32025R2088

This document is an excerpt from the EUR-Lex website

EUROPA
EUR-Lex home
Regulation - EU - 2025/2088 - EN - EUR-Lex

Help

Search tips

Need more search options? Use the Advanced search

Document 32025R2088

Help

Regulation (EU) 2025/2088 of the European Parliament and of the Council of 8 October 2025 amending Regulations (EU) No 1092/2010, (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010, (EU) No 806/2014, (EU) 2021/523 and (EU) 2024/1620 as regards certain reporting requirements in the fields of financial services and investment support (Text with EEA relevance)

PE/38/2025/INIT

OJ L, 2025/2088, 21.10.2025, ELI: http://data.europa.eu/eli/reg/2025/2088/oj (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

Legal status of the document In force

ELI: http://data.europa.eu/eli/reg/2025/2088/oj

HTML

PDF - authentic OJ

e-signature

How to verify the authenticity of the Official Journal

Official Journal
of the European Union

L series

2025/2088

21.10.2025

REGULATION (EU) 2025/2088 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

of 8 October 2025

amending Regulations (EU) No 1092/2010, (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010, (EU) No 806/2014, (EU) 2021/523 and (EU) 2024/1620 as regards certain reporting requirements in the fields of financial services and investment support

(Text with EEA relevance)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114, Article 173 and Article 175, third paragraph, thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Central Bank (1),

Having regard to the opinion of the European Economic and Social Committee (2),

After consulting the Committee of the Regions,

Acting in accordance with the ordinary legislative procedure (3),

Whereas:

(1)

Reporting and disclosure requirements play a key role in ensuring proper monitoring of the application and correct enforcement of Union law. It is therefore important to improve, streamline and modernise those requirements to ensure that they fulfil their intended purpose, to limit the administrative burden and to avoid undue duplication of reporting for authorities and for entities.

(2)

Streamlining reporting and disclosure requirements and reducing the administrative burden without undermining the related policy objectives are therefore priorities regarding both reporting and disclosure requirements in the financial sector and the frequency of reporting related to the InvestEU Programme established by Regulation (EU) 2021/523 of the European Parliament and of the Council (4).

(3)

Regulations (EU) No 1092/2010 (5), (EU) No 1093/2010 (6), (EU) No 1094/2010 (7), (EU) No 1095/2010 (8), (EU) No 806/2014 (9), (EU) 2021/523 and (EU) 2024/1620 (10) of the European Parliament and of the Council contain arrangements for establishing a number of reporting and disclosure requirements. The collection and exchange of information under those requirements should be simplified, in line with the Commission communication of 16 March 2023 entitled ‘Long-term competitiveness of the EU: looking beyond 2030’.

(4)

Financial institutions and other entities active in financial markets are required to report a wide range of information to enable Union and national authorities overseeing the financial system to monitor risks, ensure financial stability and market integrity and protect investors and consumers of financial services in the Union. The European Supervisory Authority (European Banking Authority) (EBA), established by Regulation (EU) No 1093/2010, the European Supervisory Authority (European Insurance and Occupational Pensions Authority) (EIOPA), established by Regulation (EU) No 1094/2010, the European Supervisory Authority (European Securities and Markets Authority) (ESMA), established by Regulation (EU) No 1095/2010 (known collectively as the European Supervisory Authorities (ESAs)) and the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), established by Regulation (EU) 2024/1620, should regularly review reporting and disclosure requirements adopted while applying Union law and propose, where appropriate, to streamline or remove redundant, obsolete or disproportionate requirements. In addition, the ESAs and AMLA should address regulatory gaps in relevant regulatory and implementing technical standards. The ESAs should coordinate their work through the Joint Committee of the European Supervisory Authorities (the ‘Joint Committee’). The ESAs should also regularly analyse the effectiveness of and potential differences among Member States in reporting and disclosure requirements stemming from the application or implementation of Union law, and identify best practices to foster supervisory convergence.

(5)

The remaining redundant or obsolete reporting and disclosure requirements stem mainly from horizontal inconsistencies in sector-specific and cross-sector legislation, or from vertical inconsistencies between Union and Member State requirements (‘gold plating’). Other reporting requirements might be inappropriate because of business and regulatory developments. The ESAs and AMLA should therefore not only review regulatory and implementing technical standards, but should also be able to provide opinions on the functioning of legislative acts in force.

(6)

The ESAs, the European Systemic Risk Board (ESRB), established by Regulation (EU) No 1092/2010, the Single Resolution Board (SRB), established by Regulation (EU) No 806/2014, the European Central Bank as a competent authority in relation to the tasks conferred on it by Council Regulation (EU) No 1024/2013 (11), and AMLA, in collaboration with the sectoral competent authorities, regularly collect a wide range of information stemming from reporting requirements under Union law. Facilitating the sharing and reuse of that information with other Union and national authorities overseeing the financial system, while safeguarding data protection, professional secrecy and intellectual property rights, should reduce the administrative burden on reporting entities and on authorities by avoiding duplicative requests, in line with the Commission communication of 15 December 2021 entitled ‘Strategy on supervisory data in EU financial services’. Information sharing could also contribute to better coordination of supervisory activities and to supervisory convergence.

(7)

In order to improve efficiency in the collection, processing and use of information, the ESAs, the ESRB, the SRB, the ECB as a competent authority in relation to the data collected as part of the tasks conferred on it by Regulation (EU) No 1024/2013 and AMLA should, upon request, share, on a regular or case-by-case basis, the information they obtain from financial institutions, other reporting entities or other authorities with authorities that are entitled to collect the same information pursuant to Union law. That includes cases where those authorities are entitled to collect the information from different financial institutions, reporting entities or authorities. For the same purpose, authorities that enhance information by cleaning or enriching it should also be able to share such enhanced information. For the ‘report once’ principle to be applied in a more consistent manner, rather than requesting information from reporting entities, the ESAs, the SRB, the ECB as a competent authority and AMLA should, in general, request information from other authorities where they know or can reasonably expect that those other authorities have already collected such information, and where such a request would not jeopardise the ability of the ESAs, the SRB, the ECB as a competent authority or AMLA to perform their tasks.

(8)

While this Regulation lays down specific rules regarding information sharing by the ESAs, the ESRB, the SRB, the ECB as a competent authority and AMLA, other Union authorities as well as national authorities should be able, and are encouraged, to share information with and request information from other authorities as much as possible, to reduce the reporting burden and ensure efficient data flows.

(9)

Where necessary to facilitate information sharing between themselves, authorities are encouraged to enter into memoranda of understanding. It should be possible for such memoranda of understanding to set out the technical details necessary to enable efficient and seamless data exchange, and the sharing of resources for the collection and processing of shared data. With a view to establishing, to the extent possible, a simple and standardised format, the Commission should be able to develop guidance on the main elements of such memoranda of understanding.

(10)

The rules on information sharing laid down in this Regulation should complement the existing possibilities for information exchange provided for under Union law and, in any event, should not restrict those possibilities. In particular, in certain cases, Union law already contains specific provisions on reporting requirements and on information sharing between authorities. Those provisions are tailored to the specific objectives pursued by the Union law concerned. Where more specific provisions on information sharing already exist, the authorities should be able to share information in accordance with those provisions. Such provisions should prevail in the event of a conflict with this Regulation. Similarly, Regulation (EU) No 806/2014, Regulation (EU) 2024/1620 and Directive (EU) 2015/849 of the European Parliament and of the Council (12), and Regulation (EU) No 1024/2013, introduced comprehensive mechanisms for information sharing between, respectively, the SRB and national resolution authorities within the framework of the single resolution mechanism, between AMLA and national competent authorities dealing with anti-money laundering matters, and between the ECB as a competent authority and national competent authorities that form part of the single supervisory mechanism. To ensure that the exchange of information between those authorities is carried out in accordance with the specific mechanisms introduced by those Union legal acts, it is appropriate to exclude such exchanges from the scope of this Regulation.

