Access to European Union law
<a href="https://eur-lex.europa.eu/content/help/eurlex-content/experimental-features.html" target="_blank">More about the experimental features corner</a>
Choose the experimental features you want to try
EUR-Lex
Access to European Union law

This document is an excerpt from the EUR-Lex website

You are here
Use quotation marks to search for an "exact phrase". Append an asterisk (*) to a search term to find variations of it (transp*, 32019R*). Use a question mark (?) instead of a single character in your search term to find variations of it (ca?e finds case, cane, care).
Search tips
Need more search options? Use the Advanced search

Document 02023R2859-20240725

    Consolidated text: Regulation (EU) 2023/2859 of the European Parliament and of the Council of 13 December 2023 establishing a European single access point providing centralised access to publicly available information of relevance to financial services, capital markets and sustainability (Text with EEA relevance)

    Access initial legal act
    (

    Legal status of the document In force

    )

    ELI: http://data.europa.eu/eli/reg/2023/2859/2024-07-25

    02023R2859 — EN — 25.07.2024 — 001.001

    This text is meant purely as a documentation tool and has no legal effect. The Union's institutions do not assume any liability for its contents. The authentic versions of the relevant acts, including their preambles, are those published in the Official Journal of the European Union and available in EUR-Lex. Those official texts are directly accessible through the links embedded in this document

    ►B

    REGULATION (EU) 2023/2859 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

    of 13 December 2023

    establishing a European single access point providing centralised access to publicly available information of relevance to financial services, capital markets and sustainability

    (Text with EEA relevance)

    (OJ L 2859 20.12.2023, p. 1)

    Amended by:

     

     

    Official Journal

      No

    page

    date

    ►M1

    DIRECTIVE (EU) 2024/1760 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL  of 13 June 2024

      L 1760

    1

    5.7.2024



    ▼B

    REGULATION (EU) 2023/2859 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

    of 13 December 2023

    establishing a European single access point providing centralised access to publicly available information of relevance to financial services, capital markets and sustainability

    (Text with EEA relevance)



    Article 1

    The European single access point

    1.  

    By 10 July 2027, ESMA shall establish and operate a European single access point (ESAP) providing centralised electronic access to the following information:

    (a) 

    information made public pursuant to the Union legislative acts listed in the Annex or pursuant to any further legally binding Union acts that provide for centralised electronic access to information on ESAP;

    (b) 

    information that any entity governed by the law of a Member State chooses to make accessible on ESAP on a voluntary basis, in accordance with Article 3(1), and that is referred to in the Union legislative acts listed in the Annex or in any further legally binding Union acts that provide for centralised electronic access to information on ESAP.

    2.  
    The information referred to in paragraph 1, point (a), of this Article shall not be submitted to collection bodies for the purpose of being made accessible on ESAP before the date of application of the requirement to submit that information as provided for in the Union legislative acts listed in the Annex or in any further legally binding Union acts that provide for centralised electronic access to information on ESAP.
    3.  
    Collection bodies that are Union bodies, offices or agencies may make available to ESAP historical information starting from the date of application of the requirement to submit the information to ESAP as provided for in the Union legislative acts listed in the Annex or in any further legally binding Union acts that provide for centralised electronic access to information on ESAP.

    Article 2

    Definitions

    For the purposes of this Regulation, the following definitions apply:

    (1) 

    ‘entity’ means any natural or legal person:

    (a) 

    that is required to submit the information referred to in Article 1(1), point (a), to a collection body; or

    (b) 

    that submits information to a collection body on a voluntary basis pursuant to Article 1(1), point (b), in order for that information to be made accessible on ESAP;

    (2) 

    ‘collection body’ means a Union body, office or agency or national body, authority or register designated as such pursuant to any of the Union legislative acts under Article 1(1), point (a), or designated as such by a Member State in accordance with Article 3(2);

    (3) 

    ‘data extractable format’ means any open format as defined in Article 2, point (14), of Directive (EU) 2019/1024 that is widely used or required by law, that allows data extraction by a machine and that is human-readable;

