the system.
@@ -973,6 +1109,7 @@ def lint_dora_roi() -> Dict[str, Any]:
     # Run all validation checks
     results.extend(lint_main_entity(main_entity))
     results.extend(lint_subsidiaries(main_entity))
+    results.extend(lint_branches())
     results.extend(lint_unique_leis(main_entity))
     results.extend(lint_business_functions())
     results.extend(lint_contracts())
diff --git a/backend/tprm/views.py b/backend/tprm/views.py
index a277e46c6f..a5f667a4ad 100644
--- a/backend/tprm/views.py
+++ b/backend/tprm/views.py
@@ -196,9 +196,7 @@ def generate_dora_roi(self, request):
             dora_export.generate_b_01_02_entities(
                 zip_file, main_entity, entities_for_b_01_02, base_folder_name
             )
-            dora_export.generate_b_01_03_branches(
-                zip_file, main_entity, branches, base_folder_name
-            )
+            dora_export.generate_b_01_03_branches(zip_file, branches, base_folder_name)
 
             dora_export.generate_b_02_01_contracts(
                 zip_file, contracts, base_folder_name

From 9193ed6cb1aa4393498e2deb29adece251935f21 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Thu, 13 Nov 2025 22:04:19 +0100
Subject: [PATCH 34/47] fixup

---
 backend/tprm/dora_export.py                   | 139 ++++++--
 backend/tprm/dora_linter.py                   | 301 ++++++++++++++----
 backend/tprm/views.py                         |   6 +-
 frontend/src/lib/utils/crud.ts                |   2 +-
 .../(app)/(internal)/reports/+page.svelte     |  34 +-
 5 files changed, 344 insertions(+), 138 deletions(-)

diff --git a/backend/tprm/dora_export.py b/backend/tprm/dora_export.py
index 45219119af..81940b37cf 100644
--- a/backend/tprm/dora_export.py
+++ b/backend/tprm/dora_export.py
@@ -344,7 +344,7 @@ def generate_b_02_01_contracts(
 
 
 def generate_b_02_02_ict_services(
-    zip_file, main_entity: Entity, contracts: QuerySet, folder_prefix: str = ""
+    zip_file, contracts: QuerySet, folder_prefix: str = ""
 ) -> None:
     """
     Generate b_02.02.csv - ICT services supporting functions.
@@ -354,8 +354,8 @@ def generate_b_02_02_ict_services(
 
     Args:
         zip_file: ZIP file object to write to
-        main_entity: The main builtin entity
         contracts: QuerySet of Contract objects with solutions
+        folder_prefix: Optional folder prefix to prepend to file path
     """
     csv_buffer = io.StringIO()
     csv_writer = csv.writer(csv_buffer)
@@ -384,16 +384,13 @@ def generate_b_02_02_ict_services(
         ]
     )
 
-    # Get main entity LEI
-    main_lei, _ = get_entity_identifier(main_entity, priority=["LEI"])
-
     # Filter contracts: only those with solutions linked to business function assets
     filtered_contracts = (
         contracts.filter(
             solution__isnull=False, solution__assets__is_business_function=True
         )
         .distinct()
-        .select_related("solution", "provider_entity")
+        .select_related("solution", "provider_entity", "beneficiary_entity")
         .prefetch_related("solution__assets")
     )
 
@@ -408,8 +405,12 @@ def generate_b_02_02_ict_services(
             # c0010: Contract reference
             contract_ref = contract.ref_id or str(contract.id)
 
-            # c0020: LEI of entity using the service (main entity)
-            entity_lei = main_lei
+            # c0020: LEI of entity using the service (beneficiary entity)
+            entity_lei = ""
+            if contract.beneficiary_entity:
+                entity_lei, _ = get_entity_identifier(
+                    contract.beneficiary_entity, priority=["LEI"]
+                )
 
             # c0030, c0040: Provider identification
             provider_code, provider_code_type = "", ""
@@ -427,8 +428,10 @@ def generate_b_02_02_ict_services(
             # c0070: Start date
             start_date = format_date(contract.start_date) if contract.start_date else ""
 
-            # c0080: End date
-            end_date = format_date(contract.end_date) if contract.end_date else ""
+            # c0080: End date (use placeholder if not set)
+            end_date = (
+                format_date(contract.end_date) if contract.end_date else "2999-12-31"
+            )
 
             # c0090: Termination reason
             termination_reason = contract.termination_reason or ""
@@ -513,9 +516,17 @@ def generate_b_02_03_intragroup_contracts(
     """
     Generate b_02.03.csv - Intra-group contractual arrangements.
 
+    Only includes intra-group contracts with an overarching contract.
+
+    Columns:
+    - c0010: Subordinate contractual arrangement reference number
+    - c0020: Overarching contractual arrangement reference number
+    - c0030: Link (always "true" for populated rows)
+
     Args:
         zip_file: ZIP file object to write to
         contracts: QuerySet of Contract objects
+        folder_prefix: Optional folder prefix to prepend to file path
     """
     csv_buffer = io.StringIO()
     csv_writer = csv.writer(csv_buffer)
@@ -530,13 +541,18 @@ def generate_b_02_03_intragroup_contracts(
 
     # Write intra-group contract relationships
     for contract in intragroup_contracts:
+        # c0010: Subordinate contractual arrangement reference number
         subordinate_ref = contract.ref_id or str(contract.id)
+
+        # c0020: Overarching contractual arrangement reference number
         overarching_ref = contract.overarching_contract.ref_id or str(
             contract.overarching_contract.id
         )
-        arrangement_type = contract.dora_contractual_arrangement or ""
 
-        csv_writer.writerow([subordinate_ref, overarching_ref, arrangement_type])
+        # c0030: Link (always "true" for populated rows)
+        link = "true"
+
+        csv_writer.writerow([subordinate_ref, overarching_ref, link])
 
     path = (
         f"{folder_prefix}/reports/b_02.03.csv"
@@ -552,10 +568,16 @@ def generate_b_03_01_signing_entities(
     """
     Generate b_03.01.csv - Signing entities (main entity for all contracts).
 
+    Columns:
+    - c0010: Contractual arrangement reference number
+    - c0020: LEI of the entity signing the contractual arrangement
+    - c0030: Link (always "true" for populated rows)
+
     Args:
         zip_file: ZIP file object to write to
         main_entity: The main builtin entity
         contracts: QuerySet of Contract objects
+        folder_prefix: Optional folder prefix to prepend to file path
     """
     csv_buffer = io.StringIO()
     csv_writer = csv.writer(csv_buffer)
@@ -564,12 +586,20 @@ def generate_b_03_01_signing_entities(
     csv_writer.writerow(["c0010", "c0020", "c0030"])
 
     # Get main entity identifier
-    main_code, code_type = get_entity_identifier(main_entity)
+    main_code, _ = get_entity_identifier(main_entity)
 
     # Write contract-entity data (main entity signs all contracts)
     for contract in contracts:
+        # c0010: Contract reference
         contract_ref = contract.ref_id or str(contract.id)
-        csv_writer.writerow([contract_ref, main_code, code_type])
+
+        # c0020: LEI of signing entity (main entity)
+        signing_entity_lei = main_code
+
+        # c0030: Link (always "true" for populated rows)
+        link = "true"
+
+        csv_writer.writerow([contract_ref, signing_entity_lei, link])
 
     path = (
         f"{folder_prefix}/reports/b_03.01.csv"
@@ -670,7 +700,6 @@ def generate_b_03_03_intragroup_providers(
 
 def generate_b_04_01_service_users(
     zip_file,
-    main_entity: Entity,
     branches: List[Entity],
     contracts: QuerySet,
     folder_prefix: str = "",
@@ -679,14 +708,20 @@ def generate_b_04_01_service_users(
     Generate b_04.01.csv - Entities using ICT services.
 
     For each contract, reports which entities use the service.
-    - One row per contract for the main entity (branch code empty)
-    - Additional rows for each branch that uses the contract (branch code filled)
+    - One row per contract for the beneficiary entity (branch code empty, nature = "not a branch")
+    - Additional rows for each branch that uses the contract (branch code filled, nature = "branch")
+
+    Columns:
+    - c0010: Contractual arrangement reference number
+    - c0020: LEI of the entity making use of the ICT service(s) (beneficiary entity)
+    - c0030: Nature of the entity (branch or not branch)
+    - c0040: Identification code of the branch
 
     Args:
         zip_file: ZIP file object to write to
-        main_entity: The main builtin entity
         branches: List of branch entities
         contracts: QuerySet of Contract objects
+        folder_prefix: Optional folder prefix to prepend to file path
     """
     csv_buffer = io.StringIO()
     csv_writer = csv.writer(csv_buffer)
@@ -694,29 +729,47 @@ def generate_b_04_01_service_users(
     # Write CSV headers
     csv_writer.writerow(["c0010", "c0020", "c0030", "c0040"])
 
-    # Get main entity identifier
-    main_code, main_code_type = get_entity_identifier(main_entity)
+    # Select related beneficiary_entity for performance
+    contracts = contracts.select_related("beneficiary_entity")
 
     # Track written combinations to avoid duplicates
     written_combinations = set()
 
     # Write user data for each contract
     for contract in contracts:
+        # c0010: Contract reference
         contract_ref = contract.ref_id or str(contract.id)
 
-        # Write row for main entity (always included, branch code empty)
-        combination = (contract_ref, main_code, "")
+        # c0020: LEI of beneficiary entity
+        beneficiary_lei = ""
+        if contract.beneficiary_entity:
+            beneficiary_lei, _ = get_entity_identifier(
+                contract.beneficiary_entity, priority=["LEI"]
+            )
+
+        # Write row for beneficiary entity (not a branch)
+        combination = (contract_ref, beneficiary_lei, "")
         if combination not in written_combinations:
-            csv_writer.writerow([contract_ref, main_code, main_code_type, ""])
+            # c0030: Nature of entity (not a branch)
+            entity_nature = "eba_ZZ:x839"  # not a branch
+            # c0040: Branch code (empty for non-branch)
+            branch_code = ""
+
+            csv_writer.writerow(
+                [contract_ref, beneficiary_lei, entity_nature, branch_code]
+            )
             written_combinations.add(combination)
 
-        # Write rows for branches (branch code filled)
+        # Write rows for branches
         for branch in branches:
             branch_code, _ = get_entity_identifier(branch)
-            combination = (contract_ref, main_code, branch_code)
+            combination = (contract_ref, beneficiary_lei, branch_code)
             if combination not in written_combinations:
+                # c0030: Nature of entity (branch of a financial entity)
+                entity_nature = "eba_ZZ:x838"  # branch of a financial entity
+
                 csv_writer.writerow(
-                    [contract_ref, main_code, main_code_type, branch_code]
+                    [contract_ref, beneficiary_lei, entity_nature, branch_code]
                 )
                 written_combinations.add(combination)
 
@@ -836,15 +889,24 @@ def generate_b_05_01_provider_details(
 
 
 def generate_b_05_02_supply_chains(
-    zip_file, main_entity: Entity, contracts: QuerySet, folder_prefix: str = ""
+    zip_file, contracts: QuerySet, folder_prefix: str = ""
 ) -> None:
     """
     Generate b_05.02.csv - ICT service supply chains.
 