(11)

The ESAs should assess options for the further integration of substantive and procedural aspects of reporting processes. They should also assess opportunities arising from the increased use of digital technologies, with a view to promoting effective and efficient reporting arrangements that would foster the competitiveness of the financial sector.

(12)

With that in mind, over the past few years, the Commission and the authorities responsible for overseeing the financial system have made significant progress in exploring the possibility of establishing integrated reporting systems within specific sectors. Such innovative reporting systems are necessary to reap the benefits of increased data sharing between those authorities. Building on that ongoing sectoral work, those authorities should prepare a report that presents options for improving supervisory data collection, assesses the feasibility and, based on that assessment, presents a roadmap for the implementation of the cross-sectoral integrated reporting system. The goal should be to establish a single integrated reporting system.

(13)

In order to support the work on the integration of reporting and with a view to eliminating any unnecessary burden, the authorities overseeing the financial sector should promptly establish a permanent single contact point to whom entities can communicate duplicative, obsolete or redundant reporting and disclosure requirements.

(14)

The Commission needs accurate and comprehensive information to develop policies, evaluate existing Union law and assess the impact of potential legislative and non-legislative initiatives, including the impact of legislative acts under negotiation. While this Regulation does not establish new rules on information sharing by the authorities with the Commission, in order to provide for an evidence-based approach with respect to determining and evaluating Union policies, the authorities should have the opportunity, and are encouraged, to share with the Commission, in accordance with applicable rules, the information that financial institutions or other entities have reported to them in accordance with Union law.

(15)

Innovation cycles in the financial sector are accelerating, and becoming more open and increasingly collaborative. It should therefore be possible for authorities to share information with financial institutions, researchers and other entities that can demonstrate to the relevant authority that they have a legitimate interest in using that information for the purposes of research and innovation beyond the initial purpose for which the information was collected. The sharing of such information would enhance its utility by increasing the information available for financial sector research, and would provide more opportunities to test products and business models. It would also allow greater collaboration between the various financial market participants, including fintech undertakings, start-ups and incumbent financial institutions. The re-use of data shared by authorities is governed by the general framework laid down in Chapter II of Regulation (EU) 2022/868 of the European Parliament and of the Council (13). However, considering the sensitive nature of the data that the authorities in the financial sector receive for supervision purposes, the protection of the public interest and in particular of the economic security of the Union should be ensured when such data is re-used. Therefore, this Regulation introduces specific mandatory conditions for the re-use of such data, including the anonymisation of personal and non-personal data, to ensure that individual financial institutions cannot be identified and that confidential information is protected. All procedures and steps in the collection, standardisation, anonymisation, storage and sharing of such data should be subject to the latest cybersecurity measures provided for by Union law.

(16)

Changing the frequency of reporting on the InvestEU Programme by implementing partners from biannual to annual should reduce the administrative burden on implementing partners, financial intermediaries, small and medium-sized enterprises and other companies, without altering any substantive element of Regulation (EU) 2021/523.

(17)

Since the objectives of this Regulation, namely, to improve, streamline and modernise reporting requirements, cannot be sufficiently achieved by the Member States as the reporting requirements concerned are laid down in Union law but can rather, by reason of legal certainty and the consistency of reporting, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.

(18)	Regulations (EU) No 1092/2010, (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010, (EU) No 806/2014, (EU) 2021/523 and (EU) 2024/1620 should therefore be amended accordingly,

HAVE ADOPTED THIS REGULATION:

Article 1

Amendments to Regulation (EU) No 1092/2010

Regulation (EU) No 1092/2010 is amended as follows:

(1)

in Article 8, paragraph 3 is replaced by the following:

‘3. Without prejudice to Articles 15 and 16 and the application of criminal law, no confidential information received by the persons referred to in paragraph 1 of this Article whilst performing their duties shall be divulged to any person or authority whatsoever, except in summary or aggregate form, such that individual financial institutions cannot be identified.’

;

(2)

in Article 15, the following paragraphs are added:

‘8. The ESRB shall share, on a regular or case-by-case basis, information that it obtained from one of the other authorities when carrying out its duties and that stems from the application and implementation of Union law, with the other authorities upon request, provided that the requesting authority is entitled to obtain that information from financial institutions or the other authorities pursuant to Union law.

9. A request to exchange information pursuant to paragraph 8 of this Article shall indicate the legal basis under Union law that entitles the requesting authority to obtain the information from financial institutions or the other authorities.

The requesting authority and the ESRB shall be subject to the obligations of professional secrecy and data protection laid down in Article 8 and in sectoral legislation which apply to the sharing of information between the financial institution or the other authorities and the requesting authority, and between the other authorities and the ESRB.

10. Where the ESRB exchanges information pursuant to paragraph 8, it shall, without undue delay, inform each authority from which it obtained the information about the exchange. In the case of recurring or periodic exchanges of information, the ESRB shall be obliged to inform the authority from which it obtained the information only once.

11. By way of derogation from paragraph 10, the ESRB shall not be obliged to inform the authority about the exchange of information where either of the following conditions is met:

(a)	the information has been anonymised in such a manner that it no longer relates to any identified or identifiable natural person and that the financial institution or other legal entities are no longer identifiable; or

(b)

the information has been modified, aggregated or treated by any other method of disclosure control to protect confidential information, including trade secrets, and to protect personal data through appropriate technical and organisational measures in accordance with Regulations (EU) 2016/679 (*1) and (EU) 2018/1725 (*2) of the European Parliament and of the Council.

12. Paragraphs 8 to 11 shall also apply to information that the ESRB has received from the other authorities and upon which the ESRB has subsequently performed quality checks or which the ESRB has otherwise processed.

13. To facilitate exchanges of information as referred to in paragraphs 8 to 12, the ESRB and the other authorities may enter into memoranda of understanding regarding the arrangements for such exchanges. The memoranda of understanding may also specify arrangements for the sharing of resources for the collection and processing of shared information. The Commission may, after consulting the ESRB and the other authorities, develop guidance on the main elements of such memoranda of understanding.

14. Paragraphs 8 to 13 shall be without prejudice to the protection of intellectual property rights and shall not prevent or restrict the exchange of information between the ESRB and the other authorities in accordance with other provisions of this Regulation or with other Union legislation.

In the event of a conflict between paragraphs 8 to 13 and other provisions of this Regulation or other Union legislation that govern the exchange of information between the ESRB and the other authorities, such other provisions shall prevail.

15. The ESRB may, at its own discretion, grant access to information obtained when carrying out its duties for re-use by financial institutions, researchers and other entities that have a legitimate interest in that information for research and innovation purposes, provided that the ESRB has ensured that all of the following conditions have been complied with:

(a)	the necessary measures have been taken to anonymise the information in a manner that prevents individual financial institutions, entities, data subjects and Member States from being identified;

(b)	the information has been modified, aggregated or treated by any other method of disclosure control to protect confidential information, including trade secrets, or content covered by intellectual property rights.

Information received from any authority shall be shared pursuant to the first subparagraph only with the consent of the authority that initially obtained that information.

16. By 11 November 2027, the ESRB shall report to the Commission on all legal obstacles in sectoral legislation that prevent it, in any way, from exchanging information with the other authorities or with other entities. The report may also address non-material, obsolete, duplicative or otherwise irrelevant reporting requirements. It may also include suggestions for improving consistency between reporting requirements for financial and non-financial entities. The report shall be updated on a regular basis, where necessary.

