Authorities & Responsibilities
European Level
| Authority | DORA Role |
|---|---|
| EBA | ESA, RTS/ITS development, Lead Overseer for CTPPs (banking) |
| EIOPA | ESA, Lead Overseer for CTPPs (insurance) |
| ESMA | ESA, Lead Overseer for CTPPs (securities) |
| EU Commission | Adoption of delegated acts |
| ECB | TIBER-EU framework |
National Level (Germany)
| Authority | DORA Role |
|---|---|
| BaFin | Central reporting hub for ICT incidents, supervision, sanctions |
| Deutsche Bundesbank | Participation in supervision |
| BSI | NIS2 responsibility (not DORA), cooperation with BaFin |
CTPP Oversight
19 CTPPs were designated in November 2025 (including AWS, Google Cloud, Microsoft Azure). Each CTPP is assigned a Lead Overseer from the ESAs who exercises direct supervision.