+    Columns:
+    - c0010: Contractual arrangement reference number
+    - c0020: Type of ICT services
+    - c0030: Identification code of the ICT third-party service provider
+    - c0040: Type of code to identify the provider
+    - c0050: Rank (criticality)
+    - c0060: Identification code of the recipient (beneficiary entity)
+    - c0070: Type of code to identify the recipient
+
     Args:
         zip_file: ZIP file object to write to
-        main_entity: The main builtin entity
         contracts: QuerySet of Contract objects with solutions
+        folder_prefix: Optional folder prefix to prepend to file path
     """
     csv_buffer = io.StringIO()
     csv_writer = csv.writer(csv_buffer)
@@ -862,27 +924,36 @@ def generate_b_05_02_supply_chains(
         ]
     )
 
-    # Get main entity identifier
-    main_code, main_code_type = get_entity_identifier(main_entity)
-
     # Get contracts with both provider and solution
     supply_chain_contracts = contracts.filter(
         is_intragroup=False,
         provider_entity__isnull=False,
         solution__isnull=False,
-    ).select_related("provider_entity", "solution")
+    ).select_related("provider_entity", "solution", "beneficiary_entity")
 
     # Write supply chain data
     for contract in supply_chain_contracts:
+        # c0010: Contract reference
         contract_ref = contract.ref_id or str(contract.id)
+
+        # c0020: ICT service type
         ict_service_type = contract.solution.dora_ict_service_type or ""
 
+        # c0030, c0040: Provider identification
         provider_code, provider_code_type = get_entity_identifier(
             contract.provider_entity
         )
 
+        # c0050: Rank (criticality)
         rank = contract.solution.criticality if contract.solution.criticality else ""
 
+        # c0060, c0070: Recipient identification (beneficiary entity)
+        recipient_code, recipient_code_type = "", ""
+        if contract.beneficiary_entity:
+            recipient_code, recipient_code_type = get_entity_identifier(
+                contract.beneficiary_entity
+            )
+
         csv_writer.writerow(
             [
                 contract_ref,
@@ -890,8 +961,8 @@ def generate_b_05_02_supply_chains(
                 provider_code,
                 provider_code_type,
                 rank,
-                main_code,
-                main_code_type,
+                recipient_code,
+                recipient_code_type,
             ]
         )
 
diff --git a/backend/tprm/dora_linter.py b/backend/tprm/dora_linter.py
index ad9bde2fcf..f4c2fc4e66 100644
--- a/backend/tprm/dora_linter.py
+++ b/backend/tprm/dora_linter.py
@@ -452,22 +452,25 @@ def lint_subsidiaries(main_entity: Entity) -> List[Dict[str, Any]]:
     return results
 
 
-def lint_branches() -> List[Dict[str, Any]]:
+def lint_branches(main_entity: Entity) -> List[Dict[str, Any]]:
     """
     Validate branches for DORA ROI requirements.
 
-    Branches are entities without dora_provider_person_type set.
+    Branches are entities with the main entity as parent and without dora_provider_person_type set.
     Each branch must have a parent entity with a legal identifier (for b_01.03 report).
 
+    Args:
+        main_entity: The main Entity instance
+
     Returns:
         List of validation results with severity levels (error, warning, ok)
     """
     results = []
 
-    # Get all branches (entities with no dora_provider_person_type)
-    branches = Entity.objects.filter(
+    # Get all branches (entities with main entity as parent and no dora_provider_person_type)
+    branches = Entity.objects.filter(parent_entity=main_entity).filter(
         Q(dora_provider_person_type__isnull=True) | Q(dora_provider_person_type="")
-    ).exclude(builtin=True)
+    )
 
     if not branches.exists():
         # No branches found - this is OK, not an error
@@ -475,71 +478,32 @@ def lint_branches() -> List[Dict[str, Any]]:
 
     branches_with_errors = 0
 
+    # Check that main entity (parent of all branches) has a legal identifier
+    main_has_identifier = False
+    if main_entity.legal_identifiers:
+        identifier_types = ["LEI", "EUID", "VAT", "DUNS"]
+        for id_type in identifier_types:
+            if main_entity.legal_identifiers.get(id_type):
+                main_has_identifier = True
+                break
+
+    if not main_has_identifier and branches.exists():
+        results.append(
+            {
+                "severity": "error",
+                "category": "Branches",
+                "message": f"Main entity '{main_entity.name}' (parent of branches) must have at least one legal identifier (LEI, EUID, VAT, or DUNS) for DORA b_01.03 reporting",
+                "field": "legal_identifiers",
+                "object_type": "entities",
+                "object_id": str(main_entity.id),
+                "object_name": main_entity.name,
+            }
+        )
+
     # Check each branch
     for branch in branches:
         branch_has_error = False
 
-        # Check that branch has a parent entity
-        if not branch.parent_entity:
-            results.append(
-                {
-                    "severity": "error",
-                    "category": "Branches",
-                    "message": f"Branch '{branch.name}' must have a parent entity set for DORA b_01.03 reporting",
-                    "field": "parent_entity",
-                    "object_type": "entities",
-                    "object_id": str(branch.id),
-                    "object_name": branch.name,
-                }
-            )
-            branch_has_error = True
-        else:
-            # Check that parent entity has a legal identifier
-            parent_has_identifier = False
-            if branch.parent_entity.legal_identifiers:
-                identifier_types = ["LEI", "EUID", "VAT", "DUNS"]
-                for id_type in identifier_types:
-                    if branch.parent_entity.legal_identifiers.get(id_type):
-                        parent_has_identifier = True
-                        break
-
-            if not parent_has_identifier:
-                results.append(
-                    {
-                        "severity": "error",
-                        "category": "Branches",
-                        "message": f"Parent entity '{branch.parent_entity.name}' of branch '{branch.name}' must have at least one legal identifier (LEI, EUID, VAT, or DUNS) for DORA b_01.03 reporting",
-                        "field": "legal_identifiers",
-                        "object_type": "entities",
-                        "object_id": str(branch.parent_entity.id),
-                        "object_name": branch.parent_entity.name,
-                    }
-                )
-                branch_has_error = True
-
-        # Check branch itself has legal identifier
-        branch_has_identifier = False
-        if branch.legal_identifiers:
-            identifier_types = ["LEI", "EUID", "VAT", "DUNS"]
-            for id_type in identifier_types:
-                if branch.legal_identifiers.get(id_type):
-                    branch_has_identifier = True
-                    break
-
-        if not branch_has_identifier:
-            results.append(
-                {
-                    "severity": "error",
-                    "category": "Branches",
-                    "message": f"Branch '{branch.name}' must have at least one legal identifier (LEI, EUID, VAT, or DUNS) for DORA b_01.03 reporting",
-                    "field": "legal_identifiers",
-                    "object_type": "entities",
-                    "object_id": str(branch.id),
-                    "object_name": branch.name,
-                }
-            )
-            branch_has_error = True
-
         # Check country (mandatory)
         if not branch.country:
             results.append(
@@ -719,6 +683,8 @@ def lint_contracts() -> List[Dict[str, Any]]:
     - currency
     - dora_contractual_arrangement (type of contract)
     - annual_expense
+    - beneficiary_entity (with legal identifier)
+    - start_date
 
     Returns:
         List of validation results with severity levels (error, warning, ok)
@@ -726,7 +692,7 @@ def lint_contracts() -> List[Dict[str, Any]]:
     results = []
 
     # Get all contracts
-    contracts = Contract.objects.all()
+    contracts = Contract.objects.all().select_related("beneficiary_entity")
 
     if not contracts.exists():
         # No contracts found - this could be OK, but let's inform the user
@@ -811,6 +777,59 @@ def lint_contracts() -> List[Dict[str, Any]]:
             )
             contract_has_error = True
 
+        # Check beneficiary entity (mandatory for b_02.02 reporting)
+        if not contract.beneficiary_entity:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Contracts",
+                    "message": f"Contract '{contract.name}' must have a beneficiary entity set for DORA b_02.02 reporting",
+                    "field": "beneficiary_entity",
+                    "object_type": "contracts",
+                    "object_id": str(contract.id),
+                    "object_name": contract.name,
+                }
+            )
+            contract_has_error = True
+        else:
+            # Check that beneficiary entity has a legal identifier
+            beneficiary_has_identifier = False
+            if contract.beneficiary_entity.legal_identifiers:
+                identifier_types = ["LEI", "EUID", "VAT", "DUNS"]
+                for id_type in identifier_types:
+                    if contract.beneficiary_entity.legal_identifiers.get(id_type):
+                        beneficiary_has_identifier = True
+                        break
+
+            if not beneficiary_has_identifier:
+                results.append(
+                    {
+                        "severity": "error",
+                        "category": "Contracts",
+                        "message": f"Beneficiary entity '{contract.beneficiary_entity.name}' of contract '{contract.name}' must have at least one legal identifier (LEI, EUID, VAT, or DUNS) for DORA b_02.02 reporting",
+                        "field": "legal_identifiers",
+                        "object_type": "entities",
+                        "object_id": str(contract.beneficiary_entity.id),
+                        "object_name": contract.beneficiary_entity.name,
+                    }
+                )
+                contract_has_error = True
+
+        # Check start_date (mandatory for b_02.02 reporting)
+        if not contract.start_date:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Contracts",
+                    "message": f"Contract '{contract.name}' must have a start date set for DORA b_02.02 reporting",
+                    "field": "start_date",
+                    "object_type": "contracts",
+                    "object_id": str(contract.id),
+                    "object_name": contract.name,
+                }
+            )
+            contract_has_error = True
+
         if contract_has_error:
             contracts_with_errors += 1
 