    (4) 

    ‘machine-readable format’ means a machine-readable format as defined in Article 2, point (13), of Directive (EU) 2019/1024;

    (5) 

    ‘qualified electronic seal’ means a qualified electronic seal as defined in Article 3, point (27), of Regulation (EU) No 910/2014;

    (6) 

    ‘application programming interface’ or ‘API’ means a set of functions, procedures, definitions and protocols for machine-to-machine communication and the seamless exchange of data;

    (7) 

    ‘metadata’ means structured information that makes it easier to retrieve, use or manage an information resource, including by describing, explaining or locating the source of that information;

    (8) 

    ‘personal data’ means personal data as defined in Article 4, point (1), of Regulation (EU) 2016/679;

    (9) 

    ‘historical information’ means the information referred to in Article 1(1), point (a), that was made public no earlier than five years before the date of application of the requirement to submit that information to ESAP;

    (10) 

    ‘Joint Committee’ means the committee referred to in Article 54 of Regulation (EU) No 1093/2010, Article 54 of Regulation (EU) No 1094/2010 and Article 54 of Regulation (EU) No 1095/2010.

    Article 3

    Voluntary submission of information

    1.  
    From 10 January 2030, an entity may submit the information referred to in Article 1(1), point (b), to the collection body in the Member State where the entity has its registered office for the purpose of making that information accessible on ESAP.

    When submitting such information to the collection body, the entity shall:

    (a) 

    ensure that the information is accompanied by metadata specifying that the information is made accessible on ESAP on a voluntary basis;

    (b) 

    ensure that the information is accompanied by metadata specifying whether the information contains personal data;

    (c) 

    ensure that the information is accompanied by the metadata necessary for the functioning of the ESAP search function referred in Article 7(3);

    (d) 

    use a data extractable format for submitting the information;

    (e) 

    ensure that the information submitted falls within the scope of Article 1(1), point (b);

    (f) 

    ensure that no personal data are included in the information, except where the personal data are required by Union or national law or constitute a necessary element of the information about the entity’s economic activities.

    2.  
    By 9 January 2030, each Member State shall designate at least one collection body for the collection of information submitted on a voluntary basis and notify ESMA thereof.
    3.  

    The European Supervisory Authorities established by Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010 of the European Parliament and of the Council (collectively, the ‘ESAs’) shall, through the Joint Committee, develop draft implementing technical standards to specify the following:

    (a) 

    the metadata to accompany the information submitted in accordance with paragraph 1;

    (b) 

    where applicable, the specific formats or templates to be used for submitting the information in accordance with paragraph 1.

    4.  
    When developing the implementing technical standards referred to in paragraph 3, the ESAs shall take into consideration any standards that already exist in the corresponding sectoral Union legislative acts and, in particular, any standards specifically designed for SMEs.

    The ESAs shall submit the draft implementing technical standards to the Commission by 10 January 2028.

    Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph of this paragraph in accordance with Article 15 of Regulation (EU) No 1093/2010, Article 15 of Regulation (EU) No 1094/2010 and Article 15 of Regulation (EU) No 1095/2010.

    The ESAs, through the Joint Committee, shall adopt guidelines for entities to ensure that the metadata submitted is correct, including the conditions for the inclusion of personal data in voluntary submissions.

    5.  
    Where the information referred to in paragraph 1 contains personal data, entities shall ensure that any processing of those data is based on one of the lawful grounds for processing listed in Article 6(1) of Regulation (EU) 2016/679. This Regulation does not create a legal basis for the processing of personal data.

    Article 4

    List of the collection bodies

    ESMA shall publish a list of the collection bodies, containing the uniform resource locator of each collection body, on the web portal referred to in Article 7(1), point (a).

    ESMA shall ensure that that list is kept up-to-date and shall notify the Commission of any changes thereto.

    Article 5

    Tasks of the collection bodies and responsibilities of entities

    1.  

