This document is an excerpt from the EUR-Lex website
Document 32025R1143
Commission Delegated Regulation (EU) 2025/1143 of 12 June 2025 supplementing Regulation (EU) No 600/2014 of the European Parliament and of the Council with regard to regulatory technical standards on the authorisation and organisational requirements for approved publication arrangements and approved reporting mechanisms, and on the authorisation requirements for consolidated tape providers, and repealing Commission Delegated Regulation (EU) 2017/571
Commission Delegated Regulation (EU) 2025/1143 of 12 June 2025 supplementing Regulation (EU) No 600/2014 of the European Parliament and of the Council with regard to regulatory technical standards on the authorisation and organisational requirements for approved publication arrangements and approved reporting mechanisms, and on the authorisation requirements for consolidated tape providers, and repealing Commission Delegated Regulation (EU) 2017/571
Commission Delegated Regulation (EU) 2025/1143 of 12 June 2025 supplementing Regulation (EU) No 600/2014 of the European Parliament and of the Council with regard to regulatory technical standards on the authorisation and organisational requirements for approved publication arrangements and approved reporting mechanisms, and on the authorisation requirements for consolidated tape providers, and repealing Commission Delegated Regulation (EU) 2017/571
C/2025/3100
OJ L, 2025/1143, 3.11.2025, ELI: http://data.europa.eu/eli/reg_del/2025/1143/oj (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
In force
|
Official Journal |
EN L series |
|
2025/1143 |
3.11.2025 |
COMMISSION DELEGATED REGULATION (EU) 2025/1143
of 12 June 2025
supplementing Regulation (EU) No 600/2014 of the European Parliament and of the Council with regard to regulatory technical standards on the authorisation and organisational requirements for approved publication arrangements and approved reporting mechanisms, and on the authorisation requirements for consolidated tape providers, and repealing Commission Delegated Regulation (EU) 2017/571
(Text with EEA relevance)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) No 600/2014 of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Regulation (EU) No 648/2012 (1), and in particular Article 27d(4), second subparagraph, Article 27db(7), third subparagraph, Article 27g(6), second subparagraph, Article 27g(8), second subparagraph, and Article 27i(5), second subparagraph, thereof,
Whereas:
|
(1) |
Article 2(1), point (36a), of Regulation (EU) No 600/2014 defines data reporting services providers (DRSPs) as approved publication arrangements (APAs), approved reporting mechanisms (ARMs), and consolidated tape providers (CTPs). Although those types of entities are engaged in different data reporting activities, Regulation (EU) No 600/2014 and Commission Delegated Regulation (EU) 2017/571 (2) provided for a similar authorisation procedure. Regulation (EU) 2024/791 of the European Parliament and of the Council (3) amended Regulation (EU) No 600/2014 to introduce a distinction between the authorisation procedure for APAs and ARMs, on the one hand, and the authorisation procedure for CTPs, on the other hand. Regulation (EU) 2024/791 also amended organisational requirements for CTPs. Moreover, as of 2025, DRSPs are required to comply with Regulation (EU) 2022/2554 of the European Parliament and of the Council (4). To reflect those changes, Delegated Regulation (EU) 2017/571 should be repealed and replaced by a new Regulation. |
|
(2) |
To enable the European Securities and Markets Authority (ESMA), or, where relevant, the national competent authority, to assess whether the APA or ARM has sufficient human resources and oversight over its business, the organisational structure referred to in Article 27d(1) of Regulation (EU) No 600/2014 should identify who is responsible for the different activities of that APA or ARM. To identify areas which may affect the independence of the APA or ARM and give rise to a conflict of interest, the organisational structure should not only cover the scope of the data reporting services performed by the APA or ARM, but also cover any other services that the APA or ARM provides. To enable competent authorities to assess whether the policies, procedures and corporate governance structure ensure the independence of the APA or ARM and the avoidance of conflicts of interest, an applicant seeking authorisation as an APA or ARM should also provide information on the composition, functioning and independence of its governing bodies. |
|
(3) |
Conflicts of interest can arise between APAs or ARMs, on the one hand, and clients using their services to meet their regulatory obligations and other entities purchasing data from APAs or ARMs, on the other hand. Those conflicts may arise in particular where the APA or ARM is engaged in other activities, including acting as a market operator, investment firm or trade repository. A conflict of interest that is left unaddressed could incentivise APAs or ARMs to delay publication or submission of data or to trade on the basis of the confidential information they have received. APAs and ARMs should therefore operate and maintain effective administrative arrangements to identify, prevent and manage existing and potential conflicts of interest, including by preparing an inventory of conflicts of interest and by implementing policies and procedures that are appropriate to manage those conflicts and, where necessary, by separating business functions and personnel to limit the flow of sensitive information between different business areas. |
|
(4) |
To ensure that all members of the management body of an APA or ARM are of sufficiently good repute, have sufficient knowledge, skills and experience and commit sufficient time to perform their duties, as is required by Article 27f of Regulation (EU) No 600/2014, APAs and ARMs should be able to demonstrate that they have a robust process for appointing and evaluating the performance of members of the management body and that clear reporting lines and regular reporting to the management body are in place. |
|
(5) |
The internal control’s environment of APAs and ARMs is an essential part of their organisational structure as referred to in Article 27d(1) of Regulation (EU) No 600/2014. To enable ESMA, or, where relevant, the national competent authority to assess whether APAs and ARMs have put in place all the necessary arrangements to meet their obligations at the time of initial authorisation, applicant APAs and ARMs should submit to their competent authority information on their internal control’s environment, including information regarding their internal control, compliance, risk management and internal audit functions. |
|
(6) |
APAs and ARMs fall under the scope of Regulation (EU) 2022/2554 and are therefore subject to the digital operational resilience requirements included therein. An applicant APA or ARM should therefore demonstrate to ESMA or, where relevant, to the national competent authority, compliance with all applicable obligations under that Regulation. An applicant APA or ARM should demonstrate compliance in particular with the obligations in the areas of information and communication technology (ICT) risk-management, ICT third-party risk management, business continuity and back-up facilities, testing and capacity, security and incident reporting. |
|
(7) |
APAs and ARMs should monitor that the data they are publishing or submitting are accurate and complete. They should also ensure that they have mechanisms for detecting errors or omissions caused by the clients or themselves. For ARMs, that can include reconciliations of a sample population of data submitted to the ARM by an investment firm or generated by the ARM on the investment firm’s behalf with the corresponding data provided by the competent authority. The frequency and extent of such reconciliations should be proportionate to the volume of data handled by the ARM and the extent to which it is generating transaction reports from clients’ data or passing on transaction reports completed by clients. To ensure timely reporting that is free of errors and omissions, ARMs should continuously monitor the performance of their systems. |