@@ -844,6 +863,151 @@ def lint_contracts() -> List[Dict[str, Any]]:
     return results
 
 
+def lint_b_02_02_contracts() -> List[Dict[str, Any]]:
+    """
+    Validate contracts for DORA b_02.02 (ICT services supporting functions) requirements.
+
+    Only validates contracts with solutions linked to business function assets,
+    as these are the ones included in b_02.02 reporting.
+
+    Checks that contracts have:
+    - beneficiary_entity has LEI specifically (c0020 requires LEI)
+    - provider_entity set
+    - provider_entity has at least one legal identifier (LEI, EUID, VAT, DUNS)
+
+    Returns:
+        List of validation results with severity levels (error, warning, ok)
+    """
+    results = []
+
+    # Get contracts that will be included in b_02.02:
+    # those with solutions linked to business function assets
+    b_02_02_contracts = (
+        Contract.objects.filter(
+            solution__isnull=False, solution__assets__is_business_function=True
+        )
+        .distinct()
+        .select_related("provider_entity", "solution", "beneficiary_entity")
+    )
+
+    if not b_02_02_contracts.exists():
+        # No contracts found for b_02.02
+        return results
+
+    # Track validation statistics
+    total_contracts = b_02_02_contracts.count()
+    contracts_with_errors = 0
+
+    # Check each contract
+    for contract in b_02_02_contracts:
+        contract_has_error = False
+
+        # Check that beneficiary entity has LEI specifically (c0020 requires LEI)
+        if not contract.beneficiary_entity:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "B_02.02 Contracts",
+                    "message": f"Contract '{contract.name}' (linked to business functions) must have a beneficiary entity set for DORA b_02.02 reporting (c0020)",
+                    "field": "beneficiary_entity",
+                    "object_type": "contracts",
+                    "object_id": str(contract.id),
+                    "object_name": contract.name,
+                }
+            )
+            contract_has_error = True
+        else:
+            # Check that beneficiary entity has LEI specifically
+            beneficiary_has_lei = False
+            if contract.beneficiary_entity.legal_identifiers:
+                if contract.beneficiary_entity.legal_identifiers.get("LEI"):
+                    beneficiary_has_lei = True
+
+            if not beneficiary_has_lei:
+                results.append(
+                    {
+                        "severity": "error",
+                        "category": "B_02.02 Contracts",
+                        "message": f"Beneficiary entity '{contract.beneficiary_entity.name}' of contract '{contract.name}' must have an LEI (not just any identifier) for DORA b_02.02 reporting (c0020 requires LEI)",
+                        "field": "legal_identifiers",
+                        "object_type": "entities",
+                        "object_id": str(contract.beneficiary_entity.id),
+                        "object_name": contract.beneficiary_entity.name,
+                    }
+                )
+                contract_has_error = True
+
+        # Check that contract has a provider entity (mandatory for b_02.02)
+        if not contract.provider_entity:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "B_02.02 Contracts",
+                    "message": f"Contract '{contract.name}' (linked to business functions) must have a provider entity set for DORA b_02.02 reporting",
+                    "field": "provider_entity",
+                    "object_type": "contracts",
+                    "object_id": str(contract.id),
+                    "object_name": contract.name,
+                }
+            )
+            contract_has_error = True
+        else:
+            # Check that provider entity has a legal identifier
+            provider_has_identifier = False
+            if contract.provider_entity.legal_identifiers:
+                identifier_types = ["LEI", "EUID", "VAT", "DUNS"]
+                for id_type in identifier_types:
+                    if contract.provider_entity.legal_identifiers.get(id_type):
+                        provider_has_identifier = True
+                        break
+
+            if not provider_has_identifier:
+                results.append(
+                    {
+                        "severity": "error",
+                        "category": "B_02.02 Contracts",
+                        "message": f"Provider entity '{contract.provider_entity.name}' of contract '{contract.name}' must have at least one legal identifier (LEI, EUID, VAT, or DUNS) for DORA b_02.02 reporting",
+                        "field": "legal_identifiers",
+                        "object_type": "entities",
+                        "object_id": str(contract.provider_entity.id),
+                        "object_name": contract.provider_entity.name,
+                    }
+                )
+                contract_has_error = True
+
+        if contract_has_error:
+            contracts_with_errors += 1
+
+    # Add success message if all contracts are valid
+    contracts_valid = total_contracts - contracts_with_errors
+    if contracts_valid == total_contracts:
+        results.append(
+            {
+                "severity": "ok",
+                "category": "B_02.02 Contracts",
+                "message": f"All {total_contracts} contracts linked to business functions have provider entities with legal identifiers",
+                "field": None,
+                "object_type": None,
+                "object_id": None,
+                "object_name": None,
+            }
+        )
+    elif contracts_valid > 0:
+        results.append(
+            {
+                "severity": "ok",
+                "category": "B_02.02 Contracts",
+                "message": f"{contracts_valid} of {total_contracts} contracts linked to business functions have valid provider entities",
+                "field": None,
+                "object_type": None,
+                "object_id": None,
+                "object_name": None,
+            }
+        )
+
+    return results
+
+
 def lint_solutions() -> List[Dict[str, Any]]:
     """
     Validate solutions for DORA ROI requirements.
@@ -1109,10 +1273,11 @@ def lint_dora_roi() -> Dict[str, Any]:
     # Run all validation checks
     results.extend(lint_main_entity(main_entity))
     results.extend(lint_subsidiaries(main_entity))
-    results.extend(lint_branches())
+    results.extend(lint_branches(main_entity))
     results.extend(lint_unique_leis(main_entity))
     results.extend(lint_business_functions())
     results.extend(lint_contracts())
+    results.extend(lint_b_02_02_contracts())
     results.extend(lint_solutions())
     results.extend(lint_provider_entities())
 
diff --git a/backend/tprm/views.py b/backend/tprm/views.py
index a5f667a4ad..0233da22ed 100644
--- a/backend/tprm/views.py
+++ b/backend/tprm/views.py
@@ -202,7 +202,7 @@ def generate_dora_roi(self, request):
                 zip_file, contracts, base_folder_name
             )
             dora_export.generate_b_02_02_ict_services(
-                zip_file, main_entity, contracts, base_folder_name
+                zip_file, contracts, base_folder_name
             )
             dora_export.generate_b_02_03_intragroup_contracts(
                 zip_file, contracts, base_folder_name
@@ -219,14 +219,14 @@ def generate_dora_roi(self, request):
             )
 
             dora_export.generate_b_04_01_service_users(
-                zip_file, main_entity, branches, contracts, base_folder_name
+                zip_file, branches, contracts, base_folder_name
             )
 
             dora_export.generate_b_05_01_provider_details(
                 zip_file, main_entity, contracts, base_folder_name
             )
             dora_export.generate_b_05_02_supply_chains(
-                zip_file, main_entity, contracts, base_folder_name
+                zip_file, contracts, base_folder_name
             )
 
             dora_export.generate_b_06_01_functions(
diff --git a/frontend/src/lib/utils/crud.ts b/frontend/src/lib/utils/crud.ts
index f431f591c2..04c01d8270 100644
--- a/frontend/src/lib/utils/crud.ts
+++ b/frontend/src/lib/utils/crud.ts
@@ -829,7 +829,7 @@ export const URL_MODEL_MAP: ModelMap = {
 		localNamePlural: 'solutions',
 		verboseName: 'Solution',
 		verboseNamePlural: 'Solutions',
-		reverseForeignKeyFields: [{ field: 'solution', urlModel: 'contracts' }],
+		reverseForeignKeyFields: [{ field: 'solution', urlModel: 'contracts', disableDelete: true }],
 		foreignKeyFields: [
 			{ field: 'provider_entity', urlModel: 'entities' },
 			{ field: 'recipient_entity', urlModel: 'entities' },
diff --git a/frontend/src/routes/(app)/(internal)/reports/+page.svelte b/frontend/src/routes/(app)/(internal)/reports/+page.svelte
index 07c7c0d21b..952876e7d9 100644
--- a/frontend/src/routes/(app)/(internal)/reports/+page.svelte
+++ b/frontend/src/routes/(app)/(internal)/reports/+page.svelte
@@ -30,37 +30,7 @@
 			icon: 'fa-solid fa-building-shield',
 			category: 'compliance',
 			href: '/reports/dora-roi',
-			tags: ['DORA', 'Regulation', 'Entities']
-		},
-		{
-			id: 'compliance-summary',
-			title: m.complianceSummaryReport ? m.complianceSummaryReport() : 'Compliance Summary Report',
-			description: m.complianceSummaryReportDesc
-				? m.complianceSummaryReportDesc()
-				: 'Generate comprehensive compliance status across all frameworks',
-			icon: 'fa-solid fa-clipboard-check',
-			category: 'compliance',
-			tags: ['Compliance', 'Frameworks', 'Audits']
-		},
-		{
-			id: 'incident-analysis',
-			title: m.incidentAnalysisReport ? m.incidentAnalysisReport() : 'Incident Analysis Report',
-			description: m.incidentAnalysisReportDesc
-				? m.incidentAnalysisReportDesc()
-				: 'Comprehensive analysis of security incidents and trends',
-			icon: 'fa-solid fa-bug',
-			category: 'operations',
-			tags: ['Incidents', 'Operations', 'Security']
-		},
-		{
-			id: 'asset-inventory',
-			title: m.assetInventoryReport ? m.assetInventoryReport() : 'Asset Inventory Report',
-			description: m.assetInventoryReportDesc
-				? m.assetInventoryReportDesc()
-				: 'Complete inventory of assets and their risk profiles',
-			icon: 'fa-solid fa-gem',
-			category: 'assets',
-			tags: ['Assets', 'Inventory', 'Risk']
+			tags: ['DORA', 'Regulation', 'Entities', 'Beta']
 		}
 	];
 
@@ -80,7 +50,7 @@
 
 	<!-- Reports Grid with White Background -->
 	<div class="bg-white rounded-xl shadow-sm border border-gray-200 p-6">
-		<div class="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-6">
+		<div class="grid grid-cols-1 md:grid-cols-2 gap-6">
 			{#each reportTiles as tile}
 				<ReportTile
 					title={tile.title}

From 4e87cf6d1dca89df2ece62f7e8593853a5e8720c Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Thu, 13 Nov 2025 22:12:56 +0100
Subject: [PATCH 35/47] fixup