    The collection bodies shall do the following:

    (a) 

    collect the information submitted by entities;

    (b) 

    store the information submitted by entities or generated by the collection bodies themselves and, where relevant, rely on existing procedures and infrastructure in place for the storage of information;

    (c) 

    perform technical automated validations in respect of the information submitted by entities to verify whether the information complies with the following:

    (i) 

    it has been submitted using a data extractable format or, where appropriate, the machine-readable format specified in any of the Union legislative acts under Article 1(1), point (a), pursuant to which the information is submitted;

    (ii) 

    the metadata for the information, as specified pursuant to paragraph 10, point (e), of this Article and, where applicable, Article 3(1), point (a), is available and complete;

    (iii) 

    it is accompanied by a qualified electronic seal, where required;

    (d) 

    not impose conditions on the use and re-use of the information accessible on ESAP, other than conditions that correspond to those laid down in open standard licences as referred to in Article 9;

    (e) 

    implement the API and provide ESAP, free of charge and within the applicable time limits, with the information, the metadata for that information and, where required, the qualified electronic seal;

    (f) 

    insofar as it falls within the technical competence of the collection body, provide assistance to the entities submitting the information in relation to, at least, the submission, rejection and resubmission process;

    (g) 

    ensure that the information referred to in Article 1(1) remains available to ESAP for at least 10 years, unless otherwise provided in the Union legislative acts under Article 1(1), point (a).

    For the purposes of point (g) of the first subparagraph of this paragraph, and in accordance with Regulations (EU) 2016/679 and (EU) No 2018/1725, the collection bodies shall take the appropriate technical and organisational measures to ensure that, where the metadata accompanying the submitted information refers to any personal data, that information is not retained for the purpose of being made available to ESAP, nor made accessible on ESAP, for longer than five years, unless otherwise provided in the Union legislative acts under Article 1(1), point (a), of this Regulation.

    2.  
    The collection bodies may reject information submitted by entities where the information is manifestly inappropriate, abusive or outside the scope of the information referred to in Article 1(1).

    The collection bodies shall remove information made accessible on ESAP that they determine to be manifestly inappropriate, abusive or outside the scope of the information referred to in Article 1(1).

    3.  
    The collection bodies shall reject information submitted by entities where the automated validations referred to in paragraph 1, point (c), of this Article reveal that the information does not comply with the requirements laid down in that point or, where relevant, on the basis of notifications received pursuant to Article 10(2).
    4.  
    The collection bodies shall notify entities of the rejection or the removal of information and the reasons therefor, within a reasonable timeframe.
    5.  
    Where the information submitted by an entity pursuant to Article 1(1), point (a), is rejected or removed by a collection body, that entity shall rectify and resubmit the information without undue delay. The collection body shall notify ESMA where information is rejected, removed or replaced pursuant to paragraph 2 of this Article.

    Entities may choose to submit information only once and to one collection body only. The submission and any re-submission of information, together with the relevant accompanying metadata, shall be made to the same collection body.

    6.  
    Entities shall be responsible for the completeness and accuracy of the information in the language in which it is submitted, as well as for the relevant accompanying metadata they submit to the collection bodies. In particular, entities shall be responsible for the identification of the inclusion of personal data in the information that they submit to the collection body together with the relevant accompanying metadata indicating whether the information contains personal data.
    7.  
    As regards the information within the scope of this Regulation, the collection bodies shall not exercise the right of the maker of a database, referred to in Article 7(1) of Directive 96/9/EC of the European Parliament and of the Council ( 1 ), or any other intellectual property rights in a way that prevents or restricts the use and re-use of the contents of the database pursuant to Article 9 of this Regulation.
    8.  
    A collection body may delegate the tasks referred to in paragraph 1, points (a), (b), (c), (e), (f), (g) and paragraphs 3 and 4 to a legal person governed by the law of a Member State or to a Union body, office or agency (the ‘delegatee’). Any delegation of tasks shall take the form of a written agreement specifying the tasks to be delegated and the conditions under which they are to be carried out (‘delegation agreement’).