Taking into account the report referred to in the first subparagraph, the protection of intellectual property rights and the obligations of professional secrecy and data protection, the Commission shall, where appropriate, submit to the European Parliament and to the Council a legislative proposal to remove such legal obstacles in sectoral legislation, to foster the exchange of information between authorities and with other entities.

17. For the purposes of this Article, “other authorities” means any of the following authorities:

(a)	the European Supervisory Authority (European Banking Authority);

(b)	the European Supervisory Authority (European Insurance and Occupational Pensions Authority);

(c)	the European Supervisory Authority (European Securities and Markets Authority);

(d)	competent authorities, as defined in Article 4, point (2), of Regulation (EU) No 1093/2010;

(e)	competent authorities, as defined in Article 4, point (2), of Regulation (EU) No 1094/2010;

(f)	competent authorities, as defined in Article 4, point (3), of Regulation (EU) No 1095/2010;

(g)	the authorities composing the Single supervisory mechanism, as defined in Article 2, point (9), of Regulation (EU) No 1024/2013;

(h)	the Single Resolution Board, as established by Regulation (EU) No 806/2014;

(i)	resolution authorities, such as those referred to in Article 3(3) of Directive 2014/59/EU;

(j)	the Authority for Anti-Money Laundering and Countering the Financing of Terrorism, as established by Regulation (EU) 2024/1620 of the European Parliament and of the Council (*3);

(k)	financial supervisors, as defined in Article 2, second subparagraph, point (1), of Directive (EU) 2024/1640 of the European Parliament and of the Council (*4).

(*1) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1, ELI: http://data.europa.eu/eli/reg/2016/679/oj)."

(*2) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj)."

(*3) Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010 (OJ L, 2024/1620, 19.6.2024, ELI: http://data.europa.eu/eli/reg/2024/1620/oj)."

(*4) Directive (EU) 2024/1640 of the European Parliament and of the Council of 31 May 2024 on the mechanisms to be put in place by Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Directive (EU) 2019/1937, and amending and repealing Directive (EU) 2015/849 (OJ L, 2024/1640, 19.6.2024, ELI: http://data.europa.eu/eli/dir/2024/1640/oj).’."

Article 2

Amendments to Regulation (EU) No 1093/2010

Regulation (EU) No 1093/2010 is amended as follows:

(1)

in Article 16a(1), the following subparagraphs are added:

‘In its opinions, the Authority may, where appropriate, address the functioning of legislative acts in force, including the appropriateness of removing any redundant or obsolete reporting and disclosure requirements in Union law or in measures of national law transposing Union law.

To provide opinions on legislative acts in force, as referred to in the second subparagraph, the Authority may consult all relevant stakeholders specifically on that matter and take their input into account. The Commission may, after considering those opinions, where appropriate, submit to the European Parliament and to the Council a legislative proposal.’

;

(2)

in Article 29(1), point (d) is replaced by the following:

‘(d)

reviewing the application of the relevant regulatory and implementing technical standards adopted by the Commission, and of the guidelines and recommendations issued by the Authority and proposing amendments where appropriate, including amendments to:

(i)	remove redundant or obsolete reporting and disclosure requirements, and minimise costs, while preserving data usability and quality;

(ii)	ensure proportionate and consistent reporting and disclosure requirements; and

(iii)

address regulatory gaps related to reporting and disclosure requirements;’

;

(3)

in Article 30(3), the following point is added:

‘(e)	the effectiveness and the degree of convergence of reporting and disclosure requirements adopted in application or implementation of Union law, while considering the specific characteristics of national financial legal frameworks.’

;

(4)

in Article 35, paragraph 4 is replaced by the following:

‘4. Before requesting information in accordance with this Article, and in order to ensure that there is no duplication of reporting requirements, the Authority shall take account of information collected by other authorities as defined in Article 35a(12) and any relevant existing statistics produced and disseminated by the European Statistical System and the European System of Central Banks.’

;

(5)

the following articles are inserted:

‘Article 35a

Exchange of information between authorities and with other entities

1. The Authority and the European Central Bank as referred to in Article 4, point (2)(i), shall share, on a regular or case-by-case basis, information that they obtained from financial institutions or the other authorities when carrying out their duties and that stems from the application and implementation of Union law, with the other authorities upon request, provided that the requesting authority is entitled to obtain that information from financial institutions or the other authorities pursuant to Union law.

2. The Authority and the European Central Bank as referred to in Article 4, point (2)(i), shall request information from any of the other authorities that have obtained that information, instead of requesting it directly from financial institutions, provided that the Authority or the European Central Bank, as applicable, is entitled to obtain that information pursuant to Union law.

The first subparagraph of this paragraph shall be without prejudice to the powers of the Authority or the European Central Bank as referred to in Article 4, point (2)(i), to obtain the requested information from financial institutions where the other authority is unable to share the information, where urgent action is needed or where obtaining the information directly from financial institutions is necessary for the performance of the Authority’s or the European Central Bank’s tasks pursuant to Union law.

3. A request to exchange information pursuant to paragraph 1 of this Article shall indicate the legal basis under Union law that entitles the requesting authority to obtain the information from financial institutions or the other authorities.

The requesting authority, the Authority and the European Central Bank as referred to in Article 4, point (2)(i), shall be subject to the obligations of professional secrecy and data protection laid down in Articles 70 and 71 of this Regulation, in Article 27 of Regulation (EU) No 1024/2013 and in sectoral legislation which apply to the sharing of information between the financial institution and the requesting authority, and between the financial institution and the Authority and the European Central Bank as referred to in Article 4, point (2)(i).

4. Where either the Authority or the European Central Bank as referred to in Article 4, point (2)(i), exchanges information pursuant to paragraph 1 of this Article, it shall, without undue delay, inform each authority from which it obtained the information or each financial institution, if the information was obtained from financial institutions directly, about the exchange. In the case of recurring or periodic exchanges of information, the Authority or the European Central Bank as referred to in Article 4, point (2)(i), shall be obliged to inform the financial institution or the authority from which it obtained the information only once.

5. By way of derogation from paragraph 4 of this Article, the Authority and the European Central Bank as referred to in Article 4, point (2)(i), shall not be obliged to inform the authority or the financial institution, as applicable, about the exchange of information where either of the following conditions is met:

(a)	the information has been anonymised in such a manner that it no longer relates to any identified or identifiable natural person and that the financial institution or other legal entities are no longer identifiable; or

(b)

the information has been modified, aggregated or treated by any other method of disclosure control to protect confidential information, including trade secrets, and to protect personal data through appropriate technical and organisational measures in accordance with Regulations (EU) 2016/679 (*5) and (EU) 2018/1725 (*6) of the European Parliament and of the Council.

6. By way of derogation from paragraph 4 of this Article, the Authority and the European Central Bank as referred to in Article 4, point (2)(i), shall not inform the financial institution about the exchange of information if they determine, or are informed by the requesting authority, that doing so could compromise supervisory or resolution proceedings, actions or investigations.

7. Paragraphs 1 to 6 of this Article shall also apply to information that the Authority and the European Central Bank as referred to in Article 4, point (2)(i), have received from a financial institution or the other authorities and upon which they have subsequently performed quality checks or which they have otherwise processed.

8. To facilitate exchanges of information as referred to in paragraphs 1 to 7 of this Article, the Authority and the European Central Bank as referred to in Article 4, point (2)(i),and the other authorities may enter into memoranda of understanding regarding the arrangements for such exchanges. The memoranda of understanding may also specify arrangements for the sharing of resources for the collection and processing of shared information. The Commission may, after consulting the Authority and the European Central Bank as referred to in Article 4, point (2)(i), and the other authorities, develop guidance on the main elements of such memoranda of understanding.

