# DORA Reporting in France: ACPR and AMF Guide for Financial Entities Source: https://www.cyadviso.com/dora-france-acpr-amf Last reviewed: 2026-05-01 Country: France (FR) Tags: DORA, France France DORA supervision is split between ACPR and AMF. Scope by entity type, ICT incident reporting channels, Register of Information and evidence checklist. --- ## Short answer In France, DORA supervision is split between ACPR and AMF according to the entity's authorisation and sector. ACPR covers prudentially supervised banking, payment, e-money and insurance entities; AMF covers asset managers, investment services providers and market-sector entities under its remit. ## Competent authorities - **Autorité de contrôle prudentiel et de résolution (ACPR)** (ACPR) — https://acpr.banque-france.fr/en - **Autorité des marchés financiers (AMF)** (AMF) — https://www.amf-france.org/en ## Entities in scope - Credit institutions (banks) - Payment institutions and electronic money institutions (PIs / EMIs) - Investment firms - Crypto-asset service providers (CASPs) authorised under MiCA - Insurance and reinsurance undertakings, where supervised in this jurisdiction - Other financial entities listed in DORA Article 2 ## Jurisdictional nuances - France has a split authority model: the filing route depends on whether the entity is ACPR-supervised or AMF-supervised. - ACPR materials indicate DORA major ICT incident reporting from 17 January 2025 and refer entities to OneGate access / LEI requirements for remittances. - AMF publishes dedicated DORA incident and cyber-threat forms and refers AMF-supervised entities to its secure messaging / declarations process. - Groups with both payment / EMI activities and investment or asset-management activities should maintain an authority map so incident escalation does not default to the wrong channel. ## Primary sources - ACPR — FAQ on the DORA directive and regulation — https://acpr.banque-france.fr/fr/reglementation/focus-sur-la-reglementation/transverse/digital-operational-resilience-act-dora/faq-sur-la-directive-et-le-reglement-dora - AMF — The Regulation on Digital Operational Resilience in the Financial Sector (DORA) — https://www.amf-france.org/en/news-publications/depth/dora - AMF — DORA incident and cyberthreat forms — https://www.amf-france.org/en/forms-and-declarations/dora - Regulation (EU) 2022/2554 — DORA, EUR-Lex — https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R2554 - European Banking Authority — Digital Operational Resilience Act (DORA) — https://www.eba.europa.eu/activities/direct-supervision-and-oversight/digital-operational-resilience-act --- Canonical HTML: https://www.cyadviso.com/dora-france-acpr-amf Authored by Andrey Gubarev — CISO for EU fintechs (CISM, CDPSE, SABSA). CyAdviso · DORA / ICT risk / vCISO programmes for EU-licensed fintechs.