---
 cli/.mcp.env | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cli/.mcp.env b/cli/.mcp.env
index b37c73eaf7..9f030a339c 100644
--- a/cli/.mcp.env
+++ b/cli/.mcp.env
@@ -1,3 +1,3 @@
-TOKEN=864dfd32739b8ab11b5d48a7c2cd4ea3af5a53aa464b7fddba189e0b0c5ca7f3
+TOKEN=
 VERIFY_CERTIFICATE=false
 API_URL=http://localhost:8000/api

From e34b921d4a759718848bb851f5055cd420b73c2c Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Fri, 14 Nov 2025 08:38:38 +0100
Subject: [PATCH 36/47] fix for data wizard

---
 backend/data_wizard/views.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/data_wizard/views.py b/backend/data_wizard/views.py
index a110435624..1a683cb594 100644
--- a/backend/data_wizard/views.py
+++ b/backend/data_wizard/views.py
@@ -1229,10 +1229,10 @@ def _process_contracts(
                 }
 
                 # Add optional solution reference
-                solution_ref_id = record.get("solution_ref_id", "").strip()
+                solution_ref_id = str(record.get("solution_ref_id", "")).strip()
                 if solution_ref_id:
                     if solution_ref_id in solution_ref_map:
-                        contract_data["solutions"] = [solution_ref_map[solution_ref_id]]
+                        contract_data["solution"] = solution_ref_map[solution_ref_id]
                     else:
                         logger.warning(
                             f"Solution with ref_id '{solution_ref_id}' not found for contract '{ref_id}'"

From ccb77e0367d344c10481102dd65a3e7866ce3248 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Fri, 14 Nov 2025 09:59:28 +0100
Subject: [PATCH 37/47] preset ebios entity assessment from default

---
 .../Forms/AutocompleteSelect.svelte           |  3 +++
 .../Forms/ModelForm/StakeholderForm.svelte    | 20 +++++++++++++++++++
 .../lib/components/Forms/RadioGroup.svelte    | 13 +++++++++++-
 3 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/frontend/src/lib/components/Forms/AutocompleteSelect.svelte b/frontend/src/lib/components/Forms/AutocompleteSelect.svelte
index 8c8f0b9431..48e6be0c0e 100644
--- a/frontend/src/lib/components/Forms/AutocompleteSelect.svelte
+++ b/frontend/src/lib/components/Forms/AutocompleteSelect.svelte
@@ -67,6 +67,7 @@
 		onChange: (value: any) => void;
 		cacheLock?: CacheLock;
 		cachedValue?: any[] | undefined;
+		cachedOptions?: any[] | undefined;
 		includeAllOptionFields?: boolean;
 		mount?: (value: any) => void;
 		optionSnippet?: import('svelte').Snippet<[Record<string, any>]>;
@@ -113,6 +114,7 @@
 			resolve: (x: any) => x
 		},
 		cachedValue = $bindable(),
+		cachedOptions = $bindable(),
 		mount = () => null,
 		optionSnippet = undefined
 	}: Props = $props();
@@ -366,6 +368,7 @@
 
 	run(() => {
 		cachedValue = selected.map((option) => option.value);
+		cachedOptions = selected;
 	});
 
 	run(() => {
diff --git a/frontend/src/lib/components/Forms/ModelForm/StakeholderForm.svelte b/frontend/src/lib/components/Forms/ModelForm/StakeholderForm.svelte
index dc7b91e863..90c3812557 100644
--- a/frontend/src/lib/components/Forms/ModelForm/StakeholderForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/StakeholderForm.svelte
@@ -83,6 +83,24 @@
 			$formData.residual_trust
 		)
 	);
+
+	// Track selected entity option from autocomplete (with all fields included)
+	let selectedEntityOption: any[] = $state([]);
+
+	// Auto-fill current assessment fields when entity is selected
+	$effect(() => {
+		if (context === 'create' && selectedEntityOption.length > 0) {
+			const entity = selectedEntityOption[0];
+			// Only auto-fill if we have default values from the entity
+			if (entity.default_dependency !== undefined) {
+				// Update form data - RadioGroup will react to these changes now
+				$formData.current_dependency = entity.default_dependency ?? 0;
+				$formData.current_penetration = entity.default_penetration ?? 0;
+				$formData.current_maturity = entity.default_maturity ?? 1;
+				$formData.current_trust = entity.default_trust ?? 1;
+			}
+		}
+	});
 </script>
 
 <AutocompleteSelect
@@ -114,9 +132,11 @@
 					field="entity"
 					cacheLock={cacheLocks['entity']}
 					bind:cachedValue={formDataCache['entity']}
+					bind:cachedOptions={selectedEntityOption}
 					label={m.entity()}
 					hidden={initialData.entity}
 					helpText={m.stakeholderEntityHelpText()}
+					includeAllOptionFields={true}
 					optionsInfoFields={{
 						fields: [
 							{
diff --git a/frontend/src/lib/components/Forms/RadioGroup.svelte b/frontend/src/lib/components/Forms/RadioGroup.svelte
index c7a41f5b56..9cb76f9e9c 100644
--- a/frontend/src/lib/components/Forms/RadioGroup.svelte
+++ b/frontend/src/lib/components/Forms/RadioGroup.svelte
@@ -43,6 +43,7 @@
 	const { value } = form ? formFieldProxy(form, valuePath) : {};
 
 	let internalValue = $state(value ? $value : initialValue);
+	let lastExternalValue = $state(value ? $value : undefined);
 
 	$effect(() => {
 		if (initialValue) {
@@ -50,9 +51,19 @@
 		}
 	});
 
+	// React to external changes to $value (avoid circular updates)
 	$effect(() => {
-		if (value) {
+		if (value && $value !== undefined && $value !== lastExternalValue) {
+			lastExternalValue = $value;
+			internalValue = $value;
+		}
+	});
+
+	// Sync internalValue back to form and update radio button state
+	$effect(() => {
+		if (value && internalValue !== lastExternalValue) {
 			$value = internalValue;
+			lastExternalValue = internalValue;
 		}
 		const input = radioInputs[internalValue];
 		if (input) input.checked = true;

From a0841924eb405bdbc10af18abb8a125045fc1e35 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Fri, 14 Nov 2025 12:50:05 +0100
Subject: [PATCH 38/47] fix filters

---
 .../Forms/ModelForm/SolutionForm.svelte       |  1 -
 frontend/src/lib/utils/table.ts               | 26 +++++++++++++++----
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte b/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
index b424776df5..5b0c16488f 100644
--- a/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
@@ -31,7 +31,6 @@
 	cacheLock={cacheLocks['provider_entity']}
 	bind:cachedValue={formDataCache['provider_entity']}
 	label={m.providerEntity()}
-	hidden={initialData.provider_entity}
 />
 <TextField
 	{form}
diff --git a/frontend/src/lib/utils/table.ts b/frontend/src/lib/utils/table.ts
index fdeac15276..2df6b2362a 100644
--- a/frontend/src/lib/utils/table.ts
+++ b/frontend/src/lib/utils/table.ts
@@ -702,12 +702,28 @@ export const PERTINENCE_FILTER: ListViewFilterConfig = {
 export const ENTITY_FILTER: ListViewFilterConfig = {
 	component: AutocompleteSelect,
 	props: {
-		label: 'parentEntity',
+		label: 'entity',
 		optionsEndpoint: 'entities',
 		multiple: true
 	}
 };
 
+export const PROVIDER_ENTITY_FILTER: ListViewFilterConfig = {
+	component: AutocompleteSelect,
+	props: {
+		label: 'providerEntity',
+		optionsEndpoint: 'entities',
+		multiple: true
+	}
+};
+export const BENEFICIARY_ENTITY_FILTER: ListViewFilterConfig = {
+	component: AutocompleteSelect,
+	props: {
+		label: 'beneficiaryEntity',
+		optionsEndpoint: 'entities',
+		multiple: true
+	}
+};
 export const SOLUTION_FILTER: ListViewFilterConfig = {
 	component: AutocompleteSelect,
 	props: {
@@ -1527,8 +1543,8 @@ export const listViewFields = {
 		}
 	},
 	solutions: {
-		head: ['refId', 'name', 'description', 'providerEntity', 'recipientEntity', 'criticality'],
-		body: ['ref_id', 'name', 'description', 'provider_entity', 'recipient_entity', 'criticality'],
+		head: ['refId', 'name', 'description', 'providerEntity', 'criticality'],
+		body: ['ref_id', 'name', 'description', 'provider_entity', 'criticality'],
 		filters: {
 			provider_entity: ENTITY_FILTER,
 			criticality: SOLUTION_CRITICALITY_FILTER
@@ -1559,8 +1575,8 @@ export const listViewFields = {
 		],
 		filters: {
 			status: CONTRACT_STATUS_FILTER,
-			provider_entity: ENTITY_FILTER,
-			beneficiary_entity: ENTITY_FILTER,
+			provider_entity: PROVIDER_ENTITY_FILTER,
+			beneficiary_entity: BENEFICIARY_ENTITY_FILTER,
 			solution: SOLUTION_FILTER
 		}
 	},

From c858aee291258c7696dc3b99f599fee2c799d3b9 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Fri, 14 Nov 2025 13:38:02 +0100
Subject: [PATCH 39/47] wip