9. Paragraphs 1 to 8 of this Article shall be without prejudice to the protection of intellectual property rights and shall not prevent or restrict the exchange of information between the Authority or the European Central Bank as referred to in Article 4, point (2)(i), and the other authorities in accordance with other provisions of this Regulation or with other Union legislation.

In the event of a conflict between this Article and other provisions of this Regulation or other Union legislation that govern the exchange of information between the Authority or the European Central Bank as referred to in Article 4, point (2)(i), and the other authorities, such other provisions shall prevail.

10. The Authority, the European Central Bank as referred to in Article 4, point (2)(i), and the competent authorities may, at their own discretion, grant access to information obtained when carrying out their duties for re-use by financial institutions, researchers and other entities that have a legitimate interest in that information for research and innovation purposes, provided that the Authority, the European Central Bank as referred to in Article 4, paragraph 2, point (i), or the competent authority granting the access, has ensured that all of the following conditions have been complied with:

(a)	the necessary measures have been taken to anonymise the information in a manner that prevents individual financial institutions, entities, data subjects and, where it is the Authority or the European Central Bank which grants access to the information, Member States from being identified;

(b)	the information has been modified, aggregated or treated by any other method of disclosure control to protect confidential information, including trade secrets or content covered by intellectual property rights.

Information received from any authority shall be shared pursuant to the first subparagraph only with the consent of the authority that initially obtained that information.

11. By 11 November 2027, the Authority and the European Central Bank as referred to in Article 4, point (2)(i), shall, in close cooperation with competent authorities, report to the Commission on all legal obstacles in sectoral legislation that prevent them, in any way, from exchanging information with the other authorities or with other entities. The report may also address non-material, obsolete, duplicative or otherwise irrelevant reporting requirements. It may also include suggestions for improving consistency between reporting requirements for financial and non-financial entities. The report shall be updated on a regular basis, where necessary.

12. For the purposes of this Article, Article 35(4) and Article 70(3), “other authorities” means any of the following authorities:

(a)

the ESRB;

(b)	the European Supervisory Authority (European Insurance and Occupational Pensions Authority);

(c)	the European Supervisory Authority (European Securities and Markets Authority);

(d)	competent authorities, as defined in Article 4, point (2) of this Regulation;

(e)	competent authorities, as defined in Article 4, point (2), of Regulation (EU) No 1094/2010;

(f)	competent authorities, as defined in Article 4, point (3), of Regulation (EU) No 1095/2010;

(g)	the authorities composing the Single supervisory mechanism, as defined in Article 2, point (9), of Regulation (EU) No 1024/2013;

(h)	the Single Resolution Board (SRB), as established by Regulation (EU) No 806/2014;

(i)	resolution authorities, such as those referred to in Article 3(3) of Directive 2014/59/EU;

(j)	the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), as established by Regulation (EU) 2024/1620 of the European Parliament and of the Council (*7);

(k)	financial supervisors, as defined in Article 2, second subparagraph, point (1), of Directive (EU) 2024/1640 of the European Parliament and Council (*8).

For the purposes of this Article, “financial institution” means financial institution as defined in Article 2, point (a), of Regulation (EU) No 1092/2010.

By way of derogation from the first subparagraph of this paragraph, where paragraphs 1 and 2 of this Article apply to the European Central Bank, as referred to in Article 4, point (2)(i), of this Regulation, “other authorities” means any of the authorities listed in the first subparagraph of this paragraph, except for national competent authorities that form part of the Single supervisory mechanism.

Article 35b

Integrated reporting system

1. By 11 November 2030, the ESAs, through the Joint Committee and in close cooperation with the ESRB, the European Central Bank, AMLA, the SRB, the competent authorities and other relevant stakeholders, shall prepare a report presenting options to enhance the efficiency of supervisory data collection in the Union. Building on the sectoral work of the ESAs to integrate reporting, that report shall provide a feasibility study, including an assessment of impacts, costs and benefits, of a cross-sectoral integrated reporting system and, based on that feasibility study, present a roadmap for the implementation.

The report referred to in the first subparagraph shall cover:

(a)	a common data dictionary, including a repository of reporting and disclosure requirements, ensuring consistency and clarity of reporting requirements and data standardisation; and

(b)	a data space for collecting and exchanging information.

Taking into account the findings of the report referred to in the first subparagraph and following a thorough impact assessment, the Commission shall, where appropriate and necessary, submit to the European Parliament and to the Council a legislative proposal to ensure the financial, human and IT resources necessary for establishing the integrated reporting system.

2. The ESAs, through the Joint Committee and in close cooperation with the ESRB, the European Central Bank, AMLA, the SRB and the competent authorities, shall promptly establish a permanent single contact point for entities to communicate duplicative, redundant or obsolete reporting and disclosure requirements.

(*5) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1, ELI: http://data.europa.eu/eli/reg/2016/679/oj)."

(*6) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj)."

(*7) Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010 (OJ L, 2024/1620, 19.6.2024, ELI: http://data.europa.eu/eli/reg/2024/1620/oj)."

(*8) Directive (EU) 2024/1640 of the European Parliament and of the Council of 31 May 2024 on the mechanisms to be put in place by Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Directive (EU) 2019/1937, and amending and repealing Directive (EU) 2015/849 (OJ L, 2024/1640, 19.6.2024, ELI: http://data.europa.eu/eli/dir/2024/1640/oj).’;"

(6)

in Article 54(2), the following indent is added:

‘—	reporting and disclosure requirements and the collection of information from financial institutions.’

;

(7)

in Article 70(3), the first subparagraph is replaced by the following:

‘3. Paragraphs 1 and 2 of this Article shall not prevent the Authority from exchanging information with competent authorities and with other authorities as defined in Article 35a(12) in accordance with this Regulation and other Union legislation applicable to financial institutions.’.

Article 3

Amendments to Regulation (EU) No 1094/2010

Regulation (EU) No 1094/2010 is amended as follows:

(1)

in Article 16a(1), the following subparagraphs are added:

;

(2)

in Article 29(1), point (d) is replaced by the following:

‘(d)

(i)	remove redundant or obsolete reporting and disclosure requirements, and minimise costs while preserving data usability and quality;

(ii)	ensure proportionate and consistent reporting and disclosure requirements; and

(iii)

address regulatory gaps related to reporting and disclosure requirements;’

;

(3)

in Article 30(3), the following point is added:

‘(e)	the effectiveness and the degree of convergence of reporting and disclosure requirements adopted in application or implementation of Union law, while considering the specific characteristics of national financial legal frameworks.’

;

(4)

in Article 35, paragraph 4 is replaced by the following:

;

(5)

the following articles are inserted:

‘Article 35a

Exchange of information between authorities and with other entities

1. The Authority shall share, on a regular or case-by-case basis, information that it obtained from financial institutions or the other authorities when carrying out its duties and that stems from the application and implementation of Union law, with the other authorities upon request, provided that the requesting authority is entitled to obtain that information from financial institutions or the other authorities pursuant to Union law.

2. The Authority shall request information from any of the other authorities that have obtained that information, instead of requesting it directly from financial institutions, provided that the Authority is entitled to obtain that information pursuant to Union law.

The first subparagraph shall be without prejudice to the powers of the Authority to obtain the requested information from financial institutions where the other authority is unable to share the information, where urgent action is needed or where obtaining the information directly from financial institutions is necessary for the performance of the Authority’s tasks pursuant to Union law.

The requesting authority and the Authority shall be subject to the obligations of professional secrecy and data protection laid down in Articles 70 and 71 and in sectoral legislation which apply to the sharing of information between the financial institution and the requesting authority and between the financial institution and the Authority.

