information on the organisational structure of the applicant, including an organisational chart and a description of the human, technical and legal resources allocated to its business activities;

information on the compliance policies and procedures of the data reporting services provider, including:

a list of all outsourced functions and resources allocated to the control of the outsourced functions;

a description of the processes for selection, appointment, performance evaluation and removal of senior management and members of the management body;

a description of the reporting lines and the frequency of reporting to the senior management and the management body;

a description of the policies and procedures on access to documents by members of the management body.

name, date and place of birth, personal national identification number or an equivalent thereof, address and contact details;

the position for which the person is or will be appointed;

a curriculum vitae evidencing sufficient experience and knowledge to adequately perform the responsibilities;

criminal records, notably through an official certificate, or, where such a document is not available in the relevant Member State, a self-declaration of good repute and the authorisation to the competent authority to inquire whether the member has been convicted of any criminal offence in connection with the provision of financial or data services or in relation to acts of fraud or embezzlement;

a self-declaration of good repute and the authorisation to the competent authority to inquire whether the member:

An indication of the minimum time that is to be devoted to the performance of the person's functions within the data reporting services provider;

a declaration of any potential conflicts of interest that may exist or arise in performing the duties and how those conflicts are managed.

an inventory of existing and potential conflicts of interest, setting out their description, identification, prevention, management and disclosure;

the separation of duties and business functions within the data reporting services provider including:

a description of the fee policy for determining fees charged by the data reporting services provider and undertakings to which the data reporting services provider has close links;

a description of the remuneration policy for the members of the management body and senior management;

the rules regarding the acceptance of money, gifts or favours by staff of the data reporting services provider and its management body.

may realise a financial gain or avoid a financial loss, to the detriment of a client;

may have an interest in the outcome of a service provided to a client, which is distinct from the client's interest in that outcome;

may have an incentive to prioritise its own interests or the interest of another client or group of clients rather than the interests of a client to whom the service is provided;

receive or may receive from any person other than a client, in relation to the service provided to a client, an incentive in the form of money, goods or services, other than commission or fees received for the service.

that it assesses whether the third party service provider is carrying out outsourced activities effectively and in compliance with applicable laws and regulatory requirements and adequately addresses identified failures;

the identification of the risks in relation to outsourced activities and adequate periodic monitoring;

adequate control procedures with respect to outsourced activities, including effectively supervising the activities and their risks within the data reporting services provider;

adequate business continuity of outsourced activities;

the identification of the third party service provider;

the organisational measures and policies with respect to outsourcing and the risks posed by it as specified in paragraph 4;

internal or external reports on the outsourced activities.

the processes which are critical to ensuring the services of the data reporting services provider, including escalation procedures, relevant outsourced activities or dependencies on external providers;

specific continuity arrangements, covering an adequate range of possible scenarios, in the short and medium term, including system failures, natural disasters, communication disruptions, loss of key staff and inability to use the premises regularly used;

duplication of hardware components, allowing for failover to a back-up infrastructure, including network connectivity and communication channels;

back-up of business-critical data and up-to-date information of the necessary contacts, ensuring communication within the data reporting services provider and with clients;

the procedures for moving to and operating data reporting services from a back-up site;

the target maximum recovery time for critical functions, which shall be as short as possible and in any case no longer than six hours in the case of approved publication arrangements (APAs) and consolidated tape providers (CTPs) and until the close of business of the next working day in the case of approved reporting mechanisms (ARMs);

staff training on the operation of the business continuity arrangements, individuals' roles including specific security operations personnel ready to react immediately to a disruption of services;

the operation of the IT systems satisfies the data reporting services provider's regulatory obligations;

compliance and risk management controls embedded in IT systems work as intended;

the IT systems can continue to work effectively at all times.

have sufficient capacity to perform its functions without outages or failures, including missing or incorrect data;

have sufficient scalability to accommodate without undue delay any increase in the amount of information to be processed and in the number of access requests from its clients.

protect its IT systems from misuse or unauthorised access;

minimise the risks of attacks against the information systems as defined in Article 2(a) of Directive 2013/40/EU of the European Parliament and of the Council ( 1 );

prevent unauthorised disclosure of confidential information;

ensure the security and integrity of the data.

the competent authority of its home Member State and provide an incident report, indicating the nature of the incident, the measures adopted to cope with the incident and the initiatives taken to prevent similar incidents;

its clients that have been affected by the security breach.

the sector and the segment in which the financial instrument is traded;

liquidity levels, including historical trading levels;

appropriate price and volume benchmarks;

if needed, other parameters according to the characteristics of the financial instrument.

provision of pre-trade transparency data;

provision of historical data;

provision of reference data;

provision of research;

processing, distribution and marketing of data and statistics on financial instruments, trading venues, and other market-related data;

design, management, maintenance and marketing of software, hardware and networks in relation to the transmission of data and information.

it is in an electronic format designed to be directly and automatically read by a computer;

it is stored in an appropriate IT architecture in accordance with Article 8(7) that enables automatic access;

it is robust enough to ensure continuity and regularity in the performance of the services provided and ensures adequate access in terms of speed;

it can be accessed, read, used and copied by computer software that is free of charge and publicly available.

make instructions available to the public, explaining how and where to easily access and use the data, including identification of the electronic format;

make public any changes to the instructions referred to in point (a) at least three months before they come into effect, unless there is an urgent and duly justified need for changes in instructions to take effect more quickly;

include a link to the instructions referred to in point (a) on the homepage of their website.

bonds, excluding exchange traded commodities (ETCs) and exchange traded notes (ETNs);

ETC and ETNs bond types;

structured finance products;

securitised derivatives;

interest rate derivatives;

foreign exchange derivatives;

equity derivatives;

commodity derivatives;

credit derivatives;

contracts for differences;

C10 derivatives;

emission allowance derivatives;

emission allowances.

the number of transactions published by a CTP in an asset class listed in paragraph 1 represents at least 80 % of the total number of transactions in the relevant asset class published in the Union by all APAs and all trading venues during the assessment period referred to in paragraph 3;

the volume of transactions published by a CTP in an asset class listed in paragraph 1 represents at least 80 % of the total volume of transactions in the relevant asset class published in the Union by all APAs and all trading venues during the assessment period referred to in paragraph 3.

31 January of the calendar year following the period covering 1 January to 30 June;

31 July of the calendar year following the period covering 1 July to 31 December.

to certify that it only reports transactions in a particular financial instrument through that APA;

to use an identification mechanism which flags one report as the original one (‘ORGN’), and all other reports of the same transaction as duplicates (‘DUPL’).

for transactions executed in respect of shares, depositary receipts, exchange-traded funds (ETFs), certificates and other similar financial instruments, the details of a transaction specified in Table 2 of Annex I to Delegated Regulation (EU) 2017/587 and, use the appropriate flags listed in Table 3 of Annex I to Delegated Regulation (EU) 2017/587;

for transactions executed in respect of bonds, structured finance products, emission allowances and derivatives the details of a transaction specified in Table 1 of Annex II to Delegated Regulation (EU) 2017/583 and use the appropriate flags listed in Table 2 of Annex II to Delegated Regulation (EU) 2017/583.