---
 .../tprm/migrations/0009_solution_owner.py    | 24 +++++++++++++++++++
 backend/tprm/models.py                        |  6 +++++
 backend/tprm/serializers.py                   |  5 ++++
 backend/tprm/views.py                         |  1 +
 .../Forms/ModelForm/SolutionForm.svelte       | 22 +++++++++++++++++
 frontend/src/lib/utils/crud.ts                |  7 ++++--
 frontend/src/lib/utils/schemas.ts             |  2 ++
 frontend/src/lib/utils/table.ts               | 18 +++++++++++---
 8 files changed, 80 insertions(+), 5 deletions(-)
 create mode 100644 backend/tprm/migrations/0009_solution_owner.py

diff --git a/backend/tprm/migrations/0009_solution_owner.py b/backend/tprm/migrations/0009_solution_owner.py
new file mode 100644
index 0000000000..4013544435
--- /dev/null
+++ b/backend/tprm/migrations/0009_solution_owner.py
@@ -0,0 +1,24 @@
+# Generated by Django 5.2.7 on 2025-11-14 12:19
+
+from django.conf import settings
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("tprm", "0008_entity_country_entity_currency_and_more"),
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="solution",
+            name="owner",
+            field=models.ManyToManyField(
+                blank=True,
+                related_name="solutions",
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="Owner",
+            ),
+        ),
+    ]
diff --git a/backend/tprm/models.py b/backend/tprm/models.py
index 9e98aa8e8b..6649c0750d 100644
--- a/backend/tprm/models.py
+++ b/backend/tprm/models.py
@@ -262,6 +262,12 @@ class Solution(NameDescriptionMixin, FilteringLabelMixin):
     is_active = models.BooleanField(default=True, verbose_name=_("Is active"))
     reference_link = models.URLField(blank=True, null=True, max_length=2048)
     criticality = models.IntegerField(default=0, verbose_name=_("Criticality"))
+    owner = models.ManyToManyField(
+        User,
+        blank=True,
+        verbose_name=_("Owner"),
+        related_name="solutions",
+    )
 
     assets = models.ManyToManyField(
         Asset,
diff --git a/backend/tprm/serializers.py b/backend/tprm/serializers.py
index 5840033516..5c99b5a67a 100644
--- a/backend/tprm/serializers.py
+++ b/backend/tprm/serializers.py
@@ -27,6 +27,7 @@ class EntityReadSerializer(BaseModelSerializer):
     contracts = FieldsRelatedField(many=True)
     legal_identifiers = serializers.SerializerMethodField()
     default_criticality = serializers.ReadOnlyField()
+    filtering_labels = FieldsRelatedField(many=True)
 
     def get_legal_identifiers(self, obj):
         """Format legal identifiers as a readable string for display"""
@@ -230,6 +231,7 @@ class Meta:
 class RepresentativeReadSerializer(BaseModelSerializer):
     entity = FieldsRelatedField()
     user = FieldsRelatedField()
+    filtering_labels = FieldsRelatedField(many=True)
 
     class Meta:
         model = Representative
@@ -300,6 +302,8 @@ class SolutionReadSerializer(BaseModelSerializer):
     recipient_entity = FieldsRelatedField()
     assets = FieldsRelatedField(many=True)
     contracts = FieldsRelatedField(many=True)
+    owner = FieldsRelatedField(many=True)
+    filtering_labels = FieldsRelatedField(many=True)
 
     class Meta:
         model = Solution
@@ -320,6 +324,7 @@ class ContractReadSerializer(BaseModelSerializer):
     evidences = FieldsRelatedField(many=True)
     solution = FieldsRelatedField()
     overarching_contract = FieldsRelatedField()
+    filtering_labels = FieldsRelatedField(many=True)
 
     class Meta:
         model = Contract
diff --git a/backend/tprm/views.py b/backend/tprm/views.py
index 0233da22ed..bb8ac23a7a 100644
--- a/backend/tprm/views.py
+++ b/backend/tprm/views.py
@@ -622,6 +622,7 @@ class SolutionViewSet(BaseModelViewSet):
         "assets",
         "criticality",
         "contracts",
+        "owner",
         "dora_ict_service_type",
         "storage_of_data",
         "data_location_storage",
diff --git a/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte b/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
index 5b0c16488f..b28d4b1258 100644
--- a/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
@@ -48,6 +48,16 @@
 	min_score={1}
 	max_score={4}
 />
+<AutocompleteSelect
+	{form}
+	multiple
+	optionsEndpoint="users?is_third_party=false"
+	optionsLabelField="email"
+	field="owner"
+	cacheLock={cacheLocks['owner']}
+	bind:cachedValue={formDataCache['owner']}
+	label={m.owner()}
+/>
 <AutocompleteSelect
 	{form}
 	multiple
@@ -67,6 +77,18 @@
 	bind:cachedValue={formDataCache['assets']}
 	label={m.assets()}
 />
+<AutocompleteSelect
+	multiple
+	{form}
+	createFromSelection={true}
+	optionsEndpoint="filtering-labels"
+	translateOptions={false}
+	optionsLabelField="label"
+	field="filtering_labels"
+	helpText={m.labelsHelpText()}
+	label={m.labels()}
+	allowUserOptions="append"
+/>
 
 <Dropdown
 	open={false}
diff --git a/frontend/src/lib/utils/crud.ts b/frontend/src/lib/utils/crud.ts
index 04c01d8270..9deb5638f9 100644
--- a/frontend/src/lib/utils/crud.ts
+++ b/frontend/src/lib/utils/crud.ts
@@ -833,7 +833,9 @@ export const URL_MODEL_MAP: ModelMap = {
 		foreignKeyFields: [
 			{ field: 'provider_entity', urlModel: 'entities' },
 			{ field: 'recipient_entity', urlModel: 'entities' },
-			{ field: 'assets', urlModel: 'assets' }
+			{ field: 'owner', urlModel: 'users' },
+			{ field: 'assets', urlModel: 'assets' },
+			{ field: 'filtering_labels', urlModel: 'filtering-labels' }
 		],
 		selectFields: [
 			{ field: 'dora_ict_service_type' },
@@ -847,7 +849,8 @@ export const URL_MODEL_MAP: ModelMap = {
 			{ field: 'dora_reintegration_possibility' },
 			{ field: 'dora_discontinuing_impact' },
 			{ field: 'dora_alternative_providers_identified' }
-		]
+		],
+		filters: [{ field: 'owner' }, { field: 'filtering_labels' }]
 	},
 	contracts: {
 		name: 'contract',
diff --git a/frontend/src/lib/utils/schemas.ts b/frontend/src/lib/utils/schemas.ts
index c573f30f2e..3d541532ca 100644
--- a/frontend/src/lib/utils/schemas.ts
+++ b/frontend/src/lib/utils/schemas.ts
@@ -626,7 +626,9 @@ export const solutionSchema = z.object({
 	provider_entity: z.string(),
 	ref_id: z.string().optional(),
 	criticality: z.number().optional(),
+	owner: z.string().uuid().optional().array().optional(),
 	assets: z.string().uuid().optional().array().optional(),
+	filtering_labels: z.string().optional().array().optional(),
 	dora_ict_service_type: z.string().optional(),
 	storage_of_data: z.boolean().optional().default(false),
 	data_location_storage: z.string().optional(),
diff --git a/frontend/src/lib/utils/table.ts b/frontend/src/lib/utils/table.ts
index 2df6b2362a..b740e1d1dd 100644
--- a/frontend/src/lib/utils/table.ts
+++ b/frontend/src/lib/utils/table.ts
@@ -580,6 +580,17 @@ export const SOLUTION_CRITICALITY_FILTER: ListViewFilterConfig = {
 	}
 };
 
+export const SOLUTION_OWNER_FILTER: ListViewFilterConfig = {
+	component: AutocompleteSelect,
+	props: {
+		label: 'owner',
+		optionsLabelField: 'email',
+		optionsValueField: 'id',
+		optionsEndpoint: 'solutions/owner',
+		multiple: true
+	}
+};
+
 export const ENTITY_CRITICALITY_FILTER: ListViewFilterConfig = {
 	component: AutocompleteSelect,
 	props: {
@@ -1543,11 +1554,12 @@ export const listViewFields = {
 		}
 	},
 	solutions: {
-		head: ['refId', 'name', 'description', 'providerEntity', 'criticality'],
-		body: ['ref_id', 'name', 'description', 'provider_entity', 'criticality'],
+		head: ['refId', 'name', 'description', 'providerEntity', 'criticality', 'labels'],
+		body: ['ref_id', 'name', 'description', 'provider_entity', 'criticality', 'filtering_labels'],
 		filters: {
 			provider_entity: ENTITY_FILTER,
-			criticality: SOLUTION_CRITICALITY_FILTER
+			criticality: SOLUTION_CRITICALITY_FILTER,
+			filtering_labels: LABELS_FILTER
 		}
 	},
 	contracts: {

From 9598a6d2dad6cc1701f38b2dee37c3e5f018b1ee Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Fri, 14 Nov 2025 13:41:02 +0100
Subject: [PATCH 40/47] merge migrations

---
 ...entity_country_entity_currency_and_more.py | 12 +++++++++-
 .../tprm/migrations/0009_solution_owner.py    | 24 -------------------
 2 files changed, 11 insertions(+), 25 deletions(-)
 delete mode 100644 backend/tprm/migrations/0009_solution_owner.py

diff --git a/backend/tprm/migrations/0008_entity_country_entity_currency_and_more.py b/backend/tprm/migrations/0008_entity_country_entity_currency_and_more.py
index 3c80b5c915..b2e7d24280 100644
--- a/backend/tprm/migrations/0008_entity_country_entity_currency_and_more.py
+++ b/backend/tprm/migrations/0008_entity_country_entity_currency_and_more.py
@@ -1,4 +1,4 @@
-# Generated by Django 5.2.7 on 2025-11-13 16:37
+# Generated by Django 5.2.7 on 2025-11-14 12:40
 
 import django.core.validators
 import django.db.models.deletion
@@ -1361,6 +1361,16 @@ class Migration(migrations.Migration):
             name="is_active",
             field=models.BooleanField(default=True, verbose_name="Is active"),
         ),
+        migrations.AddField(
+            model_name="solution",
+            name="owner",
+            field=models.ManyToManyField(
+                blank=True,
+                related_name="solutions",
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="Owner",
+            ),
+        ),
         migrations.AddField(
             model_name="solution",
             name="reference_link",
diff --git a/backend/tprm/migrations/0009_solution_owner.py b/backend/tprm/migrations/0009_solution_owner.py
deleted file mode 100644
index 4013544435..0000000000
--- a/backend/tprm/migrations/0009_solution_owner.py
+++ /dev/null
@@ -1,24 +0,0 @@
-# Generated by Django 5.2.7 on 2025-11-14 12:19
-
-from django.conf import settings
-from django.db import migrations, models
-
-
-class Migration(migrations.Migration):
-    dependencies = [
-        ("tprm", "0008_entity_country_entity_currency_and_more"),
-        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
-    ]
-
-    operations = [
-        migrations.AddField(
-            model_name="solution",
-            name="owner",
-            field=models.ManyToManyField(
-                blank=True,
-                related_name="solutions",
-                to=settings.AUTH_USER_MODEL,
-                verbose_name="Owner",
-            ),
-        ),
-    ]

From ff2dc437dffedee7280dace06ec873d8903a12f0 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Fri, 14 Nov 2025 19:58:24 +0100
Subject: [PATCH 41/47] be able to remove the parent entity and prevent setting
 itself