4. Where the Authority exchanges information pursuant to paragraph 1, it shall, without undue delay, inform each authority from which it obtained the information or each financial institution, if the information was obtained from financial institutions directly, about the exchange. In the case of recurring or periodic exchanges of information, the Authority shall be obliged to inform the financial institution or the authority from which it obtained the information only once.

5. By way of derogation from paragraph 4, the Authority shall not be obliged to inform the authority or the financial institution, as applicable, about the exchange of information where either of the following conditions is met:

(a)	the information has been anonymised in such a manner that it no longer relates to any identified or identifiable natural person and that the financial institution or other legal entities are no longer identifiable; or

(b)

the information has been modified, aggregated or treated by any other method of disclosure control to protect confidential information, including trade secrets, and to protect personal data through appropriate technical and organisational measures in accordance with Regulations (EU) 2016/679 (*9) and (EU) 2018/1725 (*10) of the European Parliament and of the Council.

6. By way of derogation from paragraph 4, the Authority shall not inform the financial institution about the exchange of information if it determines, or is informed by the requesting authority, that doing so could compromise supervisory or resolution proceedings, actions or investigations.

7. Paragraphs 1 to 6 shall also apply to information that the Authority has received from a financial institution or the other authorities and upon which the Authority has subsequently performed quality checks or which the Authority has otherwise processed.

8. To facilitate exchanges of information as referred to in paragraphs 1 to 7, the Authority and the other authorities may enter into memoranda of understanding regarding the arrangements for such exchanges. The memoranda of understanding may also specify arrangements for the sharing of resources for the collection and processing of shared information. The Commission may, after consulting the Authority and the other authorities, develop guidance on the main elements of such memoranda of understanding.

9. Paragraphs 1 to 8 shall be without prejudice to the protection of intellectual property rights and shall not prevent or restrict the exchange of information between the Authority and the other authorities in accordance with other provisions of this Regulation or with other Union legislation.

In the event of a conflict between this Article and other provisions of this Regulation or other Union legislation that govern the exchange of information between the Authority and the other authorities, such other provisions shall prevail.

10. The Authority and the competent authorities may, at their own discretion, grant access to information obtained when carrying out their duties for re-use by financial institutions, researchers and other entities that have a legitimate interest in that information for research and innovation purposes, provided that the Authority or the competent authority granting access has ensured that all of the following conditions have been complied with:

(a)	the necessary measures have been taken to anonymise the information, in a manner that prevents individual financial institutions, entities, data subjects and, where it is the Authority which grants access to the information, Member States from being identified;

(b)	the information has been modified, aggregated or treated by any other method of disclosure control to protect confidential information, including trade secrets or content covered by intellectual property rights.

Information received from any authority shall be shared pursuant to the first subparagraph only with the consent of the authority that initially obtained that information.

11. By 11 November 2027 the Authority shall, in close cooperation with competent authorities, report to the Commission on all legal obstacles in sectoral legislation that prevent them, in any way, from exchanging information with the other authorities or with other entities. The report may also address non-material, obsolete, duplicative or otherwise irrelevant reporting requirements. It may also include suggestions for improving consistency between reporting requirements for financial and non-financial entities. The report shall be updated on a regular basis, where necessary.

12. For the purposes of this Article, Article 35(4) and Article 70(3), “other authorities” means any of the following authorities:

(a)

the ESRB;

(b)	the European Supervisory Authority (European Banking Authority);

(c)	the European Supervisory Authority (European Securities and Markets Authority);

(d)	competent authorities, as defined in Article 4, point (2), of this Regulation;

(e)	competent authorities, as defined in Article 4, point (2), of Regulation (EU) No 1093/2010;

(f)	competent authorities, as defined in Article 4, point (3), of Regulation (EU) No 1095/2010;

(g)	the authorities composing the Single supervisory mechanism, as defined in Article 2, point (9), of Council Regulation (EU) No 1024/2013 (*11);

(h)	the Single Resolution Board (SRB), as established by Regulation (EU) No 806/2014 of the European Parliament and of the Council (*12);

(i)	resolution authorities, such as those referred to in Article 3(3) of Directive 2014/59/EU of the European Parliament and of the Council (*13);

(j)	the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), as established by Regulation (EU) 2024/1620 of the European Parliament and of the Council (*14);

(k)	financial supervisors, as defined in Article 2, second subparagraph, point (1), of Directive (EU) 2024/1640 of the European Parliament and of the Council (*15);

For the purposes of this Article, “financial institution” means financial institution as defined in Article 2, point (a), of Regulation (EU) No 1092/2010.

Article 35b

Integrated reporting system

1. By 11 November 2030, the ESAs, through the Joint Committee and in close cooperation with the ESRB, the European Central Bank (ECB), AMLA, the SRB, the competent authorities and other relevant stakeholders, shall prepare a report presenting options to enhance the efficiency of supervisory data collection in the Union. Building on the sectoral work of the ESAs to integrate reporting, that report shall provide a feasibility study, including an assessment of impacts, costs and benefits, of a cross-sectoral integrated reporting system and, based on that feasibility study, present a roadmap for the implementation.

The report referred to in the first subparagraph shall cover:

(a)	a common data dictionary, including a repository of reporting and disclosure requirements, ensuring consistency and clarity of reporting requirements and data standardisation; and

(b)	a data space for collecting and exchanging information.

2. The ESAs, through the Joint Committee and in close cooperation with the ESRB, the ECB, AMLA, the SRB and the competent authorities, shall promptly establish a permanent single contact point for entities to communicate duplicative, redundant or obsolete reporting and disclosure requirements.

(*9) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1, ELI: http://data.europa.eu/eli/reg/2016/679/oj)."

(*10) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj)."

(*11) Council Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions (OJ L 287, 29.10.2013, p. 63, ELI: http://data.europa.eu/eli/reg/2013/1024/oj)."

(*12) Regulation (EU) No 806/2014 of the European Parliament and of the Council of 15 July 2014 establishing uniform rules and a uniform procedure for the resolution of credit institutions and certain investment firms in the framework of a Single Resolution Mechanism and a Single Resolution Fund and amending Regulation (EU) No 1093/2010 (OJ L 225, 30.7.2014, p. 1, ELI: http://data.europa.eu/eli/reg/2014/806/oj)."

(*13) Directive 2014/59/EU of the European Parliament and of the Council of 15 May 2014 establishing a framework for the recovery and resolution of credit institutions and investment firms and amending Council Directive 82/891/EEC, and Directives 2001/24/EC, 2002/47/EC, 2004/25/EC, 2005/56/EC, 2007/36/EC, 2011/35/EU, 2012/30/EU and 2013/36/EU, and Regulations (EU) No 1093/2010 and (EU) No 648/2012, of the European Parliament and of the Council (OJ L 173, 12.6.2014, p. 190, ELI: http://data.europa.eu/eli/dir/2014/59/oj)."

(*14) Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010 (OJ L, 2024/1620, 19.6.2024, ELI: http://data.europa.eu/eli/reg/2024/1620/oj)."

(*15) Directive (EU) 2024/1640 of the European Parliament and of the Council of 31 May 2024 on the mechanisms to be put in place by Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Directive (EU) 2019/1937, and amending and repealing Directive (EU) 2015/849 (OJ L, 2024/1640, 19.6.2024, ELI: http://data.europa.eu/eli/dir/2024/1640/oj).’;"

(6)

in Article 54(2), the following indent is added:

‘—	reporting and disclosure requirements and the collection of information from financial institutions.’