    The conditions set out in the delegation agreement shall ensure that:

    (a) 

    the delegatee has no conflict of interest;

    (b) 

    the delegatee does not use the information obtained improperly or in an anti-competitive manner or for a purpose other than the one stated in the delegation agreement;

    (c) 

    the delegatee ensures the protection of the information in accordance with Article 6 in relation to the delegated tasks;

    (d) 

    the delegatee regularly informs the collection body regarding its overall performance of the delegated tasks;

    (e) 

    without undue delay, the delegatee informs the collection body of any failure to perform a delegated task.

    The collection body shall remain responsible for any tasks that it delegates, including making available to ESMA any information needed by ESMA regarding a delegated task.

    The collection body’s liability shall not be affected by the fact that the collection body has delegated tasks to a third party. The collection body shall not delegate its tasks to such an extent that it can no longer be considered a collection body.

    The collection body shall ensure that any delegation of tasks is exercised in a cost-efficient manner and that, as far as possible, the delegation is used to allow existing collection procedures and infrastructure to continue to apply for the purposes of ESAP.

    The collection body shall notify ESMA of any delegation agreement it concludes.

    9.  
    The collection bodies shall ensure appropriate levels of authenticity, availability, integrity and non-repudiation of the information submitted by entities to be made accessible on ESAP. For the purposes of ensuring those levels, Member States may permit the collection bodies to require that the information that is submitted by entities to be made accessible on ESAP be accompanied by a qualified electronic seal.
    10.  

    The ESAs, through the Joint Committee, shall develop draft implementing technical standards specifying the following:

    (a) 

    how the technical automated validations referred to in paragraph 1, point (c), of this Article are to be performed for each type of information submitted by entities;

    (b) 

    the characteristics of the qualified electronic seal referred to in paragraph 1, point (c)(iii), of this Article and in paragraph 9 of this Article;

    (c) 

    the open standard licences referred to in paragraph 1, point (d), of this Article;

    (d) 

    the characteristics of the API to be implemented pursuant to paragraph 1, point (e), of this Article;

    (e) 

    the characteristics of the metadata necessary for the ESAP search function referred to in Article 7(3), metadata referred to in paragraph 6 of this Article and any other metadata necessary for the functioning of ESAP;

    (f) 

    the time limits referred to in paragraph 1, point (e), of this Article;

    (g) 

    the indicative list and characteristics of formats that are acceptable as data extractable formats and as machine-readable formats as referred to in paragraph 1, point (c)(i), of this Article.

    11.  
    When developing the draft implementing technical standards referred to in paragraph 10, the ESAs shall take into consideration any standards that already exist in the corresponding sectoral Union legislative acts and in particular the standards specifically designed for SMEs.

    The ESAs shall submit those draft implementing technical standards to the Commission by 10 September 2024.

    Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph of this paragraph in accordance with Article 15 of Regulation (EU) No 1093/2010, Article 15 of Regulation (EU) No 1094/2010 and Article 15 of Regulation (EU) No 1095/2010.

    12.  

    Collection bodies that are Union bodies, offices or agencies that make historical information available to ESAP in accordance with Article 1(3) shall do the following:

    (a) 

    prepare that information in a data extractable format;

    (b) 

    accompany that information by metadata specifying the following:

    (i) 

    the names of the entity;

    (ii) 

    the type of information, as classified pursuant to Article 7(4), point (c);

    (iii) 

    where available, the legal entity identifier of the entity, as specified pursuant to Article 7(4), point (b);

    (c) 

    specify that the information is historical information.

    By way of derogation from paragraph 1, point (g), of this Article, historical information shall not be made accessible on ESAP for longer than five years.

    Article 6

    Cybersecurity

    ESMA shall put in place an effective and proportionate IT security policy for ESAP and shall ensure appropriate levels of authenticity, availability, integrity and non-repudiation of the information made accessible on ESAP and of the protection of personal data. ESMA may carry out periodic reviews of the IT security policy and the cybersecurity situation of ESAP in the light of evolving international and Union cybersecurity trends and latest developments.