---
 backend/tprm/serializers.py                            | 10 ++++++++++
 .../lib/components/Forms/ModelForm/EntityForm.svelte   |  2 ++
 frontend/src/lib/utils/schemas.ts                      |  2 +-
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/backend/tprm/serializers.py b/backend/tprm/serializers.py
index 5c99b5a67a..6b12016d55 100644
--- a/backend/tprm/serializers.py
+++ b/backend/tprm/serializers.py
@@ -60,6 +60,16 @@ def validate_legal_identifiers(self, value):
                     raise serializers.ValidationError(_("leiLengthError"))
         return value
 
+    def validate_parent_entity(self, value):
+        """
+        Validate that an entity cannot be set as its own parent.
+        """
+        if value and self.instance and value.id == self.instance.id:
+            raise serializers.ValidationError(
+                _("An entity cannot be set as its own parent")
+            )
+        return value
+
 
 class EntityImportExportSerializer(BaseModelSerializer):
     folder = HashSlugRelatedField(slug_field="pk", read_only=True)
diff --git a/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte b/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
index 93bbce9fe4..80418a6b49 100644
--- a/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/EntityForm.svelte
@@ -106,6 +106,8 @@
 		{form}
 		optionsEndpoint="entities"
 		field="parent_entity"
+		optionsSelf={object}
+		nullable
 		cacheLock={cacheLocks['parent_entity']}
 		bind:cachedValue={formDataCache['parent_entity']}
 		label={m.parentEntity()}
diff --git a/frontend/src/lib/utils/schemas.ts b/frontend/src/lib/utils/schemas.ts
index 3d541532ca..45b419873c 100644
--- a/frontend/src/lib/utils/schemas.ts
+++ b/frontend/src/lib/utils/schemas.ts
@@ -571,7 +571,7 @@ export const EntitiesSchema = z.object({
 	folder: z.string(),
 	ref_id: z.string().optional(),
 	is_active: z.boolean().optional(),
-	parent_entity: z.string().optional(),
+	parent_entity: z.string().optional().nullable(),
 	mission: z.string().optional(),
 	reference_link: z
 		.string()

From 1abfe41024d3d09e3286ca79eb17213715f4cc6a Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Fri, 14 Nov 2025 20:05:31 +0100
Subject: [PATCH 42/47] prevent loops on overarching contract

---
 backend/tprm/serializers.py                            | 10 ++++++++++
 .../lib/components/Forms/ModelForm/ContractForm.svelte |  6 +++++-
 frontend/src/lib/utils/schemas.ts                      |  2 +-
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/backend/tprm/serializers.py b/backend/tprm/serializers.py
index 6b12016d55..55a92f61a9 100644
--- a/backend/tprm/serializers.py
+++ b/backend/tprm/serializers.py
@@ -345,3 +345,13 @@ class ContractWriteSerializer(BaseModelSerializer):
     class Meta:
         model = Contract
         exclude = []
+
+    def validate_overarching_contract(self, value):
+        """
+        Validate that a contract cannot be set as its own overarching contract.
+        """
+        if value and self.instance and value.id == self.instance.id:
+            raise serializers.ValidationError(
+                _("A contract cannot be set as its own overarching contract")
+            )
+        return value
diff --git a/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte b/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
index b73cac26af..b8d5536a62 100644
--- a/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/ContractForm.svelte
@@ -14,6 +14,7 @@
 		cacheLocks?: Record<string, CacheLock>;
 		formDataCache?: Record<string, any>;
 		initialData?: Record<string, any>;
+		object?: any;
 	}
 
 	let {
@@ -21,7 +22,8 @@
 		model,
 		cacheLocks = {},
 		formDataCache = $bindable({}),
-		initialData = {}
+		initialData = {},
+		object = {}
 	}: Props = $props();
 </script>
 
@@ -135,6 +137,8 @@
 		field="overarching_contract"
 		optionsEndpoint="contracts?dora_contractual_arrangement=eba_CO:x2"
 		optionsExtraFields={[['folder', 'str']]}
+		optionsSelf={object}
+		nullable
 		label={m.overarchingContract()}
 		helpText={m.overarchingContractHelpText()}
 		cacheLock={cacheLocks['overarching_contract']}
diff --git a/frontend/src/lib/utils/schemas.ts b/frontend/src/lib/utils/schemas.ts
index 45b419873c..6d79dc5b74 100644
--- a/frontend/src/lib/utils/schemas.ts
+++ b/frontend/src/lib/utils/schemas.ts
@@ -673,7 +673,7 @@ export const contractSchema = z.object({
 	annual_expense: z.number().optional().nullable(),
 	termination_reason: z.string().optional(),
 	is_intragroup: z.boolean().optional().default(false),
-	overarching_contract: z.string().optional(),
+	overarching_contract: z.string().optional().nullable(),
 	governing_law_country: z.string().optional(),
 	notice_period_entity: z.number().optional().nullable(),
 	notice_period_provider: z.number().optional().nullable()

From 9d9bb9ebb0f8fee9752aec3698c90ff059bab86a Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Fri, 14 Nov 2025 20:09:49 +0100
Subject: [PATCH 43/47] simplify menu for now

---
 .../components/Forms/ModelForm/SolutionForm.svelte  | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte b/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
index b28d4b1258..23cf3ce72d 100644
--- a/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
@@ -90,11 +90,12 @@
 	allowUserOptions="append"
 />
 
+
 <Dropdown
 	open={false}
 	style="hover:text-primary-700"
-	icon="fa-solid fa-scale-balanced"
-	header={m.doraAttributes()}
+	icon="fa-solid fa-clipboard-check"
+	header={m.doraAssessment()}
 >
 	<AutocompleteSelect
 		{form}
@@ -104,14 +105,6 @@
 		cacheLock={cacheLocks['dora_ict_service_type']}
 		bind:cachedValue={formDataCache['dora_ict_service_type']}
 	/>
-</Dropdown>
-
-<Dropdown
-	open={false}
-	style="hover:text-primary-700"
-	icon="fa-solid fa-clipboard-check"
-	header={m.doraAssessment()}
->
 	<Checkbox
 		{form}
 		field="storage_of_data"

From 931c419c298c0f31c569d1dbab64bcfefa63ec71 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Fri, 14 Nov 2025 21:44:00 +0100
Subject: [PATCH 44/47] cover solutions and contracts of supporting assets

---
 backend/tprm/dora_export.py                   | 44 ++++++++---
 backend/tprm/dora_linter.py                   | 69 +++++++++++++++--
 backend/tprm/views.py                         | 75 ++++++++++++++++---
 .../Forms/ModelForm/SolutionForm.svelte       |  1 -
 4 files changed, 159 insertions(+), 30 deletions(-)

diff --git a/backend/tprm/dora_export.py b/backend/tprm/dora_export.py
index 81940b37cf..ac173ff522 100644
--- a/backend/tprm/dora_export.py
+++ b/backend/tprm/dora_export.py
@@ -344,18 +344,23 @@ def generate_b_02_01_contracts(
 
 
 def generate_b_02_02_ict_services(
-    zip_file, contracts: QuerySet, folder_prefix: str = ""
+    zip_file,
+    contracts: QuerySet,
+    folder_prefix: str = "",
+    business_function_asset_ids: set = None,
 ) -> None:
     """
     Generate b_02.02.csv - ICT services supporting functions.
 
-    Only includes contracts associated with solutions that are linked to business function assets.
+    Only includes contracts associated with solutions that are linked to business function assets
+    or their child assets.
     One row per contract-function combination.
 
     Args:
         zip_file: ZIP file object to write to
         contracts: QuerySet of Contract objects with solutions
         folder_prefix: Optional folder prefix to prepend to file path
+        business_function_asset_ids: Set of asset IDs related to business functions (including children)
     """
     csv_buffer = io.StringIO()
     csv_writer = csv.writer(csv_buffer)
@@ -384,22 +389,37 @@ def generate_b_02_02_ict_services(
         ]
     )
 
-    # Filter contracts: only those with solutions linked to business function assets
-    filtered_contracts = (
-        contracts.filter(
-            solution__isnull=False, solution__assets__is_business_function=True
+    # Filter contracts: only those with solutions linked to business function assets or their children
+    if business_function_asset_ids:
+        filtered_contracts = (
+            contracts.filter(
+                solution__isnull=False,
+                solution__assets__id__in=business_function_asset_ids,
+            )
+            .distinct()
+            .select_related("solution", "provider_entity", "beneficiary_entity")
+            .prefetch_related("solution__assets")
+        )
+    else:
+        # Fallback to old behavior if business_function_asset_ids not provided
+        filtered_contracts = (
+            contracts.filter(
+                solution__isnull=False, solution__assets__is_business_function=True
+            )
+            .distinct()
+            .select_related("solution", "provider_entity", "beneficiary_entity")
+            .prefetch_related("solution__assets")
         )
-        .distinct()
-        .select_related("solution", "provider_entity", "beneficiary_entity")
-        .prefetch_related("solution__assets")
-    )
 
     # Write contract-solution-function data
     for contract in filtered_contracts:
         solution = contract.solution
 
-        # Get business functions associated with this solution
-        business_functions = solution.assets.filter(is_business_function=True)
+        # Get business functions associated with this solution (directly or through children)
+        if business_function_asset_ids:
+            business_functions = solution.assets.filter(is_business_function=True)
+        else:
+            business_functions = solution.assets.filter(is_business_function=True)
 
         for function in business_functions:
             # c0010: Contract reference
diff --git a/backend/tprm/dora_linter.py b/backend/tprm/dora_linter.py
index f4c2fc4e66..24ab813247 100644
--- a/backend/tprm/dora_linter.py
+++ b/backend/tprm/dora_linter.py
@@ -19,6 +19,7 @@ def lint_provider_entities() -> List[Dict[str, Any]]:
     Checks that third-party providers have:
     - At least one legal identifier (LEI, EUID, VAT, DUNS)
     - Country set
+    - DORA provider person type set (mandatory for b_05.01 c0040)
     - Parent entity with legal identifier (if parent exists)
 
     Returns:
@@ -77,6 +78,21 @@ def lint_provider_entities() -> List[Dict[str, Any]]:
             )
             provider_has_error = True
 
+        # Check DORA provider person type (mandatory for b_05.01 c0040)
+        if not provider.dora_provider_person_type:
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Provider Entities",
+                    "message": f"Provider entity '{provider.name}' must have a DORA provider person type set for DORA b_05.01 reporting (c0040)",
+                    "field": "dora_provider_person_type",
+                    "object_type": "entities",
+                    "object_id": str(provider.id),
+                    "object_name": provider.name,
+                }
+            )
+            provider_has_error = True
+
         # Check parent entity has legal identifier (if parent exists)
         if provider.parent_entity:
             parent_has_identifier = False
@@ -867,7 +883,7 @@ def lint_b_02_02_contracts() -> List[Dict[str, Any]]:
     """
     Validate contracts for DORA b_02.02 (ICT services supporting functions) requirements.
 