;

(7)

in Article 70(3), the first subparagraph is replaced by the following:

Article 4

Amendments to Regulation (EU) No 1095/2010

Regulation (EU) No 1095/2010 is amended as follows:

(1)

in Article 16a(1), the following subparagraphs are added:

;

(2)

in Article 29(1), point (d) is replaced by the following:

‘(d)

(i)	remove redundant or obsolete reporting and disclosure requirements, and minimise costs while preserving data usability and quality;

(ii)	ensure proportionate and consistent reporting and disclosure requirements; and

(iii)

address regulatory gaps related to reporting and disclosure requirements;’

;

(3)

in Article 30(3), the following point is added:

‘(e)	the effectiveness and the degree of convergence of reporting and disclosure requirements adopted in application or implementation of Union law, while considering the specific characteristics of national financial legal frameworks.’

;

(4)

in Article 35, paragraph 4 is replaced by the following:

‘4. Before requesting information in accordance with this Article and in order to ensure that there is no duplication of reporting requirements, the Authority shall take account of information collected by other authorities as defined in Article 35a(12) and any relevant existing statistics produced and disseminated by the European Statistical System and the European System of Central Banks.’

;

(5)

the following articles are inserted:

‘Article 35a

Exchange of information between authorities and with other entities

(a)	the information has been anonymised in such a manner that it no longer relates to any identified or identifiable natural person and that the financial institution or other legal entities are no longer identifiable; or

(b)

the information has been modified, aggregated or treated by any other method of disclosure control to protect confidential information, including trade secrets, and to protect personal data through appropriate technical and organisational measures in accordance with Regulations (EU) 2016/679 (*16) and (EU) 2018/1725 (*17) of the European Parliament and of the Council.

(a)	the necessary measures have been taken to anonymise the information, in a manner that prevents individual financial institutions, entities, data subjects and, where it is the Authority which grants access to the information, Member States from being identified;

(b)	the information has been modified, aggregated or treated by any other method of disclosure control to protect confidential information, including trade secrets or content covered by intellectual property rights.

Information received from any authority shall be shared pursuant to the first subparagraph only with the consent of the authority that initially obtained that information.

11. By 11 November 2027, the Authority shall, in close cooperation with competent authorities, report to the Commission on all legal obstacles in sectoral legislation that prevent them, in any way, from exchanging information with the other authorities or with other entities. The report may also address non-material, obsolete, duplicative or otherwise irrelevant reporting requirements. It may also include suggestions for improving consistency between reporting requirements for financial and non-financial entities. The report shall be updated on a regular basis, where necessary.

12. For the purposes of this Article, Article 35(4) and Article 70(3), “other authorities” means any of the following authorities:

(a)

the ESRB;

(b)	the European Supervisory Authority (European Banking Authority);

(c)	the European Supervisory Authority (European Insurance and Occupational Pensions Authority);

(d)	competent authorities, as defined in Article 4, point (2), of Regulation (EU) No 1093/2010;

(e)	competent authorities, as defined in Article 4, point (2), of Regulation (EU) No 1094/2010;

(f)	competent authorities, as defined in Article 4, point (3), of this Regulation;

(g)	the authorities composing the Single supervisory mechanism, as defined in Article 2, point (9), of Council Regulation (EU) No 1024/2013 (*18);

(h)	the Single Resolution Board (SRB), as established by Regulation (EU) No 806/2014 of the European Parliament and of the Council (*19);

(i)	resolution authorities, such as those referred to in Article 3(3), of Directive 2014/59/EU of the European Parliament and of the Council (*20);

(j)	the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), as established by Regulation (EU) 2024/1620 of the European Parliament and of the Council (*21);

(k)	financial supervisors, as defined in Article 2, second subparagraph, point (1), of Directive (EU) 2024/1640 of the European Parliament and of the Council (*22).

For the purposes of this Article, “financial institution” means financial institution as defined in Article 2, point (a), of Regulation (EU) No 1092/2010.

Article 35b

Integrated reporting system

1. By 11 November 2030, the ESAs, through the Joint Committee and in close cooperation with the ESRB, the European Central Bank (ECB), AMLA, the SRB, the competent authorities and other relevant stakeholders shall prepare a report presenting options to enhance the efficiency of supervisory data collection in the Union. Building on the sectoral work of the ESAs to integrate reporting, that report shall provide a feasibility study, including an assessment of impacts, costs and benefits, of a cross-sectoral integrated reporting system and, based on that feasibility study, present a roadmap for the implementation.

The report referred to in the first subparagraph shall cover:

(a)	a common data dictionary, including a repository of reporting and disclosure requirements, ensuring consistency and clarity of reporting requirements and data standardisation; and

(b)	a data space for collecting and exchanging information.

(*16) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1, ELI: http://data.europa.eu/eli/reg/2016/679/oj)."

(*17) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj)."

(*18) Council Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions (OJ L 287, 29.10.2013, p. 63, ELI: http://data.europa.eu/eli/reg/2013/1024/oj)."

(*19) Regulation (EU) No 806/2014 of the European Parliament and of the Council of 15 July 2014 establishing uniform rules and a uniform procedure for the resolution of credit institutions and certain investment firms in the framework of a Single Resolution Mechanism and a Single Resolution Fund and amending Regulation (EU) No 1093/2010 (OJ L 225, 30.7.2014, p. 1, ELI: http://data.europa.eu/eli/reg/2014/806/oj)."

(*20) Directive 2014/59/EU of the European Parliament and of the Council of 15 May 2014 establishing a framework for the recovery and resolution of credit institutions and investment firms and amending Council Directive 82/891/EEC, and Directives 2001/24/EC, 2002/47/EC, 2004/25/EC, 2005/56/EC, 2007/36/EC, 2011/35/EU, 2012/30/EU and 2013/36/EU, and Regulations (EU) No 1093/2010 and (EU) No 648/2012, of the European Parliament and of the Council (OJ L 173, 12.6.2014, p. 190, ELI: http://data.europa.eu/eli/dir/2014/59/oj)."

(*21) Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010 (OJ L, 2024/1620, 19.6.2024, ELI: http://data.europa.eu/eli/reg/2024/1620/oj)."

(*22) Directive (EU) 2024/1640 of the European Parliament and of the Council of 31 May 2024 on the mechanisms to be put in place by Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Directive (EU) 2019/1937, and amending and repealing Directive (EU) 2015/849 (OJ L, 2024/1640, 19.6.2024, ELI: http://data.europa.eu/eli/dir/2024/1640/oj).’;"

(6)

in Article 54(2), the following indent is added:

‘—	reporting and disclosure requirements and the collection of information from financial market participants.’

;

(7)

in Article 70(3), the first subparagraph is replaced by the following:

Article 5

Amendments to Regulation (EU) No 806/2014

Regulation (EU) No 806/2014 is amended as follows:

(1)

the following article is inserted:

‘Article 31a

Exchange of information between authorities and with other entities

1. The Board shall share, on a regular or case-by-case basis, information that it obtained from financial institutions or the other authorities when carrying out its duties, and that stems from the application and implementation of Union law, with the other authorities upon request, provided that the requesting authority is entitled to obtain that information from financial institutions or the other authorities pursuant to Union law.

2. The Board shall request information from any of the other authorities that have obtained that information, instead of requesting it directly from financial institutions, provided that the Board is entitled to obtain that information pursuant to Union law.

The first subparagraph shall be without prejudice to the powers of the Board to obtain the requested information from financial institutions where the other authority is unable to share the information, where urgent action is needed or where obtaining the information directly from financial institutions is necessary for the performance of the Board’s tasks pursuant to Union law.

The requesting authority and the Board shall be subject to the obligations of professional secrecy and data protection laid down in Articles 88 and 89 and in sectoral legislation which apply to the sharing of information between the financial institution and the requesting authority and between the financial institution and the Board.

