The Markets in Financial Instruments Regulation (MiFIR) is a European Union directive on the regulation of trading systems on the financial market. The regulation, which came into force in 2018, aims to increase transparency in trading financial instruments and thus reduce the risk of future financial crises.

Under this regulation, financial institutions are obliged to report all transactions that they carry out on behalf of third parties to the national supervisory authority.

MiFIR Art. 26

In order to comply with MiFIR Art. 26, Upvest collects and stores all order execution data for each day on which our client is active. The Regulation stipulates that the relevant MiFIR reports for a given trading day must be created no later than the end of the following business day.

To ensure that all orders are reported correctly, the MiFIR reports are only created once the order matching in Upvest has been completed.

In this guide, we describe the steps necessary to comply with this regulation and the various use cases that depend on the respective operating models, including licences that Upvest clients are using.

How does the MiFIR files exchange works?

Both Upvest and the client are obliged to report all financial transactions. Upvest can assist the client with reporting and provide the MiFIR files that the client uploads via BaFin MVP portal.

This section gives you a brief overview of how data exchange works in general.

The BaFin Regulation requires that for a given trading day (T), the associated MiFIR reports must be submitted by the end of the day of the following business day (i.e. at T+1) at the latest. To ensure that all orders are correctly reported to the authorities, the MiFIR reporting files will only be compiled once the order reconciliation has been completed within Upvest.

To support our clients with their regulatory reporting obligations, Upvest provides ready-made upload files that contain the data format expected by BaFin's MVP portal: XML in a compressed GZIP file.

The daily process of exchanging the generated MiFIR reporting files with the client is described in more detail below.


The procedure is based on Upvest's standard file sharing API and therefore fulfils all security requirements; see Security of data below.

The upload to BaFin is a manual task performed either by the customer or by us using BaFin's MVP portal.

You can find detailed information on the workflow within the BaFin MVP portal here.

Process overview

Standard process

The daily exchange of report files between Upvest and the client takes place via our standard API for file sharing. The following process flow shows the respective processing steps:

MiFIR daily reporting process

Process when reporting file is rejected

In the event that a provided reporting file is rejected during (or after) the upload process, additional operational processes (e.g. via Zendesk) must be called.

Once we have received the error message, we correct the notification files in question. The corrected message files are exchanged via the standard process as described above:

MiFIR rejected reporting process

Security of data

Cloud encryption

We store the files in an encrypted bucket that uses our cloud storage infrastructure for file exchange. It has built-in encryption at rest, which helps protect content from attackers. In a nutshell, this means that the file is encrypted at all times.

Time-limited download link

Furthermore, the file can only be accessed via a signed URL, which is provided to our clients as a JSON response to an already authorised request.


Please note that the URL link is only valid for a limited time - 15 minutes by default.

Files encryption

Another option to increase the security of your data is to encrypt the files themselves with a PGP key.


Please note that you must provide a separate PGP key for this purpose and that the encryption must also be activated by Upvest.

Read the 'PGP Keys' guide to learn how to generate a PGP key pair and to provide the public key to us.

Was this page helpful?