-    Only validates contracts with solutions linked to business function assets,
+    Only validates contracts with solutions linked to business function assets or their child assets,
     as these are the ones included in b_02.02 reporting.
 
     Checks that contracts have:
@@ -880,11 +896,22 @@ def lint_b_02_02_contracts() -> List[Dict[str, Any]]:
     """
     results = []
 
+    # Get business function assets
+    business_functions = Asset.objects.filter(is_business_function=True)
+
+    # Collect all assets related to business functions (including children)
+    business_function_asset_ids = set(business_functions.values_list("id", flat=True))
+    for business_function in business_functions:
+        # Get all descendant (child) assets for each business function
+        # Note: get_descendants() returns Asset objects, not IDs
+        descendants = business_function.get_descendants()
+        business_function_asset_ids.update(asset.id for asset in descendants)
+
     # Get contracts that will be included in b_02.02:
-    # those with solutions linked to business function assets
+    # those with solutions linked to business function assets or their children
     b_02_02_contracts = (
         Contract.objects.filter(
-            solution__isnull=False, solution__assets__is_business_function=True
+            solution__isnull=False, solution__assets__id__in=business_function_asset_ids
         )
         .distinct()
         .select_related("provider_entity", "solution", "beneficiary_entity")
@@ -1012,25 +1039,38 @@ def lint_solutions() -> List[Dict[str, Any]]:
     """
     Validate solutions for DORA ROI requirements.
 
-    Only validates solutions that are associated with assets marked as business functions,
-    as these are the ones relevant for DORA reporting.
+    Only validates solutions that are associated with assets marked as business functions
+    or their child assets, as these are the ones relevant for DORA reporting.
 
     Checks that solutions have required fields:
     - dora_ict_service_type (ICT service type)
     - data_location_storage (location of data at rest)
     - data_location_processing (location of data at processing)
     - provider_entity must have country set
+    - contract associated with solution (warning if missing)
 
     Returns:
         List of validation results with severity levels (error, warning, ok)
     """
     results = []
 
-    # Get only solutions associated with business function assets
+    # Get business function assets
+    business_functions = Asset.objects.filter(is_business_function=True)
+
+    # Collect all assets related to business functions (including children)
+    business_function_asset_ids = set(business_functions.values_list("id", flat=True))
+    for business_function in business_functions:
+        # Get all descendant (child) assets for each business function
+        # Note: get_descendants() returns Asset objects, not IDs
+        descendants = business_function.get_descendants()
+        business_function_asset_ids.update(asset.id for asset in descendants)
+
+    # Get solutions associated with business function assets or their children
     solutions = (
-        Solution.objects.filter(assets__is_business_function=True)
+        Solution.objects.filter(assets__id__in=business_function_asset_ids)
         .distinct()
         .select_related("provider_entity")
+        .prefetch_related("contracts")
     )
 
     if not solutions.exists():
@@ -1145,6 +1185,21 @@ def lint_solutions() -> List[Dict[str, Any]]:
             )
             solution_has_error = True
 
+        # Check if solution has at least one contract (mandatory for DORA reporting)
+        if not solution.contracts.exists():
+            results.append(
+                {
+                    "severity": "error",
+                    "category": "Solutions",
+                    "message": f"Solution '{solution.name}' linked to business function(s) must have at least one associated contract for DORA reporting",
+                    "field": "contracts",
+                    "object_type": "solutions",
+                    "object_id": str(solution.id),
+                    "object_name": solution.name,
+                }
+            )
+            solution_has_error = True
+
         if solution_has_error:
             solutions_with_errors += 1
 
diff --git a/backend/tprm/views.py b/backend/tprm/views.py
index bb8ac23a7a..924446fb7e 100644
--- a/backend/tprm/views.py
+++ b/backend/tprm/views.py
@@ -176,6 +176,31 @@ def generate_dora_roi(self, request):
             id__in=viewable_assets, is_business_function=True
         )
 
+        # Collect all assets related to business functions (including child assets)
+        # This ensures that solutions linked to child assets are also captured in DORA reports
+        business_function_asset_ids = set(
+            business_functions.values_list("id", flat=True)
+        )
+        for business_function in business_functions:
+            # Get all descendant (child) assets for each business function
+            # Note: get_descendants() returns Asset objects, not IDs
+            descendants = business_function.get_descendants()
+            business_function_asset_ids.update(asset.id for asset in descendants)
+
+        # Get all solutions related to business functions and their child assets
+        # These are the ICT services that support critical business functions
+        related_solutions = Solution.objects.filter(
+            assets__id__in=business_function_asset_ids
+        ).distinct()
+
+        # Filter contracts to only those with solutions related to business functions
+        # This subset is used for reports that focus on ICT services supporting critical functions
+        # (b_02.02, b_07.01, b_99.01)
+        related_solution_ids = set(related_solutions.values_list("id", flat=True))
+        business_function_contracts = contracts.filter(
+            solution__id__in=related_solution_ids
+        )
+
         # Calculate folder name for the ZIP structure (without .zip extension)
         lei, _ = dora_export.get_entity_identifier(main_entity, priority=["LEI"])
         competent_authority = main_entity.dora_competent_authority or "UNKNOWN"
@@ -202,7 +227,7 @@ def generate_dora_roi(self, request):
                 zip_file, contracts, base_folder_name
             )
             dora_export.generate_b_02_02_ict_services(
-                zip_file, contracts, base_folder_name
+                zip_file, contracts, base_folder_name, business_function_asset_ids
             )
             dora_export.generate_b_02_03_intragroup_contracts(
                 zip_file, contracts, base_folder_name
@@ -234,11 +259,14 @@ def generate_dora_roi(self, request):
             )
 
             dora_export.generate_b_07_01_assessment(
-                zip_file, contracts, base_folder_name
+                zip_file, business_function_contracts, base_folder_name
             )
 
             dora_export.generate_b_99_01_aggregation(
-                zip_file, contracts, business_functions, base_folder_name
+                zip_file,
+                business_function_contracts,
+                business_functions,
+                base_folder_name,
             )
 
             # Generate FilingIndicators.csv
@@ -280,6 +308,7 @@ def graph(self, request):
         - Solutions provided by entities
         - Contracts between entities
         - Assets linked to solutions
+        - Asset hierarchy (parent-child asset relationships)
         """
         # Get accessible objects for the current user
         (viewable_entities, _, _) = RoleAssignment.get_accessible_object_ids(
@@ -424,17 +453,28 @@ def graph(self, request):
                     {
                         "source": node_index,
                         "target": solution_node_map[contract.solution.id],
-                        "value": "for solution",
+                        "value": "frames",
                     }
                 )
 
             node_index += 1
 
-        # Create asset nodes (only those linked to solutions)
+        # Create asset nodes (only those with connections)
+        asset_node_map = {}
         for asset in assets:
-            # Check if asset is linked to any solution
+            # Check if asset has any connections (to solutions or other assets)
             linked_solutions = solutions.filter(assets=asset)
-            if linked_solutions.exists():
+            parent_assets = asset.parent_assets.filter(id__in=viewable_assets)
+            child_assets = assets.filter(parent_assets=asset)
+
+            has_connections = (
+                linked_solutions.exists()
+                or parent_assets.exists()
+                or child_assets.exists()
+            )
+
+            # Only create node if asset has connections
+            if has_connections:
                 nodes.append(
                     {
                         "name": asset.name,
@@ -444,21 +484,36 @@ def graph(self, request):
                         "value": f"Asset: {asset.name}",
                     }
                 )
-                asset_node_index = node_index
+                asset_node_map[asset.id] = node_index
 
                 # Link asset to solutions
                 for solution in linked_solutions:
                     if solution.id in solution_node_map:
                         links.append(
                             {
-                                "source": solution_node_map[solution.id],
-                                "target": asset_node_index,
+                                "source": node_index,
+                                "target": solution_node_map[solution.id],
                                 "value": "uses",
                             }
                         )
 
                 node_index += 1
 
+        # Add asset hierarchy links (parent-child relationships)
+        for asset in assets:
+            if asset.id in asset_node_map:
+                # Get parent assets for this asset
+                parent_assets = asset.parent_assets.filter(id__in=viewable_assets)
+                for parent_asset in parent_assets:
+                    if parent_asset.id in asset_node_map:
+                        links.append(
+                            {
+                                "source": asset_node_map[parent_asset.id],
+                                "target": asset_node_map[asset.id],
+                                "value": "relies on",
+                            }
+                        )
+
         # Define categories
         categories = [
             {"name": "Entities"},
diff --git a/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte b/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
index 23cf3ce72d..a287a73eeb 100644
--- a/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/SolutionForm.svelte
@@ -90,7 +90,6 @@
 	allowUserOptions="append"
 />
 
-
 <Dropdown
 	open={false}
 	style="hover:text-primary-700"

From 79a9405dbef1e12969232ff5c667abd7f8225fcb Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Fri, 14 Nov 2025 22:17:08 +0100
Subject: [PATCH 45/47] autolink documents to contracts when created from it

