# DORA Reporting in Germany: BaFin Guide for Financial Entities Source: https://www.cyadviso.com/dora-germany-bafin Last reviewed: 2026-05-01 Country: Germany (DE) Tags: DORA, Germany BaFin — Germany's DORA competent authority for credit institutions, payment firms, EMIs, investment firms, insurers and CASPs: scope, ICT reporting, evidence. --- ## Short answer In Germany, BaFin is the integrated supervisor and the competent authority for the financial entities falling within DORA scope, including credit institutions, payment institutions, EMIs, investment firms, insurance undertakings and CASPs. Significant credit institutions are also under direct ECB SSM supervision, with BaFin acting as the national authority. ## Competent authorities - **Federal Financial Supervisory Authority (BaFin)** (BaFin) — https://www.bafin.de/EN/ ## Entities in scope - Credit institutions (banks) - Payment institutions and electronic money institutions (PIs / EMIs) - Investment firms - Crypto-asset service providers (CASPs) authorised under MiCA - Insurance and reinsurance undertakings, where supervised in this jurisdiction - Other financial entities listed in DORA Article 2 ## Jurisdictional nuances - Germany's BaFin operates extensive ICT-supervisory expectations (BAIT, ZAIT, KAIT, VAIT) that map directly to DORA's ICT risk management framework — much of the existing evidence is reusable. - Significant institutions under SSM: ECB is the prudential supervisor for capital and governance, BaFin remains the national-law authority — DORA reporting paths should be confirmed against each entity's classification. - Some submissions require German; verify whether English filings are accepted for a given form on BaFin's site. ## Primary sources - BaFin — homepage (English) — https://www.bafin.de/EN/ - BaFin — DORA supervision (German) — https://www.bafin.de/DE/Aufsicht/DORA/DORA_node.html - Regulation (EU) 2022/2554 — DORA, EUR-Lex — https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R2554 - European Banking Authority — Digital Operational Resilience Act (DORA) — https://www.eba.europa.eu/activities/direct-supervision-and-oversight/digital-operational-resilience-act --- Canonical HTML: https://www.cyadviso.com/dora-germany-bafin Authored by Andrey Gubarev — CISO for EU fintechs (CISM, CDPSE, SABSA). CyAdviso · DORA / ICT risk / vCISO programmes for EU-licensed fintechs.