The Markets in Financial Instruments Regulation (MiFIR) is a European Union directive on the regulation of trading systems on the financial market. The regulation, which came into force in 2018, aims to increase transparency in trading financial instruments and thus reduce the risk of future financial crises.

Under this regulation, financial institutions are obliged to report all transactions that they carry out on behalf of third parties to the national supervisory authority.

MiFIR Art. 26

In order to comply with MiFIR Art. 26, Upvest collects and stores all order execution data for each day on which our client is active. The Regulation stipulates that the relevant MiFIR reports for a given trading day must be created no later than the end of the following business day.

To ensure that all orders are reported correctly, the MiFIR reports are only created once the order matching in Upvest has been completed.

In this guide, we describe the steps necessary to comply with this regulation and the various use cases that depend on the respective operating models, including licences that Upvest clients are using.

How does the MiFIR files exchange works?

Both Upvest and the client are obliged to report all financial transactions. Upvest can assist the client with reporting and provide the MiFIR files that the client uploads via BaFin MVP portal.

This section gives you a brief overview of how data exchange works in general.

The BaFin Regulation requires that for a given trading day (T), the associated MiFIR reports must be submitted by the end of the day of the following business day (i.e. at T+1) at the latest. To ensure that all orders are correctly reported to the authorities, the MiFIR reporting files will only be compiled once the order reconciliation has been completed within Upvest.

To support our clients with their regulatory reporting obligations, Upvest provides ready-made upload files that contain the data format expected by BaFin's MVP portal: XML in a compressed GZIP file.

The daily process of exchanging the generated MiFIR reporting files with the client is described in more detail below.


The procedure is based on Upvest's standard file sharing API and therefore fulfils all security requirements; see Security of data below.

The upload to BaFin is a manual task performed either by the customer or by us using BaFin's MVP portal.

You can find detailed information on the workflow within the BaFin MVP portal here.

Process overview

Standard process

The daily exchange of report files between Upvest and the client takes place via our standard API for file sharing. The following process flow shows the respective processing steps:

MiFIR daily reporting process

Process when reporting file is rejected

In the event that a provided reporting file is rejected during (or after) the upload process, additional operational processes (e.g. via Zendesk) must be called.

Once we have received the error message, we correct the notification files in question. The corrected message files are exchanged via the standard process as described above:

MiFIR rejected reporting process

Security of data

We store the files in an encrypted bucket that uses our cloud storage infrastructure for file exchange. It has built-in encryption at rest, which helps protect content from attackers. In a nutshell, this means that the file is encrypted at all times.

An additional layer of security is achieved by encrypting the files in the bucket (at rest) with a key that belongs to us and was created by Upvest.

The file can only be accessed via a signed URL, which is provided to our clients as a JSON response to an already authorised request. If the file is accessed via the signed URL, it is decrypted with the Upvest key and stored unencrypted on our cloud storage for a limited time (15 minutes by default), after which the access link expires.

Was this page helpful?