What are the main regulatory authorities in France?

The CNIL oversees data protection, the AMF regulates financial markets, and the ACPR supervises banking and insurance. Cleo monitors enforcement actions from all three.

How does French law differ from EU regulations?

France adds national layers like Sapin II (anti-corruption), the Duty of Vigilance law (supply chain due diligence), and AGEC (circular economy). Cleo maps these alongside EU requirements.

What are the CNIL's latest enforcement trends?

The CNIL has issued some of Europe's largest GDPR fines and increasingly focuses on cookie compliance, AI systems, and children's data. Cleo tracks all CNIL decisions in real time.

🇫🇷FranceActive

DORA compliance in France

In France, DORA is enforced by the ACPR (banking/insurance) and the AMF (investment firms/markets). French financial entities must comply with both DORA and existing ACPR IT risk guidelines.

Start free scan

Enforcement authority

ACPR (Autorité de contrôle prudentiel et de résolution) + AMF (Autorité des marchés financiers)

Maximum sanctions

ACPR and AMF can impose administrative sanctions including fines, public reprimands, and license withdrawal. Criminal penalties may apply for severe non-compliance.

Obligations

Key obligations

What DORA requires from organizations operating in France.

Align existing ACPR IT risk framework (Arrêté du 3 novembre 2014) with DORA requirements

Report ICT incidents to ACPR or AMF depending on entity type

Update ICT third-party contracts to include DORA-mandated clauses

Conduct TLPT in accordance with ANSSI (national cybersecurity agency) framework

Local context

Local context in France

France's financial sector is highly regulated with existing ACPR guidelines that overlap with DORA. The ANSSI plays a key role in TLPT testing standards. French financial entities should map DORA requirements against existing ACPR controls to identify gaps.

Connects to

DORA by industry in France

Retail & Consumer Goods Cosmetics & Personal Care Electronics & Connected Devices Food & Beverage Pet Care & Pet Food Sporting Goods Medical Devices Drugs & Pharmaceuticals Insurance Energy & Utilities

Frequently asked questions

How does DORA apply in France?

In France, DORA is enforced by the ACPR (banking/insurance) and the AMF (investment firms/markets). French financial entities must comply with both DORA and existing ACPR IT risk guidelines.

Who enforces DORA in France?

ACPR (Autorité de contrôle prudentiel et de résolution) + AMF (Autorité des marchés financiers)

What are the penalties for DORA non-compliance?

ACPR and AMF can impose administrative sanctions including fines, public reprimands, and license withdrawal. Criminal penalties may apply for severe non-compliance.

Read our complete DORA compliance guide

DORA in other jurisdictions

🇪🇺European Union 🇩🇪Germany 🇬🇧United Kingdom 🇺🇸United States 🇧🇷Brazil 🇦🇺Australia 🇮🇳India

Check your DORA compliance now

Start free scan to see your risk score and applicable obligations.

Start with 1 product

Start free scan

Frequently asked questions

How does DORA apply in France?

In France, DORA is enforced by the ACPR (banking/insurance) and the AMF (investment firms/markets). French financial entities must comply with both DORA and existing ACPR IT risk guidelines.

Who enforces DORA in France?

ACPR (Autorité de contrôle prudentiel et de résolution) + AMF (Autorité des marchés financiers)

What are the penalties for DORA non-compliance?

ACPR and AMF can impose administrative sanctions including fines, public reprimands, and license withdrawal. Criminal penalties may apply for severe non-compliance.