# DORA Reporting in the Netherlands: DNB and AFM Guide for Financial Entities Source: https://www.cyadviso.com/dora-netherlands-dnb-afm Last reviewed: 2026-05-01 Country: Netherlands (NL) Tags: DORA, Netherlands Netherlands DORA supervision splits between De Nederlandsche Bank (DNB) and the Authority for the Financial Markets (AFM): scope, ICT reporting and evidence. --- ## Short answer In the Netherlands, DORA supervision follows the twin-peaks model: De Nederlandsche Bank (DNB) acts as the prudential supervisor for credit institutions, insurers, payment institutions and EMIs, while the Authority for the Financial Markets (AFM) supervises conduct of business for investment firms and MiCA-authorised CASPs. The relevant competent authority depends on the authorisation and entity type. ## Competent authorities - **De Nederlandsche Bank (DNB)** (DNB) — https://www.dnb.nl/en/ - **Autoriteit Financiële Markten (AFM)** (AFM) — https://www.afm.nl/en ## Entities in scope - Credit institutions (banks) - Payment institutions and electronic money institutions (PIs / EMIs) - Investment firms - Crypto-asset service providers (CASPs) authorised under MiCA - Insurance and reinsurance undertakings, where supervised in this jurisdiction - Other financial entities listed in DORA Article 2 ## Jurisdictional nuances - Twin peaks: prudential vs conduct supervision sit in different authorities, and entities with both prudential and conduct exposure (e.g. an investment firm that is also a payment service provider) have to coordinate evidence with both. - DNB has long-standing supervisory expectations on ICT and cyber resilience (TIBER-NL, supervisory dialogues) that DORA Article 26 TLPT scoping builds on. - Some interactions take place in Dutch; verify the language requirement on each form on the relevant authority's website. ## Primary sources - De Nederlandsche Bank (DNB) — Sector news — https://www.dnb.nl/en/sector-news/ - Autoriteit Financiële Markten (AFM) — Professionals — https://www.afm.nl/en/sector - Regulation (EU) 2022/2554 — DORA, EUR-Lex — https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R2554 - European Banking Authority — Digital Operational Resilience Act (DORA) — https://www.eba.europa.eu/activities/direct-supervision-and-oversight/digital-operational-resilience-act --- Canonical HTML: https://www.cyadviso.com/dora-netherlands-dnb-afm Authored by Andrey Gubarev — CISO for EU fintechs (CISM, CDPSE, SABSA). CyAdviso · DORA / ICT risk / vCISO programmes for EU-licensed fintechs.