|
(8) |
An ARM that causes an error or omission should correct such error or omission without delay. That ARM should also notify ESMA or, where relevant, the national competent authority and any competent authority to which it submits reports of such error or omission and of its correction. To enable a client to align its internal records with the information which the ARM has submitted to the competent authority on the client’s behalf, an ARM should also notify its clients of the details of the error or omission and provide them with an updated transaction report. |
|
(9) |
APAs should be able to delete and amend information received from an investment firm submitting the trade report where that investment firm is experiencing technical difficulties and cannot delete or amend the information itself. However, because APAs cannot be certain whether a perceived error or omission is indeed incorrect, as they were not a party to the executed trade, APAs should not be responsible for correcting information contained in published reports where the error or omission is attributable to the investment firm submitting the trade report. |
|
(10) |
To facilitate reliable communication between APAs and investment firms submitting the trade reports, particularly in relation to cancellations of and amendments to specific transactions, APAs should include in the confirmation messages to such investment firms the transaction identification code that has been assigned by the APA concerned when making the information public. |
|
(11) |
To comply with their reporting obligation under Regulation (EU) No 600/2014, ARMs should ensure the smooth flow of information to and from a competent authority. ARMs should therefore be able to demonstrate that they can comply with the technical specifications set out by a competent authority regarding the interface between those ARMs and the competent authority. |
|
(12) |
To ensure efficient dissemination of information by APAs and an easy access and use of such information by market participants, that information should be published in a machine-readable format through robust channels allowing for automatic access to that information. Websites may not always offer an architecture that is robust and scalable enough and may not always allow for easy automatic access to data. Those technological constraints may, however, be overcome in the future. A particular technology should therefore not be prescribed. Instead, criteria should be set out that the chosen technology needs to meet. |
|
(13) |
To enable ESMA to assess whether an applicant for authorisation as a CTP has put in place, at the time of the application for authorisation, all the necessary arrangements to fulfil the criteria laid down in Article 27da(2) of Regulation (EU) No 600/2014, such applicant should, in its application for authorisation, provide a programme of operations, an organisational chart and an ownership chart. To enable ESMA to assess whether an applicant for authorisation as a CTP has sufficient human resources and oversight over its business, the organisational chart should identify who is responsible for the different activities. Furthermore, to enable ESMA to identify areas which may affect the independence of a CTP and give rise to a conflict of interest, the organisational chart should not only cover the scope of the consolidated tape service, but also include any other services that the applicant CTP intends to provide. Finally, to enable ESMA to assess whether the policies, procedures and corporate governance structure ensure both the independence of the CTP and the avoidance of conflicts of interest, an applicant for authorisation as a CTP should also provide information on the composition, functioning and independence of its governing bodies and on its internal control environment. |
|
(14) |
To ensure that all members of the management body of a CTP are persons who are of sufficiently good repute and possess sufficient knowledge, skills and experience, an applicant for authorisation as a CTP should be able to demonstrate that it has a robust process for appointing and evaluating the performance of members of the management body, and that clear reporting lines and regular reporting to the management body are in place. |
|
(15) |
Conflicts of interest can arise between the CTP, on the one hand, and data contributors or data users, on the other hand. Those conflicts may arise in particular where the CTP is engaged in other activities, including acting as a market operator, investment firm, or trade repository. As part of its corporate governance, an applicant for authorisation as a CTP should prove to ESMA that it has established frameworks that are appropriate to identify, prevent, and manage existing and potential conflicts of interest, including by preparing an inventory of conflicts of interest and implementing policies and procedures that are appropriate to manage those conflicts and, where necessary, by separating business functions and personnel to limit the flow of sensitive information between different business areas of the CTP. |
|
(16) |
The outsourcing of activities, in particular of critical and important functions, may constitute a material change of the conditions for the authorisation of a CTP. To ensure that the outsourcing of activities does not impair the ability of the CTP to meet its obligations under Regulation (EU) No 600/2014 or lead to conflicts of interest, a CTP should be able to demonstrate sufficient oversight and control over those activities. |
|
(17) |
CTPs fall under the scope of Regulation (EU) 2022/2554 and are therefore subject to the digital operational resilience requirements laid down in that Regulation. In their application for authorisation, applicants for authorisation as a CTP should therefore provide assurance of their compliance with the applicable requirements laid down in that Regulation. |
|
(18) |
An applicant for authorisation as a CTP should prove that its systems are able to ingest data from trading venues and APAs and to consolidate and publish that information without disruptions. It should also demonstrate its ability to consolidate and publish data in line with the requirements set out in Commission Delegated Regulation (EU) 2025/1155 (5). |
|
(19) |
To demonstrate the reasonable level of fees that an applicant for authorisation as a CTP intends to charge to its clients, that applicant should provide ESMA with the market data policy, including a detailed explanation of licensing models and the envisaged fee schedule pursuant to Article 17 of Commission Delegated Regulation (EU) 2025/1156 (6). An applicant for authorisation as a CTP for bonds should disclose any arrangements for any revenue redistribution to data contributors as referred to in Article 27h, point (5), of Regulation (EU) No 600/2014. |
|
(20) |
To enable ESMA to understand the energy consumption generated by the activities related to data collecting, processing and storing, an applicant for authorisation as a CTP should provide the expected power utilisation effectiveness (PUE) ratio as defined by international standards. |
|
(21) |
To enable ESMA to determine if their combined resources are essential for the operation of the consolidated tape, the joint applicants referred to in Article 27da(2), point (n), of Regulation (EU) No 600/2014 should prove the necessity in terms of technical and logistical capacity for each applicant to jointly operate the CT. |
|
(22) |