4. Where the Board exchanges information pursuant to paragraph 1, it shall, without undue delay, inform each authority from which it obtained the information or each financial institution, if the information was obtained from financial institutions directly, about the exchange. In the case of recurring or periodic exchanges of information, the Board shall be obliged to inform the financial institution or the authority from which it obtained the information only once.

5. By way of derogation from paragraph 4, the Board shall not be obliged to inform the authority or the financial institution, as applicable, about the exchange of information where either of the following conditions is met:

(a)	the information has been anonymised in such a manner that it no longer relates to any identified or identifiable natural person and that the financial institution or other legal entities are no longer identifiable; or

(b)

the information has been modified, aggregated or treated by any other method of disclosure control to protect confidential information, including trade secrets, and to protect personal data through appropriate technical and organisational measures in accordance with Regulations (EU) 2016/679 (*23) and (EU) 2018/1725 (*24) of the European Parliament and of the Council.

6. By way of derogation from paragraph 4, the Board shall not inform the financial institution about the exchange of information if it determines, or is informed by the requesting authority, that doing so could compromise supervisory or resolution proceedings, actions or investigations.

7. Paragraphs 1 to 6 shall also apply to information that the Board has received from a financial institution or the other authorities and upon which the Board has subsequently performed quality checks or which the Board has otherwise processed.

8. To facilitate exchanges of information as referred to in paragraphs 1 to 7, the Board and the other authorities may enter into memoranda of understanding regarding the arrangements for such exchanges. The memoranda of understanding may also specify arrangements for the sharing of resources for the collection and processing of shared information. The Commission may, after consulting the Board and the other authorities, develop guidance on the main elements of such memoranda of understanding.

9. Paragraphs 1 to 8 shall be without prejudice to the protection of intellectual property rights and shall not prevent or restrict the exchange of information between the Board and the other authorities in accordance with other provisions of this Regulation or with other Union legislation.

In the event of a conflict between this Article and other provisions of this Regulation or other Union legislation that govern the exchange of information between the Board and the other authorities, such other provisions shall prevail.

10. The Board and the resolution authorities may, at their own discretion, grant access to information obtained when carrying out their duties for re-use by financial institutions, researchers and other entities that have a legitimate interest in that information for research and innovation purposes, provided that the Board or the resolution authority granting access has ensured that all of the following conditions have been complied with:

(a)	the necessary measures have been taken to anonymise the information, in a manner that prevents individual financial institutions, entities, data subjects and, where it is the Board which grants access to the information, Member States from being identified;

(b)	the information has been modified, aggregated or treated by any other method of disclosure control to protect confidential information, including trade secrets or content covered by intellectual property rights.

Information received from any authority shall be shared pursuant to the first subparagraph only with the consent of the authority that initially obtained that information.

11. By 11 November 2027, the Board shall, in close cooperation with resolution authorities, report to the Commission on all legal obstacles in sectoral legislation that prevent them, in any way, from exchanging information with the other authorities or with other entities. The report may also address non-material, obsolete, duplicative or otherwise irrelevant reporting requirements. It may also include suggestions for improving consistency between reporting requirements for financial and non-financial entities. The report shall be updated on a regular basis, where necessary.

12. For the purposes of this Article, and Article 88(7), “other authorities” means any of the following authorities:

(a)

the ESRB;

(b)

the EBA;

(c)	the EIOPA;

(d)

the ESMA;

(e)	competent authorities, as defined in Article 4, point (2), of Regulation (EU) No 1093/2010, except for the national resolution authorities;

(f)	competent authorities, as defined in Article 4, point (2), of Regulation (EU) No 1094/2010;

(g)	competent authorities, as defined in Article 4, point (3), of Regulation (EU) No 1095/2010;

(h)	the authorities composing the Single supervisory mechanism, as defined in Article 2, point (9), of Regulation (EU) No 1024/2013;

(i)	the Authority for Anti-Money Laundering and Countering the Financing of Terrorism, as established by Regulation (EU) 2024/1620 of the European Parliament and of the Council (*25);

(j)	financial supervisors, as defined in Article 2, second subparagraph, point (1), of Directive (EU) 2024/1640 of the European Parliament and of the Council (*26).

For the purposes of this Article, “financial institution” means financial institution as defined in Article 2, point (a), of Regulation (EU) No 1092/2010.

(*23) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1, ELI: http://data.europa.eu/eli/reg/2016/679/oj)."

(*24) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj)."

(*25) Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010 (OJ L, 2024/1620, 19.6.2024, ELI: http://data.europa.eu/eli/reg/2024/1620/oj)."

(*26) Directive (EU) 2024/1640 of the European Parliament and of the Council of 31 May 2024 on the mechanisms to be put in place by Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Directive (EU) 2019/1937, and amending and repealing Directive (EU) 2015/849 (OJ L, 2024/1640, 19.6.2024, ELI: http://data.europa.eu/eli/dir/2024/1640/oj).’;"

(2)	in Article 88, the following paragraph is added: ‘7. This Article shall not prevent the Board from exchanging information with other authorities as defined in Article 31a(12).’.

Article 6

Amendment to Regulation (EU) 2021/523

In Article 28 of Regulation (EU) 2021/523, paragraph 4 is replaced by the following:

‘4. Once a year, each implementing partner shall submit a report to the Commission on the financing and investment operations covered by this Regulation, broken down by EU compartment and Member State compartment, as appropriate. Each implementing partner shall also submit information on the Member State compartment to the Member State whose compartment it implements. The report shall include an assessment of compliance with the requirements on the use of the EU guarantee and with the key performance indicators laid down in Annex III to this Regulation. The report shall also include operational, statistical, financial and accounting data on each financing or investment operation and an estimation of expected cash flows, at the level of compartment, policy window and the InvestEU Fund. The report from the EIB Group and, where appropriate, from other implementing partners, shall also include information on barriers to investment encountered when carrying out financing and investment operations covered by this Regulation. The reports shall contain the information the implementing partners have to provide under Article 158(1), point (a), of the Financial Regulation.’.

Article 7

Amendments to Regulation (EU) 2024/1620

Regulation (EU) 2024/1620 is amended as follows:

(1)

in Article 5(1), the following point is added:

‘(k)

assist the Commission in reviewing the application of the relevant regulatory and implementing technical standards adopted by the Commission, review the application of the guidelines and recommendations issued by the Authority and propose amendments, where appropriate, including amendments to:

(i)	remove redundant or obsolete reporting requirements and minimise costs while preserving data usability and quality;

(ii)	ensure proportionate and consistent reporting requirements; and

(iii)

address regulatory gaps related to reporting requirements.’

;

(2)	in Article 88, the following paragraph is inserted: ‘3a. This Article shall not prevent the Authority from exchanging information with other authorities as defined in Article 92a(12).’ ;

(3)

the following Article is inserted:

‘Article 92a

Exchange of information between authorities and with other entities

1. The Authority shall share, on a regular or case-by-case basis, information that it obtained from obliged entities or the other authorities when carrying out its duties, and that stems from the application and implementation of Union law, with the other authorities upon request, provided that the requesting authority is entitled to obtain that information from obliged entities or the other authorities pursuant to Union law.

2. The Authority shall request information from any of the other authorities that have obtained that information, instead of requesting it directly from obliged entities, provided that the Authority is entitled to obtain that information pursuant to Union law.

The first subparagraph of this paragraph shall be without prejudice to the powers of the Authority to obtain the requested information from obliged entities where the other authority is unable to share the information, where urgent action is needed or where obtaining information directly from obliged entities is necessary for the performance of the Authority’s tasks pursuant to Union law.

The requesting authority and the Authority shall be subject to the obligations of professional secrecy and data protection laid down in Articles 88 and 98 and in sectoral legislation which apply to the sharing of information between the obliged entity and the requesting authority and between the obliged entity and the Authority.