---
 backend/core/serializers.py                                 | 6 +++++-
 frontend/messages/fr.json                                   | 2 +-
 .../src/lib/components/Forms/ModelForm/EvidenceForm.svelte  | 1 +
 frontend/src/lib/utils/schemas.ts                           | 2 +-
 4 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/backend/core/serializers.py b/backend/core/serializers.py
index 7b3e4db6bd..a6ad78f999 100644
--- a/backend/core/serializers.py
+++ b/backend/core/serializers.py
@@ -14,7 +14,7 @@
 )
 from core.utils import time_state
 from ebios_rm.models import EbiosRMStudy, Stakeholder
-from tprm.models import Solution
+from tprm.models import Contract, Solution
 from global_settings.utils import ff_is_enabled
 from iam.models import *
 from django.contrib.auth.models import Permission
@@ -1420,6 +1420,7 @@ class EvidenceReadSerializer(BaseModelSerializer):
     folder = FieldsRelatedField()
     applied_controls = FieldsRelatedField(many=True)
     requirement_assessments = FieldsRelatedField(many=True)
+    contracts = FieldsRelatedField(many=True)
     filtering_labels = FieldsRelatedField(["folder"], many=True)
     owner = FieldsRelatedField(many=True)
     status = serializers.CharField(source="get_status_display")
@@ -1456,6 +1457,9 @@ class EvidenceWriteSerializer(BaseModelSerializer):
     timeline_entries = serializers.PrimaryKeyRelatedField(
         many=True, queryset=TimelineEntry.objects.all(), required=False
     )
+    contracts = serializers.PrimaryKeyRelatedField(
+        many=True, queryset=Contract.objects.all(), required=False
+    )
     owner = serializers.PrimaryKeyRelatedField(
         many=True, queryset=User.objects.all(), required=False
     )
diff --git a/frontend/messages/fr.json b/frontend/messages/fr.json
index 8508bf00b7..9ba0372521 100644
--- a/frontend/messages/fr.json
+++ b/frontend/messages/fr.json
@@ -970,7 +970,7 @@
 	"doraLicencedActivity": "Activité sous licence",
 	"doraCriticalityAssessment": "Évaluation de la criticité",
 	"doraCriticalityJustification": "Justification de la criticité",
-	"doraDiscontinuingImpact": "Impact de l'arrêt",
+	"reports": "Rapports",
 	"info": "Information",
 	"vulnerabilities": "Vulnérabilités",
 	"severity": "Niveau de gravité",
diff --git a/frontend/src/lib/components/Forms/ModelForm/EvidenceForm.svelte b/frontend/src/lib/components/Forms/ModelForm/EvidenceForm.svelte
index 057a36ed75..bc16338fc2 100644
--- a/frontend/src/lib/components/Forms/ModelForm/EvidenceForm.svelte
+++ b/frontend/src/lib/components/Forms/ModelForm/EvidenceForm.svelte
@@ -57,6 +57,7 @@
 <HiddenInput {form} field="findings" />
 <HiddenInput {form} field="findings_assessments" />
 <HiddenInput {form} field="timeline_entries" />
+<HiddenInput {form} field="contracts" />
 
 {#if context !== 'edit'}
 	<FileInput
diff --git a/frontend/src/lib/utils/schemas.ts b/frontend/src/lib/utils/schemas.ts
index 6d79dc5b74..7ee83d3954 100644
--- a/frontend/src/lib/utils/schemas.ts
+++ b/frontend/src/lib/utils/schemas.ts
@@ -442,7 +442,7 @@ export const EvidenceSchema = z.object({
 		.preprocess(toArrayPreprocessor, z.array(z.string().optional()))
 		.optional(),
 	timeline_entries: z.string().optional().array().optional(),
-
+	contracts: z.preprocess(toArrayPreprocessor, z.array(z.string().optional())).optional(),
 	link: z
 		.string()
 		.refine((val) => val === '' || (val.startsWith('http') && URL.canParse(val)), {

From d5cfdc8e163505e17a78d8ed6312732158a434da Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Fri, 14 Nov 2025 23:21:36 +0100
Subject: [PATCH 46/47] missing fr translations

---
 frontend/messages/fr.json | 77 ++++++++++++++++++++++++++++++++++++++-
 1 file changed, 76 insertions(+), 1 deletion(-)

diff --git a/frontend/messages/fr.json b/frontend/messages/fr.json
index 9ba0372521..423e8a5320 100644
--- a/frontend/messages/fr.json
+++ b/frontend/messages/fr.json
@@ -2593,5 +2593,80 @@
 	"doraAlternativeProvidersIdentified": "Fournisseurs alternatifs identifiés",
 	"doraAlternativeProviders": "Fournisseurs alternatifs",
 	"doraAttributes": "Attributs DORA",
-	"doraAssessment": "Évaluation DORA"
+	"doraAssessment": "Évaluation DORA",
+	"addLegalIdentifier": "Ajouter un identifiant",
+	"annualExpense": "Dépense annuelle",
+	"apiToken": "Jeton API",
+	"apiTokenAlreadySetHelpText": "Le jeton API est déjà défini.",
+	"associatedContracts": "Contrats associés",
+	"configureIntegrations": "Configurer les intégrations avec des services tiers.",
+	"conflict": "Conflit",
+	"connectionFailed": "Échec de la connexion",
+	"connectionSuccessful": "Connexion réussie",
+	"createRemoteObject": "Créer un objet distant",
+	"createRemoteObjectHelpText": "Lorsqu'activé, un objet correspondant sera créé dans le service tiers lors de la création de cet élément.",
+	"defaultCriticality": "Criticité par défaut",
+	"deleteSyncMapping": "Supprimer le mapping de synchronisation",
+	"doraAssetsValue": "Valeur des actifs totaux",
+	"doraCompetentAuthority": "Autorité compétente",
+	"doraContractualArrangement": "Type de contrat",
+	"doraEntityHierarchy": "Hiérarchie de l'entité",
+	"doraEntityType": "Type d'entité",
+	"doraIctServiceType": "Type de service TIC",
+	"doraProviderPersonType": "Type de personne",
+	"doraSpecific": "Spécifique à DORA",
+	"ebiosRmDefaults": "Évaluation rapide de criticité (EBIOS RM)",
+	"ebiosRmDefaultsHelpText": "Valeurs par défaut pour la dépendance, la pénétration, la maturité et la confiance utilisées lors de la création de parties prenantes dans l'Atelier 3 EBIOS RM",
+	"enterIdentifierValue": "Saisir la valeur de l'identifiant...",
+	"failed": "Échec",
+	"futureComparisonFeatures": "Les prochaines mises à jour incluront des comparaisons détaillées exigence par exigence et plus encore.",
+	"governingLawCountry": "Pays de la loi applicable",
+	"identifierErrorMessage": "Identifiant invalide",
+	"identifierType": "Type d'identifiant",
+	"identifierValue": "Valeur de l'identifiant",
+	"importedFrameworks": "Référentiels importés",
+	"incomingSync": "Synchronisation entrante",
+	"integrationProvider": "Fournisseur d'intégration",
+	"integrationProviderHelpText": "Sélectionner le fournisseur d'intégration pour configurer la synchronisation au niveau objet",
+	"integrations": "Intégrations",
+	"isIntragroup": "Est intra-groupe",
+	"issueType": "Type de carte",
+	"itsm": "ITSM",
+	"jira": "Jira",
+	"jiraEmailHelpText": "L'adresse e-mail associée à votre compte de service Jira.",
+	"jiraIntegrationConfig": "Configuration de l'intégration Jira",
+	"jiraProjectKeyHelpText": "La clé du projet Jira où les problèmes seront créés (par exemple, 'SEC').",
+	"jiraServerUrlHelpText": "L'URL de votre serveur Jira (par exemple, https://example.atlassian.net/).",
+	"lastSynced": "Dernière synchronisation",
+	"legalIdentifiers": "Identifiants légaux",
+	"moreComparisonFeaturesComingSoon": "D'autres fonctionnalités de comparaison arrivent bientôt",
+	"moreOnTerminologiesHelpText": "Astuce : d'autres options peuvent être définies via les terminologies",
+	"noLegalIdentifierAdded": "Aucun identifiant légal ajouté pour le moment",
+	"notImportedFrameworks": "Référentiels non importés",
+	"noticePeriodEntity": "Période de préavis pour l'entité (jours)",
+	"noticePeriodProvider": "Période de préavis pour le fournisseur (jours)",
+	"outgoingSync": "Synchronisation sortante",
+	"overarchingContract": "Contrat cadre",
+	"overarchingContractHelpText": "Seuls les contrats de type 'Accord cadre' sont affichés. Si la liste est vide, créez d'abord un contrat cadre.",
+	"projectKey": "Clé du projet",
+	"remoteId": "ID distant",
+	"remoteObject": "Objet distant",
+	"remoteObjectHelpText": "Sélectionner l'objet distant avec lequel synchroniser",
+	"removeIdentifier": "Supprimer l'identifiant",
+	"resetApiToken": "Réinitialiser le jeton API",
+	"resetWebhookSecret": "Réinitialiser le secret webhook",
+	"serverUrl": "URL du serveur",
+	"solutionsLinkedToAssetHelpText": "Solutions associées à cet actif",
+	"spPrivateKeyAlreadySetHelpText": "Une clé privée a déjà été définie. Pour des raisons de sécurité, vous ne pouvez plus la consulter. Vous pouvez uniquement la remplacer par une nouvelle.",
+	"ssosettings": "Paramètres SSO",
+	"synced": "Synchronisé",
+	"syncedWith": "Synchronisé avec {integrationName}",
+	"terminationReason": "Motif de résiliation",
+	"testConnection": "Tester la connexion",
+	"userGroup": "Groupe d'utilisateurs",
+	"webhookEndpointUrl": "URL du point de terminaison webhook",
+	"webhookEndpointUrlHelpText": "L'URL où l'application recevra les webhooks entrants du service tiers.",
+	"webhookSecret": "Secret webhook",
+	"webhookSecretAlreadySetHelpText": "Le secret webhook est déjà défini.",
+	"webhookUrl": "URL webhook"
 }

From aa5f112f8df8c370cbd1d272444121ff2c8ea772 Mon Sep 17 00:00:00 2001
From: Abderrahmane Smimite <smimite@gmail.com>
Date: Sat, 15 Nov 2025 00:08:39 +0100
Subject: [PATCH 47/47] fix test for nested menus that are hidden by default

---
 frontend/tests/utils/sidebar.ts | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/frontend/tests/utils/sidebar.ts b/frontend/tests/utils/sidebar.ts
index 57847a13e2..9098485f05 100644
--- a/frontend/tests/utils/sidebar.ts
+++ b/frontend/tests/utils/sidebar.ts
@@ -27,9 +27,13 @@ export class SideBar {
 		const sideBarVisibleItems = getSidebarVisibleItems({});
 
 		// Filter nav items based on sideBarVisibleItems, same logic as SideBarNavigation.svelte
-		const filteredNavData = navData.items.filter(
-			(item) => sideBarVisibleItems[item.name] !== false
-		);
+		const filteredNavData = navData.items
+			.filter((category) => sideBarVisibleItems[category.name] !== false) // Filter categories
+			.map((category) => ({
+				...category,
+				items: category.items.filter((item) => sideBarVisibleItems[item.name] !== false) // Filter items
+			}))
+			.filter((category) => category.items.length > 0); // Remove empty categories
 
 		this.items = new Map(
 			filteredNavData.map((item) => [