Information submitted to the competent authorities should contain information on the identity of the members of the management body of a DRSP and on their suitability. Such information includes personal data. In compliance with the principle of data minimisation enshrined in Article 5(1), point (c), of Regulation (EU) 2016/679 of the European Parliament and of the Council (7), only personal data that is necessary to enable the competent authority to assess the ability of the members of the management body of a DRSP to comply with the requirements laid down in Regulation (EU) No 600/2014 should be requested. The processing of personal data for the purposes of this Regulation should be carried out in accordance with Union law on the protection of personal data. In that regard, any processing of personal data performed by national competent authorities in application of this Regulation should be carried out in accordance with Regulation (EU) 2016/679 and national requirements on the protection of natural persons with regard to the processing of personal data. Any processing of personal data performed by ESMA in application of this Regulation should be carried out in accordance with Regulation (EU) 2018/1725 of the European Parliament and of the Council (8). To enable competent authorities to conduct the assessment for the purposes of the initial authorisation and the ongoing supervision, while ensuring appropriate safeguards, personal data relating to the good repute of a member of the management body should be kept by DRSPs and competent authorities for no longer than five years after that member has ceased to perform its function. |
|
(23) |
This Regulation is based on the draft regulatory technical standards submitted by ESMA to the Commission. |
|
(24) |
ESMA has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the opinion of the Securities and Markets Stakeholder Group established by Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council (9). |
|
(25) |
The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 and delivered formal comments on 17 March 2025. |
|
(26) |
The regulatory technical standards to be adopted on the basis of the empowerments laid down in Articles 27d(4), 27db(7), 27g(6) and (8), and 27i(5) of Regulation (EU) No 600/2014 should be bundled into a single Commission Delegated Regulation to ensure that all provisions specifying authorisation conditions for DRSPs are consolidated into one Regulation, |
HAS ADOPTED THIS REGULATION:
CHAPTER I
AUTHORISATION AND ORGANISATIONAL REQUIREMENTS FOR APAs AND ARMs
SECTION I
Authorisation requirements for APAs and ARMs
(Articles 27d(1) and 27f(2) of Regulation (EU) No 600/2014)
Article 1
Information to competent authorities
(Article 27d(1) of Regulation (EU) No 600/2014)
1. An applicant seeking authorisation to operate an APA or an ARM pursuant to Article 27d of Regulation (EU) No 600/2014 shall submit to ESMA or, where relevant, the national competent authority the information set out in Articles 2 to 7, and the information regarding all the organisational requirements set out in Section II of this Chapter.
2. An APA or ARM shall promptly inform ESMA or, where relevant, the national competent authority of any material change to the information provided at the time of the authorisation or thereafter.
Article 2
Information on the organisation
(Article 27d(1) of Regulation (EU) No 600/2014)
1. The programme of operations referred to in Article 27d(1) of Regulation (EU) No 600/2014 shall include the following:
|
(a) |
information on the organisational structure of the applicant, including an organisational chart and a description of the human, technical, and legal resources allocated to its business activities; |
|
(b) |
information on the operational separation policies and procedures to ensure segregation between the APA or ARM and any other activity performed by the applicant; |
|
(c) |
information on the compliance policies and procedures of the applicant seeking authorisation to operate an APA or an ARM, including:
|
|
(d) |
a list of all outsourced functions and resources allocated to the control of the outsourced functions. |
2. An applicant seeking authorisation to operate an APA or an ARM pursuant to Article 27d of Regulation (EU) No 600/2014 offering services other than data reporting services shall describe those services in the organisational chart provided under paragraph 1, point (a).
Article 3
Information on ownership
(Article 27d(1) of Regulation (EU) No 600/2014)
1. An applicant seeking authorisation to operate an APA or an ARM pursuant to Article 27d of Regulation (EU) No 600/2014 shall include in its application for authorisation:
|
(a) |
a list containing the name of each person or entity who directly or indirectly holds 10 % or more of the applicant’s capital or of its voting rights, or whose holding makes it possible to exercise a significant influence on the applicant; |
|
(b) |
a list of all undertakings in which a person or entity referred to in point (a) holds 10 % or more of the capital or voting rights or on which that person or entity exercises a significant influence; |
|
(c) |
a chart showing the ownership links between the parent undertaking, any subsidiaries and any other associated entities or branches. |
2. The undertakings shown in the chart referred to in paragraph 1, point (c), shall be identified by their full name, legal status and legal address.
Article 4
Information on corporate governance
(Article 27d(1) of Regulation (EU) No 600/2014)
1. An applicant seeking authorisation to operate an APA or an ARM pursuant to Article 27d of Regulation (EU) No 600/2014 shall include in its application for authorisation information on the internal corporate governance policies and the procedures which govern its management body, senior management, and, where established, committees.
2. The information set out in paragraph 1 shall include:
|
(a) |
a description of the processes for selection, appointment, performance evaluation and removal of senior management and members of the management body; |
|
(b) |
a description of the reporting lines and the frequency of reporting to the senior management and the management body; |
|
(c) |
a description of the policies and procedures on access to documents by members of the management body. |
Article 5
Information on the members of the management body
(Article 27f(2) of Regulation (EU) No 600/2014)
1. An applicant seeking authorisation to operate an APA or an ARM pursuant to Article 27d of Regulation (EU) No 600/2014 shall include in its application for authorisation the following information in respect of each member of the management body:
|
(a) |
name, date and place of birth, personal national identification number or an equivalent thereof, address and contact details; |
|
(b) |
the position for which that member is or will be appointed; |
|
(c) |
a curriculum vitae evidencing sufficient experience and knowledge to adequately perform the conferred responsibilities; |
|
(d) |
proof of the absence of criminal records relating to money laundering, terrorist financing, provision of financial or data services, acts of fraud or embezzlement, notably through an official certificate, or, where such a certificate is not available in the relevant Member State, a self-declaration of good repute and the authorisation to ESMA or, where relevant, the national competent authority, to request information about whether that member has been convicted of a criminal offence in connection with money laundering, terrorist financing, the provision of financial or data services or in relation to acts of fraud or embezzlement; |
|
(e) |
a self-declaration of good repute and the authorisation to ESMA or, where relevant, the national competent authority, to request information about whether that member:
|
|
(f) |
an indication of the minimum time that is to be devoted to the performance of the member’s functions within the APA or ARM; |
|
(g) |
a declaration of any potential conflicts of interest that may exist or arise in performing the duties and how those conflicts are managed. |
2. The information set out in paragraph 1 shall also be included in the notifications referred to in Article 27f(2) of Regulation (EU) No 600/2014 as regards APAs and ARMs. An APA or ARM shall notify electronically to ESMA, or, where relevant, its national competent authority of any change to the membership of its management body before such change takes effect.