    Article 7

    Functionalities of ESAP

    1.  

    ESMA shall ensure that ESAP has at least the following functionalities:

    (a) 

    a web portal with a user-friendly interface, which takes into account the access needs of persons with disabilities, to provide access to the information on ESAP in all official languages of the Union;

    (b) 

    an API enabling easy access to the information on ESAP;

    (c) 

    a search function in all official languages of the Union;

    (d) 

    an information viewer;

    (e) 

    a machine translation service for the information retrieved;

    (f) 

    a download service, including for the download of large quantities of data;

    (g) 

    a notification service informing users of any new information on ESAP;

    (h) 

    the presentation of information submitted on a voluntary basis pursuant to Article 1(1), point (b), in such a manner that:

    (i) 

    it can be clearly distinguished from information submitted on a mandatory basis pursuant to Article 1(1), point (a);

    (ii) 

    where applicable, users are informed that the information does not necessarily meet all the requirements for information submitted on a mandatory basis pursuant to Article 1(1), point (a), and will not necessarily be updated over time.

    2.  
    ESMA shall ensure that ESAP provides for the functionalities referred to in paragraph 1, points (e) and (g), by 10 July 2028. ESMA shall ensure that ESAP provides for the functionalities referred to in paragraph 1, point (h), by 9 January 2030.
    3.  

    The search function referred to in paragraph 1, point (c), of this Article shall allow for a search on the basis of the following metadata:

    (a) 

    the names of the entity that submitted the information and of the natural or legal person to which the information relates;

    (b) 

    the legal entity identifier of the entity that submitted the information and of the legal person to which the information relates;

    (c) 

    the type of information, as referred to in Article 1(1), submitted by the entity and whether such information was submitted on a mandatory basis under Article 1(1), point (a), or on a voluntary basis under point (b) of that paragraph;

    (d) 

    the date and time when the information was submitted by the entity to the collection body;

    (e) 

    the date or period to which the information relates;

    (f) 

    the size of the entity by category that submitted the information and of the legal person to which the information relates;

    (g) 

    the country of the registered office of the legal person to which the information relates;

    (h) 

    the industry sector(s) of the economic activities of the natural or legal person to which the information relates;

    (i) 

    the collection body responsible for the collection of the information;

    (j) 

    the language in which the information was submitted.

    4.  

    The ESAs, through the Joint Committee, shall develop draft implementing technical standards specifying the following:

    (a) 

    the characteristics of the API referred to in paragraph 1, point (b);

    (b) 

    the specific legal entity identifier referred to in paragraph 3, point (b);

    (c) 

    the classification of the types of information referred to in paragraph 3, point (c);

    (d) 

    the categories of the size of the entities referred to in paragraph 3, point (f);

    (e) 

    the characterisation of industry sectors referred to in paragraph 3, point (h).

    The ESAs shall submit those draft implementing technical standards to the Commission by 10 September 2024.

    Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph of this paragraph in accordance with Article 15 of Regulation (EU) No 1093/2010, Article 15 of Regulation (EU) No 1094/2010 and Article 15 of Regulation (EU) No 1095/2010.

    Article 8

    Access to information on ESAP

    1.  
    In order to promote transparency and the smooth functioning of Union capital markets, ESMA shall ensure that access to information on ESAP is provided on a non-discriminatory basis and that users have direct and immediate access free of charge to the information on ESAP.
    2.  
    ESMA shall, however, charge fees for specific services with high maintenance and support costs or that involve searches for and downloads of large volumes of information. Those fees shall not exceed the direct costs incurred by ESMA for the provision of those services. The fees collected for those services shall be allocated to the overall functioning of ESAP.
    3.  
    ESMA may require users of the services for which ESMA charges fees, as referred to in paragraph 2, to complete a digital declaration.
    4.  