4. Where the Authority exchanges information pursuant to paragraph 1, it shall, without undue delay, inform each authority from which it obtained the information or each obliged entity if the information was obtained from obliged entities directly, about the exchange. In the case of recurring or periodic exchanges of information, the Authority shall be obliged to inform the obliged entity or the authority from which it obtained the information only once.

5. By way of derogation from paragraph 4, the Authority shall not be obliged to inform the authority or the obliged entity, as applicable, about the exchange of information where either of the following conditions is met:

(a)	the information has been anonymised in such a manner that it no longer relates to any identified or identifiable natural person and that the obliged entity or other legal entities are no longer identifiable; or

(b)

6. By way of derogation from paragraph 4, the Authority shall not inform the obliged entity about the exchange of information if it determines, or is informed by the requesting authority, that doing so could compromise supervisory or resolution proceedings, actions or investigations.

7. Paragraphs 1 to 6 shall also apply to information that the Authority has received from an obliged entity or the other authorities and upon which the Authority has subsequently performed quality checks or which the Authority has otherwise processed.

8. To facilitate exchanges of information as referred to in paragraphs 1 to 7, the Authority and the other authorities may enter into memoranda of understanding regarding the arrangements for such exchanges. The memoranda of understanding may also specify arrangements for the sharing of resources for the collection and processing of shared information. The Commission may after consulting the Authority and the other authorities, develop guidance on the main elements of such memoranda of understanding.

10. The Authority and the financial supervisors may, at their own discretion, grant access to information obtained when carrying out their duties for re-use by obliged entities, researchers and other entities that have a legitimate interest in that information for research and innovation purposes, provided that the Authority or the financial supervisors granting access have ensured that all of the following conditions have been complied with:

(a)	the necessary measures have been taken to anonymise the information, in a manner that prevents individual obliged entities, data subjects, and, where it is the Authority which grants access to the information, Member States from being identified;

(b)	the information has been modified, aggregated or treated by any other method of disclosure control to protect confidential information, including trade secrets or content covered by intellectual property rights;

Information received from any authority shall be shared pursuant to the first subparagraph only with the consent of the authority that initially obtained that information.

11. By 11 November 2027, the Authority shall, in close cooperation with the financial supervisors, report to the Commission on all legal obstacles in sectoral legislation that prevent them, in any way, from exchanging information with the other authorities or with other entities. The report may also address non-material, obsolete, duplicative or otherwise irrelevant reporting requirements. It may also include suggestions for improving consistency between reporting requirements for financial and non-financial entities. The report shall be updated on a regular basis, where necessary.

12. For the purposes of this Article, “other authorities” means any of the following authorities:

(a)	the European Systemic Risk Board, as established by Regulation (EU) No 1092/2010 of the European Parliament and of the Council (*27);

(b)

the EBA;

(c)	the EIOPA;

(d)

the ESMA;

(e)	competent authorities, as defined in Article 4, point (2), of Regulation (EU) No 1093/2010;

(f)	competent authorities, as defined in Article 4, point (2), of Regulation (EU) No 1094/2010;

(g)	competent authorities, as defined in Article 4, point (3), of Regulation (EU) No 1095/2010;

(h)	the authorities composing the Single supervisory mechanism, as defined in Article 2, point (9), of Regulation (EU) No 1024/2013;

(i)	the Single Resolution Board, as established by Regulation (EU) No 806/2014 of the European Parliament and of the Council (*28);

(j)	resolution authorities, such as those referred to in Article 3(3) of Directive 2014/59/EU.

(*27) Regulation (EU) No 1092/2010 of the European Parliament and of the Council of 24 November 2010 on European Union macro-prudential oversight of the financial system and establishing a European Systemic Risk Board (OJ L 331, 15.12.2010, p. 1, ELI: http://data.europa.eu/eli/reg/2010/1092/oj)."

(*28) Regulation (EU) No 806/2014 of the European Parliament and of the Council of 15 July 2014 establishing uniform rules and a uniform procedure for the resolution of credit institutions and certain investment firms in the framework of a Single Resolution Mechanism and a Single Resolution Fund and amending Regulation (EU) No 1093/2010 (OJ L 225, 30.7.2014, p. 1, ELI: http://data.europa.eu/eli/reg/2014/806/oj).’;"

(4)

in Article 55(1), the following subparagraphs are added:

‘In its opinions, the Authority may, where appropriate, address the functioning of legislative acts in force, including the appropriateness of removing any redundant or obsolete reporting requirements in Union law or in measures of national law transposing Union law.

Article 8

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Strasbourg, 8 October 2025.

For the European Parliament

The President

R. METSOLA

For the Council

The President

M. BJERRE

(1) OJ C, C/2024/5048, 16.8.2024, ELI: http://data.europa.eu/eli/C/2024/5048/oj.

(2) OJ C, C/2024/2485, 23.4.2024, ELI: http://data.europa.eu/eli/C/2024/2485/oj.

(3) Position of the European Parliament of 12 March 2024 (OJ C, C/2025/1021, 27.2.2025, ELI: http://data.europa.eu/eli/C/2025/1021/oj) and position of the Council at first reading of 8 July 2025 (not yet published in the Official Journal). Position of the European Parliament of 7 October 2025 (not yet published in the Official Journal).

(4) Regulation (EU) 2021/523 of the European Parliament and of the Council of 24 March 2021 establishing the InvestEU Programme and amending Regulation (EU) 2015/1017 (OJ L 107, 26.3.2021, p. 30, ELI: http://data.europa.eu/eli/reg/2021/523/oj).

(5) Regulation (EU) No 1092/2010 of the European Parliament and of the Council of 24 November 2010 on European Union macro-prudential oversight of the financial system and establishing a European Systemic Risk Board (OJ L 331, 15.12.2010, p. 1, ELI: http://data.europa.eu/eli/reg/2010/1092/oj).

(6) Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC (OJ L 331, 15.12.2010, p. 12, ELI: http://data.europa.eu/eli/reg/2010/1093/oj).

(7) Regulation (EU) No 1094/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Insurance and Occupational Pensions Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/79/EC (OJ L 331, 15.12.2010, p. 48, ELI: http://data.europa.eu/eli/reg/2010/1094/oj).

(8) Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84, ELI: http://data.europa.eu/eli/reg/2010/1095/oj).

(9) Regulation (EU) No 806/2014 of the European Parliament and of the Council of 15 July 2014 establishing uniform rules and a uniform procedure for the resolution of credit institutions and certain investment firms in the framework of a Single Resolution Mechanism and a Single Resolution Fund and amending Regulation (EU) No 1093/2010 (OJ L 225, 30.7.2014, p. 1, ELI: http://data.europa.eu/eli/reg/2014/806/oj).

(10) Regulation (EU) 2024/1620 of the European Parliament and of the Council of 31 May 2024 establishing the Authority for Anti-Money Laundering and Countering the Financing of Terrorism and amending Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010 (OJ L, 2024/1620, 19.6.2024, ELI: http://data.europa.eu/eli/reg/2024/1620/oj).

(11) Council Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions (OJ L 287, 29.10.2013, p. 63, ELI: http://data.europa.eu/eli/reg/2013/1024/oj).

(12) Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJ L 141, 5.6.2015, p. 73, ELI: http://data.europa.eu/eli/dir/2015/849/oj).

(13) Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act) (OJ L 152, 3.6.2022, p. 1, ELI: http://data.europa.eu/eli/reg/2022/868/oj).

ELI: http://data.europa.eu/eli/reg/2025/2088/oj

ISSN 1977-0677 (electronic edition)

Top

Choose the experimental features you want to try