Where, for substantiated reasons, it is not possible to make the notification before that change takes effect, it shall be made within 10 working days after the change has occurred.
3. An APA or an ARM shall record the information set out in paragraph 1 in a medium which enables its storage in a way that ensures that the information is accessible for future reference and which allows for the unchanged reproduction of the information stored. An APA or an ARM shall keep that information up-to-date.
4. An APA or an ARM shall keep the information set out in paragraph 1, points (d) and (e), for no longer than five years after the concerned member has ceased to perform its function.
5. Where the proof referred to in paragraph 1, point (d), contains information on other criminal convictions than those listed in that provision, an APA or an ARM shall ensure that only persons responsible for the assessment of the suitability of the members of the management body have access to that information. That information shall be stored separately from other information regarding a member of the management body. Access to that information shall be recorded. That information shall not be stored where it concerns candidate members of the management body that have not been appointed.
6. ESMA or, where relevant, the national competent authority shall keep the information set out in paragraph 1, points (d) and (e), for no longer than five years after the concerned member of the management body has ceased to perform its function.
Article 6
Information on internal controls
(Article 27d(1) of Regulation (EU) No 600/2014)
1. An applicant seeking authorisation to operate an APA or an ARM pursuant to Article 27d of Regulation (EU) No 600/2014 shall include in its application for authorisation detailed information regarding its internal controls’ environment. This shall include information regarding its internal control function, compliance function, risk management and its internal audit function.
2. The detailed information referred to in paragraph 1 shall contain:
|
(a) |
an outline of the organisation of the applicant’s internal control, risk management, compliance and internal audit functions, including where the applicant relies on outsourced functions; |
|
(b) |
an assessment of the key risks that may arise in the operation of the APA or ARM; |
|
(c) |
the applicant’s internal control policies and procedures to ensure the consistent and effective implementation of those policies; |
|
(d) |
any policies, procedures and manuals for monitoring and evaluating the adequacy and effectiveness of the applicant’s systems; |
|
(e) |
any policies, procedures and manuals for controlling and safeguarding the applicant’s information processing systems; |
|
(f) |
the identity of the internal bodies in charge of evaluating any findings resulting from the performance of the internal control and deciding on their outcome. |
3. With respect to the applicant’s internal audit function, the detailed information referred to in paragraph 1 shall contain the following:
|
(a) |
information on the applicant’s adherence to national or international professional standards; |
|
(b) |
any internal audit function charter, methodologies, and procedures; |
|
(c) |
an explanation of how the internal audit methodology, if any, is developed and applied taking into account the nature of the applicant’s activities, complexities and risks; |
|
(d) |
where there is an internal audit committee:
|
Article 7
Information on digital operational resilience
(Article 27d(1) of Regulation (EU) No 600/2014)
1. An applicant seeking authorisation to operate an APA or an ARM pursuant to Article 27d of Regulation (EU) No 600/2014 shall include in its application for authorisation evidence of compliance with the requirements on ICT risk management organisation and capabilities, operational resilience strategy and testing, incident management and ICT third-party risk management under Regulation (EU) 2022/2554.
2. The information set out in paragraph 1 shall include documents regarding the applicant’s arrangements, in accordance with Regulation (EU) 2022/2554, on:
|
(a) |
ICT risk-management; |
|
(b) |
ICT-related incident management; |
|
(c) |
digital operational resilience testing; |
|
(d) |
ICT third-party risk monitoring. |
3. The information set out in paragraph 1 shall take into account the size and overall risk profile, and the nature, scale and complexity of the applicant’s services, activities and operations.
SECTION II
Organisational requirements for APAs and ARMs
(Article 27g(1), (3) and (5), Article 27i(2) and (4) of Regulation (EU) No 600/2014)
Article 8
Conflicts of interest
(Article 27g(3) and Article 27i(2) of Regulation (EU) No 600/2014)
1. An APA or ARM shall operate and maintain effective administrative arrangements, designed to prevent conflicts of interest with clients using its services to meet their regulatory obligations and other entities purchasing data from the APA or ARM. Such arrangements shall include policies and procedures for identifying, managing and disclosing existing and potential conflicts of interest and shall contain:
|
(a) |
an inventory of existing and potential conflicts of interest, setting out their description, identification, prevention, management and disclosure; |
|
(b) |
the separation of duties and business functions within the APA or ARM including:
|
|
(c) |
a description of the fee policy for determining fees charged by the APA or ARM and undertakings to which the APA or ARM has close links; |
|
(d) |
a description of the remuneration policy for the members of the management body and senior management; |
|
(e) |
the rules regarding the acceptance of money, gifts or favours by staff of the APA or ARM and its management body. |
2. The inventory of conflicts of interest as referred to in paragraph 1, point (a) shall include conflicts of interest arising from situations where the APA or ARM:
|
(a) |
may realise a financial gain or avoid a financial loss, to the detriment of a client; |
|
(b) |
may have an interest in the outcome of a service provided to a client, which is distinct from the client’s interest in that outcome; |
|
(c) |
may have an incentive to prioritise its own interests or the interest of another client or group of clients rather than the interests of a client to whom the service is provided; |
|
(d) |
receives or may receive from any person other than a client, in relation to the service provided to a client, an incentive in the form of money, goods or services, other than commission or fees received for the service. |
Article 9
Organisational requirements regarding outsourcing
(Article 27g(3) and Article 27i(2) of Regulation (EU) No 600/2014)
1. An APA or ARM that arranges for activities to be performed on its behalf by third-party service providers, including undertakings with which it has close links, shall ensure that the third-party service provider has the ability and the capacity to perform those activities reliably and professionally.
An APA or ARM shall specify which of the activities are to be outsourced, including a specification of the level of human and technical resources needed to carry out each of those activities.
2. An APA or ARM that outsources activities shall ensure that the outsourcing does not reduce its ability or power to perform senior management or management body functions.
3. An APA or ARM shall remain responsible for any outsourced activity and shall adopt organisational measures to ensure:
|
(a) |
that it assesses whether the third-party service provider carries out outsourced activities effectively and in compliance with applicable laws and regulatory requirements and adequately addresses identified failures; |
|
(b) |
the identification of the risks in relation to outsourced activities and adequate periodic monitoring; |
|
(c) |
adequate control procedures with respect to outsourced activities, including effectively supervising the activities and their risks within the APA or ARM; |
|
(d) |
adequate business continuity of outsourced activities. |
For the purposes of point (d), the APA or ARM shall obtain information on the business continuity arrangements of the third-party service provider, assess its quality and, where needed, request improvements.