    Notwithstanding paragraph 2, ESMA shall allow the following entities to have direct and immediate access to the information on ESAP free of charge to the extent necessary for those entities to fulfil their respective responsibilities, mandates and obligations:

    (a) 

    any Union institution, body, office or agency;

    (b) 

    any competent authority designated by a Member State pursuant to a Union legislative act;

    (c) 

    any member of the European Statistical System as defined in Article 4 of Regulation (EC) No 223/2009 of the European Parliament and of the Council ( 2 );

    (d) 

    any member of the European System of Central Banks;

    (e) 

    the resolution authorities designated under Article 3 of Directive 2014/59/EU of the European Parliament and the Council ( 3 );

    (f) 

    any governmental institution, body or agency of a Member State;

    (g) 

    any educational and training establishment for the sole purposes of research, academia, news organisations and non-governmental organisations insofar as access to the information is necessary in the performance of their tasks;

    (h) 

    entities providing and using information on ESAP to fulfil their regulatory obligations.

    5.  
    For the purposes of paragraph 2, ESMA shall develop draft implementing technical standards to determine the nature and extent of the specific services for which fees may be charged and to determine the associated fee structure.

    ESMA shall submit those draft implementing technical standards to the Commission.

    Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph of this paragraph in accordance with Article 15 of Regulation (EU) No 1095/2010.

    6.  
    ESMA shall publish and make easily accessible on the ESAP website the fee structure, the volume thresholds, if relevant, and the rates. ESMA shall review the volume thresholds and the rates on an annual basis.

    Article 9

    Use and re-use of information accessible on ESAP

    1.  
    Neither ESMA nor the collection bodies shall bear any liability for the access, use or re-use of information submitted by entities to the collection bodies and made accessible on ESAP.
    2.  
    Personal data accessible on ESAP shall be used and re-used in accordance with Regulation (EU) 2016/679. Any personal data that is re-used shall not be retained for longer than necessary and in any event for no longer than five years, unless otherwise provided in Union legislative acts under Article 1(1), point (a), of this Regulation.
    3.  

    ESMA shall ensure that the use and re-use of information accessible on ESAP is not subject to any conditions unless those conditions fulfil the following requirements:

    (a) 

    they are objective and non-discriminatory;

    (b) 

    they are justified on the grounds of a public interest objective;

    (c) 

    where appropriate, depending on the type of information, they correspond to the conditions laid down in open standard licences within the meaning of Article 2, point (5), of Directive (EU) 2019/1024, and allow the free use, modification and sharing of that information by anyone and for any purpose.

    4.  
    The use and re-use for regulatory and non-commercial purposes of the information made accessible on ESAP shall not be limited by entities submitting their information for publication on the basis of a sui generis right referred to in Article 7(1) of Directive 96/9/EC.

    Article 10

    Quality of the information

    1.  
    ESMA shall perform automated validations to verify whether all information provided to ESAP by the collection bodies complies with the requirements laid down in Article 5(1), point (c).

    Where the information provided by the collection body was submitted by an entity, ESMA may perform the automated validations on the basis of samples. Such automated validations shall not differ from those carried out by the collection bodies pursuant to Article 5(1), point (c).

    2.  
    ESMA shall implement appropriate technical processes to automatically notify a collection body in cases where the information provided does not comply with the requirements laid down in Article 5(1), point (c). In cases of non-compliance with those requirements, entities shall bear the responsibility for the information. The collection body shall notify the entity in cases where the information has been rejected and the reasons for that rejection in accordance with Article 5(4).
    3.  
    ESMA may perform additional data quality, integrity and proof of origin checks. On the basis of the results of those checks, ESMA may notify the collection bodies of deficiencies identified and suspend making information accessible on ESAP.

    Article 11

    Tasks of ESMA

    1.  