4. An APA or ARM shall ensure that the third-party service provider cooperates with ESMA or, where relevant, the national competent authority, in connection with outsourced activities.
5. Where an APA or ARM outsources a critical or important function, it shall provide ESMA or, where relevant, the national competent authority with:
|
(a) |
the identification of the third-party service provider; |
|
(b) |
the organisational measures with respect to outsourcing and the risks posed by it as specified in paragraph 3; |
|
(c) |
internal or external reports on the outsourced activities. |
Article 10
Management of incomplete or potentially erroneous information by APAs
(Article 27g(5) of Regulation (EU) No 600/2014)
1. APAs shall set up and maintain appropriate arrangements to ensure that they accurately publish the trade reports received from investment firms without themselves introducing any errors or omitting information and shall correct information where they have themselves caused the error or omission.
2. APAs shall continuously monitor in real-time the performance of their IT systems ensuring that the trade reports they have received have been successfully published.
3. APAs shall perform periodic reconciliations between the trade reports they receive and the trade reports that they publish, verifying the correct publication of the information.
4. An APA shall confirm the receipt of a trade report to the reporting investment firm, including the transaction identification code assigned by the APA. An APA shall refer to the transaction identification code in any subsequent communication with the reporting firm in relation to a specific trade report.
5. An APA shall set up and maintain appropriate arrangements to identify on receipt trade reports that are incomplete or contain information that is likely to be erroneous. These arrangements shall include automated price and volume alerts, taking into account:
|
(a) |
the sector and the segment in which the financial instrument is traded; |
|
(b) |
liquidity levels, including historical trading levels; |
|
(c) |
appropriate price and volume benchmarks; |
|
(d) |
if needed, other parameters according to the characteristics of the financial instrument. |
6. Where an APA determines that a trade report it receives is incomplete or contains information that is likely to be erroneous, it shall not publish that trade report and shall promptly alert the investment firm submitting that trade report.
7. In exceptional circumstances APAs shall delete and amend information in a trade report upon request from the entity providing the information when that entity cannot delete or amend its own information for technical reasons.
8. APAs shall publish non-discretionary policies on information cancellation and amendments in trade reports which set out the penalties that APAs may impose on investment firms providing trade reports where the incomplete or erroneous information has led to the cancellation or amendment of trade reports.
Article 11
Management of incomplete or potentially erroneous information by ARMs
(Article 27i(4) of Regulation (EU) No 600/2014)
1. An ARM shall set up and maintain appropriate arrangements to identify transaction reports that are incomplete or contain obvious errors caused by clients. An ARM shall perform validation of the transaction reports against the requirements established under Article 26 of Regulation (EU) No 600/2014 for field, format and content of fields in accordance with Table 1 of Annex I to Commission Delegated Regulation (EU) 2017/590 (10).
2. An ARM shall set up and maintain appropriate arrangements to identify transaction reports which contain errors or omissions caused by that ARM itself and to correct, including deleting or amending, such errors or omissions. An ARM shall perform validation for field, format and content of fields in accordance with Table 2 of Annex I to Delegated Regulation (EU) 2017/590.
3. An ARM shall continuously monitor in real-time the performance of its systems ensuring that a transaction report it has received has been successfully reported to the competent authority in accordance with Article 26 of Regulation (EU) No 600/2014.
4. An ARM shall perform periodic reconciliations at the request of ESMA or, where relevant, the national competent authority, or the competent authority to whom the ARM submits transaction reports, between the information that the ARM receives from its client or generates on the client’s behalf for transaction reporting purposes and data samples of the information provided by the competent authority.
5. Any corrections, including cancellations or amendments of transaction reports, that are not correcting errors or omissions caused by an ARM, shall only be made at the request of a client and per transaction report. Where an ARM cancels or amends a transaction report at the request of a client, it shall provide this updated transaction report to the client.
6. Where an ARM, before submitting the transaction report, identifies an error or omission caused by a client, it shall not submit that transaction report and shall promptly notify the investment firm of the details of the error or omission to enable the client to submit a corrected set of information.
7. Where an ARM becomes aware of errors or omissions caused by the ARM itself, it shall promptly submit a correct and complete report.
8. An ARM shall promptly notify the client of the details of the error or omission and provide an updated transaction report to the client. An ARM shall also promptly notify ESMA or, where relevant, the national competent authority, and the competent authority to whom the ARM submitted the transaction report about the error or omission.
9. The requirement to correct or cancel erroneous transaction reports or report omitted transactions shall not extend to errors or omissions which occurred more than five years before the date that the ARM became aware of such errors or omissions.
Article 12
Connectivity of ARMs
(Article 27i(4) of Regulation (EU) No 600/2014)
1. An ARM shall have in place policies, arrangements and technical capabilities to comply with the technical specification for the submission of transaction reports required by ESMA or, where relevant, the national competent authority and by other competent authorities to whom the ARM sends transaction reports.
2. An ARM shall have in place adequate policies, arrangements and technical capabilities to receive transaction reports from clients and to transmit information back to clients. The ARM shall provide the client with a copy of the transaction report which the ARM submitted to the competent authority on the client’s behalf.
Article 13
Machine readability requirements for APAs
(Article 27g(1) of Regulation (EU) No 600/2014)
1. APAs shall publish information in accordance with Article 27g(1) of Regulation (EU) No 600/2014 in a machine readable way.
2. Information shall only be considered published in a machine-readable way where all of the following conditions are met:
|
(a) |
it is in a file format structured so that software applications can easily identify, recognise and extract specific data; |
|
(b) |
it is stored in an appropriate IT architecture that enables automatic access; |
|
(c) |
it is robust enough to ensure continuity and regularity in the performance of the services provided and ensures adequate access in terms of speed; |
|
(d) |
it can be accessed, read, used and copied by computer software that is free of charge and publicly available. |
For the purposes of point (a) of the first subparagraph, the file format shall be specified by free, non-proprietary and open standards. The file format shall include the type of files or messages, the rules to identify them, and the name and data type of the fields they contain.
3. APAs shall:
|
(a) |
make instructions available to the public, explaining how and where to easily access and use the data, including identification of the file format; |
|
(b) |
make public any changes to the instructions referred to in point (a) at least three months before they come into effect, unless there is an urgent and duly justified need for changes in instructions to take effect more quickly; |
|
(c) |
include a link to the instructions referred to in point (a) on the homepage of their website. |
Article 14
Details of transactions to be published by APAs
(Article 27g(2) of Regulation (EU) No 600/2014)
An APA shall make public:
|
(a) |
for transactions executed in respect of shares, depositary receipts, exchange-traded funds (ETFs), certificates and other similar financial instruments, the details of a transaction specified in Table 3 of Annex I to Commission Delegated Regulation (EU) 2017/587 (11) and, use the appropriate flags listed in Table 4 of Annex I to Delegated Regulation (EU) 2017/587; |
|
(b) |
for transactions executed in respect of bonds, structured finance products, emission allowances and derivatives the details of a transaction specified in Table 2 of Annex II to Commission Delegated Regulation (EU) 2017/583 (12) and use the appropriate flags listed in Table 3 of Annex II to Delegated Regulation (EU) 2017/583. |
CHAPTER II
AUTHORISATION REQUIREMENTS FOR CTPs
Article 15
Information to ESMA
(Articles 27db(1) and 27f(2) of Regulation (EU) No 600/2014)
1. An applicant seeking authorisation to operate a consolidated tape (‘CT’) pursuant to Article 27db of Regulation (EU) No 600/2014 shall submit to ESMA the information set out in Articles 16 to 29.
2. A CTP shall promptly inform ESMA of any material change to the information provided at the time of the authorisation or thereafter.
Article 16
Information on ownership
(Article 27da(2), point (d), of Regulation (EU) No 600/2014)
1. An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall include in its application for authorisation:
|
(a) |
a list containing the name of each person or entity who directly or indirectly holds 10 % or more of the applicant’s capital or of its voting rights or whose holding makes it possible to exercise a significant influence on the applicant; |
|
(b) |
a list of all undertakings in which a person or entity referred to in point (a) holds 10 % or more of the capital or voting rights or on which that person or entity exercises a significant influence; |
|
(c) |
a chart showing the ownership links between the parent undertaking, any subsidiaries and any other associated entities or branches. |
2. The undertakings mentioned in the chart referred to in paragraph 1, point (c), shall be identified by their full name, legal status and legal address.
Article 17
Information on the organisation
(Article 27da(2), point (d), of Regulation (EU) No 600/2014)
1. An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall include in its application for authorisation the following information on the organisation:
|
(a) |
information on the organisational structure of the applicant, including an organisational chart and a description of the human, technical and legal resources allocated to its business activities; |
|
(b) |
information on the operational separation policies and procedures to ensure segregation between the CTP and any other activities performed by the applicant; |
|
(c) |
information on the compliance policies and procedures of the CTP, including:
|
|
(d) |
a list of all outsourced functions and resources allocated to the control of the outsourced functions. |
2. A CTP offering services other than data reporting services shall describe those services in the organisational chart provided under paragraph 1, point (a).
Article 18
Information on corporate governance
(Article 27da(2), point (d), of Regulation (EU) No 600/2014)
1. An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall include in its application for authorisation information on the internal corporate governance policies and the procedures which govern its management body, senior management, and, where established, committees.
2. The information set out in paragraph 1 shall include:
|
(a) |
a description of the processes for selection, appointment, performance evaluation and removal of senior management and members of the management body; |
|
(b) |
a description of the reporting lines and the frequency of reporting to the senior management and the management body; |
|
(c) |
a description of the policies and procedures on access to documents by members of the management body. |
Article 19
Information on the members of the management body
(Articles 27da(2), point (d) and 27f(2) of Regulation (EU) No 600/2014)
1. An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall include in its application for authorisation the following information in respect of each member of the management body:
|
(a) |
name, date and place of birth, personal national identification number or an equivalent thereof, address and contact details; |
|
(b) |
the position for which that member is or will be appointed; |
|
(c) |
a curriculum vitae evidencing sufficient experience and knowledge to adequately perform the conferred responsibilities; |
|
(d) |
proof of the absence of criminal records relating to money laundering, terrorist financing, provision of financial services or data services, acts of fraud or embezzlement, notably through an official certificate, or, where such a certificate is not available in the relevant Member State, a self-declaration of good repute and the authorisation to ESMA to request information about whether that member has been convicted of a criminal offence in connection with money laundering, terrorist financing, the provision of financial services or data services or in relation to acts of fraud or embezzlement; |
|
(e) |
a self-declaration of good repute and the authorisation to ESMA to request information about whether that member:
|
|
(f) |
an indication of the minimum time that is to be devoted to the performance of the member’s functions within the CTP; |
|
(g) |
a declaration of any potential conflicts of interest that may exist or arise in performing the duties and how those conflicts are managed. |
2. The information set out in paragraph 1 shall also be included in the notifications referred to in Article 27f(2) of Regulation (EU) No 600/2014 as regards CTPs. A CTP shall notify electronically to ESMA any change to the membership of its management body before such change takes effect.
Where, for substantiated reasons, it is not possible to make the notification before that change takes effect, it shall be made within 10 working days after the change has occurred.
3. A CTP shall record the information set out in paragraph 1 in a medium which enables its storage in a way that ensures that the information is accessible for future reference and which allows for the unchanged reproduction of the information stored. A CTP shall keep that information up-to-date.
4. A CTP shall keep the information set out in paragraph 1, points (d) and (e), for no longer than five years after the concerned member has ceased to perform its function.
5. Where the proof referred to in paragraph 1, point (d), contains information on other criminal convictions than those listed in that provision, a CTP shall ensure that only persons responsible for the assessment of the suitability of the members of the management body have access to that information. That information shall be stored separately from other information regarding a member of the management body. Access to that information shall be recorded. That information shall not be stored where it concerns candidate members of the management body that have not been appointed.
6. ESMA shall keep the information set out in paragraph 1, points (d) and (e), for no longer than five years after the concerned member of the management body has ceased to perform its function.
Article 20
Information on internal controls
(Article 27da(2), point (d), of Regulation (EU) No 600/2014)
1. An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall include in its application for authorisation detailed information regarding its internal control’s environment. This shall include information regarding its internal control function, compliance function, risk management function and its internal audit function.
2. The detailed information set out in paragraph 1 shall contain:
|
(a) |
an outline of the organisation of the applicant’s internal control, risk management, compliance and internal audit functions, including where the applicant relies on outsourced functions; |
|
(b) |
an assessment of the key risks that may arise in the operation of the CT; |
|
(c) |
the applicant’s internal control policies and procedures to ensure the consistent and effective implementation of those policies; |
|
(d) |
any policies, procedures and manuals for monitoring and evaluating the adequacy and effectiveness of the applicant’s systems; |
|
(e) |
any policies, procedures and manuals for controlling and safeguarding the applicant’s information processing systems; |
|
(f) |
the identity of the internal bodies in charge of evaluating any findings resulting from the performance of the internal control and deciding on their outcome. |
3. With respect to the applicant’s internal audit function, the detailed information referred to in paragraph 1 shall contain the following:
|
(a) |
information on the applicant’s adherence to national or international professional standards; |
|
(b) |
any internal audit function charter, methodologies, and procedures; |
|
(c) |
an explanation of how the internal audit methodology, if any, is developed and applied taking into account the nature of the applicant’s activities, complexities and risks; |
|
(d) |
where there is an Internal Audit Committee:
|
Article 21
Information on conflicts of interest
(Article 27da(2), point (d), of Regulation (EU) No 600/2014)
An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall include in its application for authorisation the information regarding its administrative arrangements designed to prevent conflicts of interest. Such arrangements shall include policies and procedures for identifying, managing and disclosing existing and potential conflicts of interest and shall contain:
|
(a) |
an inventory of existing and potential conflicts of interest, setting out their description, identification, prevention, management and disclosure; |
|
(b) |
the separation of duties and business functions within the CTP, including:
|
|
(c) |
a description of the remuneration policy for the members of the management body and senior management; |
|
(d) |
the rules regarding the acceptance of money, gifts or favours by staff of the CTP and its management body. |
Article 22
Information on business operativity
(Article 27da(2), points (g) and (i), of Regulation (EU) No 600/2014)
1. An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall include in its application the following information:
|
(a) |
the expected total capital expenditure to develop the CT; |
|
(b) |
the expected operating expenditure to run the CT; |
|
(c) |
a description of the liquid net assets funded by equity to cover potential general business losses in order to continue providing services taking into account the information referred to in points (a) and (b). |
2. An applicant seeking authorisation to operate the CT for bonds shall also provide terms of reference, statutes, contracts, or other documentation to demonstrate the existence of arrangements for revenue redistribution in accordance with Article 27h(5) of Regulation (EU) No 600/2014.
Article 23
Information on outsourcing
(Article 27da(2), points (a) and (l), of Regulation (EU) No 600/2014)
1. An applicant seeking authorisation to operate a CT that arranges for activities to be performed on its behalf by third-party service providers, including undertakings with which it has close links, shall include in its application for authorisation confirmation that the third-party service provider has the ability and the capacity to perform the activities reliably and professionally.
2. The applicant shall specify which of the activities are to be outsourced, including a specification of the level of human and technical resources needed to carry out each of those activities.
3. The applicant that outsources activities shall provide evidence that the outsourcing does not reduce its ability or power to perform senior management or management body functions.
4. The applicant shall provide evidence that it remains responsible for any outsourced activity and shall adopt organisational measures to ensure:
|
(a) |
that it assesses whether the third-party service provider is carrying out outsourced activities effectively and in compliance with applicable laws and regulatory requirements and adequately addresses identified failures; |
|
(b) |
the identification of the risks in relation to outsourced activities and adequate periodic monitoring; |
|
(c) |
adequate control procedures with respect to outsourced activities, including effectively supervising the activities and their risks within the CTP; |
|
(d) |
adequate business continuity of outsourced activities. |
For the purposes of point (d), the applicant shall obtain information on the business continuity arrangements of the third-party service provider, assess its quality and, where needed, request improvements.
5. Where the applicant outsources any critical or important function, it shall provide ESMA with:
|
(a) |
the identification of the third-party service provider; |
|
(b) |
the organisational measures and policies with respect to outsourcing and the risks posed by it as specified in paragraph 4; |
|
(c) |
internal or external reports on the outsourced activities. |
Article 24
Information on market data fees and licensing models
(Article 27da(2), point (h), of Regulation (EU) No 600/2014)
An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall provide ESMA with the information referred to in Article 17 of Delegated Regulation (EU) 2025/1156.
Article 25
Information on digital operational resilience
(Article 27da(2), points (a), (b) and (l), of Regulation (EU) No 600/2014)
1. An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall include in its application for authorisation evidence of compliance with the requirements on ICT risk management organisation and capabilities, operational resilience strategy and testing, incident management and ICT third-party risk monitoring under Regulation (EU) 2022/2554.
2. The information set out in paragraph 1 shall include documents regarding the applicant’s arrangements, in accordance with Regulation (EU) 2022/2554, on:
|
(a) |
ICT risk management; |
|
(b) |
ICT-related incident management; |
|
(c) |
digital operational resilience testing; |
|
(d) |
ICT third-party risk monitoring. |
3. The information set out in paragraph 1 shall take into account the size and overall risk profile, and the nature, scale and complexity of the applicant’s services, activities and operations.
Article 26
Information on energy efficiency
(Article 27da(2), point (m), of Regulation (EU) No 600/2014)
1. An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall provide in its application for authorisation information on the expected power utilisation effectiveness ratio as defined by ISO/IEC 30134-2:2016 (13) and the best practices referred to in the most recent version of the European Code of Conduct on Data Centre Energy Efficiency.
2. For the purposes of the expected power utilisation effectiveness ratio referred to in paragraph 1, the applicant shall consider the activities set out in points 8.1 of Annexes I and II to Commission Delegated Regulation (EU) 2021/2139 (14).
Article 27
Information on record keeping arrangements
(Article 27da(2), point (k), of Regulation (EU) No 600/2014)
An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall provide ESMA with information on the arrangements adopted to ensure that:
|
(a) |
each key stage of the CTP business may be reconstituted; |
|
(b) |
the original content of a record related to its business in accordance with Article 27ha(3) of Regulation (EU) No 600/2014 before any corrections or other amendments may be recorded, traced and retrieved; |
|
(c) |
measures to prevent unauthorised alteration of such records are in place; |
|
(d) |
the data recorded are secured and confidential; |
|
(e) |
a mechanism for identifying and correcting errors is incorporated in the record keeping system; |
|
(f) |
in the case of a system failure, the records are timely recovered. |
Article 28
Information on organisational requirements
(Article 27da(2), point (b), of Regulation (EU) No 600/2014)
An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall provide ESMA with the information on the arrangements in place to ensure compliance with the organisational requirements laid down in Article 27h of Regulation (EU) No 600/2014.
Article 29
Information on reception, consolidation and dissemination of data and data quality
(Article 27da(2), points (c), (e), (f) and (j), of Regulation (EU) No 600/2014)
An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall provide ESMA with information on:
|
(a) |
the transmission protocols referred to in Article 22a of Regulation (EU) No 600/2014, in accordance with the requirements set out in Article 2 of Delegated Regulation (EU) 2025/1155; |
|
(b) |
the technical features of the systems adopted to ensure that the speed of dissemination of core market data and regulatory data matches the information on the basis of which the applicant was selected; |
|
(c) |
the methods adopted to ensure data quality, in accordance with the requirements set out in Article 10 of Delegated Regulation (EU) 2025/1155; |
|
(d) |
the documentation certifying that the modern interface technologies adopted for the dissemination of market data and for connectivity comply with the minimum requirements set out in Article 9 of Delegated Regulation (EU) 2025/1155. |
Article 30
Information from joint applicants
(Article 27da(2), point (n), of Regulation (EU) No 600/2014)
In addition to the requirements set out in Article 15, joint applicants seeking authorisation to operate a CT shall include in their application for authorisation information on the necessity in terms of technical and logistical capacity for each applicant to jointly operate the CT.
CHAPTER III
FINAL PROVISIONS
Article 31
Repeal
Delegated Regulation (EU) 2017/571 is repealed.
References to the repealed Regulation shall be construed as references to this Regulation.
Article 32
Entry into force
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 12 June 2025.
For the Commission
The President
Ursula VON DER LEYEN
(1) OJ L 173, 12.6.2014, p. 84, ELI: http://data.europa.eu/eli/reg/2014/600/oj.
(2) Commission Delegated Regulation (EU) 2017/571 of 2 June 2016 supplementing Directive 2014/65/EU of the European Parliament and of the Council with regard to regulatory technical standards on the authorisation, organisational requirements and the publication of transactions for data reporting services providers (OJ L 87, 31.3.2017, p. 126, ELI: http://data.europa.eu/eli/reg_del/2017/571/oj).
(3) Regulation (EU) 2024/791 of the European Parliament and of the Council of 28 February 2024 amending Regulation (EU) No 600/2014 as regards enhancing data transparency, removing obstacles to the emergence of consolidated tapes, optimising the trading obligations and prohibiting receiving payment for order flow (OJ L, 2024/791, 8.3.2024, ELI: http://data.europa.eu/eli/reg/2024/791/oj).
(4) Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (OJ L 333, 27.12.2022, p. 1, ELI: http://data.europa.eu/eli/reg/2022/2554/oj).
(5) Commission Delegated Regulation (EU) 2025/1155 of 12 June 2025 supplementing Regulation (EU) No 600/2014 of the European Parliament and of the Council with regard to regulatory technical standards specifying the input and output data of consolidated tapes, the synchronisation of business clocks and the revenue redistribution by the consolidated tape provider for shares and ETFs, and repealing Commission Delegated Regulation (EU) 2017/574 (OJ L, 2025/1155, 3.11.2025, ELI: http://data.europa.eu/eli/reg_del/2025/1155/oj).
(6) Commission Delegated Regulation (EU) 2025/1156 of 12 June 2025 supplementing Regulation (EU) No 600/2014 of the European Parliament and of the Council with regard to regulatory technical standards on the obligation to make market data available to the public on a reasonable commercial basis (OJ L, 2025/1156, 3.11.2025, ELI: http://data.europa.eu/eli/reg_del/2025/1156/oj).
(7) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1, ELI: http://data.europa.eu/eli/reg/2016/679/oj).
(8) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj).
(9) Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84, ELI: http://data.europa.eu/eli/reg/2010/1095/oj).
(10) Commission Delegated Regulation (EU) 2017/590 of 28 July 2016 supplementing Regulation (EU) No 600/2014 of the European Parliament and of the Council with regard to regulatory technical standards for the reporting of transactions to competent authorities (OJ L 87, 31.3.2017, p. 449, ELI: http://data.europa.eu/eli/reg_del/2017/590/oj).
(11) Commission Delegated Regulation (EU) 2017/587 of 14 July 2016 supplementing Regulation (EU) No 600/2014 of the European Parliament and of the Council on markets in financial instruments with regard to regulatory technical standards on transparency requirements for trading venues and investment firms in respect of shares, depositary receipts, exchange-traded funds, certificates and other similar financial instruments and on transaction execution obligations in respect of certain shares on a trading venue or by a systematic internaliser (OJ L 87, 31.3.2017, p. 387, ELI: http://data.europa.eu/eli/reg_del/2017/587/oj).
(12) Commission Delegated Regulation (EU) 2017/583 of 14 July 2016 supplementing Regulation (EU) No 600/2014 of the European Parliament and of the Council on markets in financial instruments with regard to regulatory technical standards on transparency requirements for trading venues and investment firms in respect of bonds, structured finance products, emission allowances and derivatives (OJ L 87, 31.3.2017, p. 229, ELI: http://data.europa.eu/eli/reg_del/2017/583/oj).
(13) Available at: ISO/IEC 30134-2:2016 — Information technology — Data centres — Key performance indicators — Part 2: Power usage effectiveness (PUE).
(14) Commission Delegated Regulation (EU) 2021/2139 of 4 June 2021 supplementing Regulation (EU) 2020/852 of the European Parliament and of the Council by establishing the technical screening criteria for determining the conditions under which an economic activity qualifies as contributing substantially to climate change mitigation or climate change adaptation and for determining whether that economic activity causes no significant harm to any of the other environmental objectives (OJ L 442, 9.12.2021, p. 1, ELI: http://data.europa.eu/eli/reg_del/2021/2139/oj).
ELI: http://data.europa.eu/eli/reg_del/2025/1143/oj
ISSN 1977-0677 (electronic edition)