    ESMA shall, in close cooperation with EBA and EIOPA do the following:

    (a) 

    ensure that the information provided by the collection bodies, following submission by the entities, is made accessible without undue delay on ESAP;

    (b) 

    provide service support to the collection bodies;

    (c) 

    ensure that ESAP is accessible for at least 97 % of the time per month, excluding cases of scheduled maintenance, content updates and page upgrades, in which case a clear notice is to be given to users indicating the likely duration of the interruption of services provided by ESAP;

    (d) 

    consult, as appropriate, with the collection bodies to address common issues and common principles of conduct, and in particular to discuss:

    (i) 

    the daily management of ESAP;

    (ii) 

    the development and implementation of a quality policy and, where appropriate, of service level agreements between ESMA and the collection bodies;

    (iii) 

    the funding conditions of ESAP, including the situations in which fees may be charged and the calculation of those fees;

    (iv) 

    existing and potential threats in relation to cybersecurity;

    (v) 

    the implementation and functioning of ESAP in relation to any delegation of tasks in accordance with Article 5(8);

    (e) 

    monitor the implementation and functioning of ESAP and report annually thereon to the Commission, as specified in Article 12.

    2.  
    For the purposes of paragraph 1 of this Article, ESMA shall ensure, through the establishment of an ad hoc task force, group or committee, as appropriate, that experts and relevant stakeholders are consulted to provide advice and support on the technical implementation of ESAP. In addition, ESMA may consult the Securities and Markets Stakeholders Group referred to in Article 37 of Regulation (EU) No 1095/2010.
    3.  
    Unless necessary for the purpose of facilitating access to the information provided by the collection bodies and implementing the requirements of this Regulation, ESMA shall not store information containing personal data except for automatic, intermediate and transient processing. ESMA shall take the appropriate technical and organisational measures to ensure that personal data processing via ESAP is carried out in accordance with Regulation (EU) 2018/1725 and that information containing personal data is not retained or made available any longer than as provided for in Article 5(1), point (g).
    4.  
    ESMA shall ensure that personal data processing complies with the legal framework for the protection of personal data processed by Union institutions, bodies, offices and agencies.

    Article 12

    Monitoring the implementation and functioning of ESAP

    1.  
    ESMA, in close cooperation with EBA and EIOPA, shall monitor the functioning of ESAP based on at least the qualitative and quantitative indicators laid down in paragraph 2, and shall publish and submit to the European Parliament and to the Council an annual report on the functioning of ESAP.
    2.  

    The qualitative and quantitative indicators referred to in paragraph 1 are the following:

    (a) 

    the number of visitors, searches and downloads;

    (b) 

    the types of information viewed and downloaded by percentage;

    (c) 

    the fees referred to in Article 8(2) and amounts charged by ESMA;

    (d) 

    the percentage of searches that lead to a view or a download per type of information and access;

    (e) 

    the amount and percentage of machine-readable information accessible on ESAP and the amount and percentage of machine-readable views and downloads;

    (f) 

    the proportion of notifications pursuant to the automated validations referred to in Article 10(2);

    (g) 

    any significant malfunction or incident affecting the operation or overall performance of ESAP;

    (h) 

    an assessment of the accessibility, quality, usability, reliability and timeliness of the information on ESAP;

    (i) 

    an assessment of whether ESAP meets its objectives, taking into account the evolution of its use and information flows within the Union;

    (j) 

    an assessment of end-user satisfaction;

    (k) 

    a comparison with similar systems in third countries.

    3.  
    Before submitting the report referred to in paragraph 1 of this Article, ESMA shall consult the ad hoc task force, group or committee to be established pursuant to Article 11(2) of this Regulation and it may consult the Securities and Markets Stakeholder Group referred to in Article 37 of Regulation (EU) No 1095/2010.

    Article 13

    Review

    1.  
    By 10 January 2029 the Commission shall, in close cooperation with ESMA, and taking into account the annual reports referred to in Article 12, submit a report to the European Parliament and to the Council on the implementation, functioning and effectiveness of ESAP.
    2.  

    The report referred to in paragraph 1 shall address the following:

    (a) 

    the technical challenges faced by entities and by the collection bodies during the implementation of ESAP;

    (b) 

    the effectiveness of the information collection and transmission system for ESAP purposes;

    (c) 

    the operational resilience of ESAP against ICT risks and the reliability of the information made accessible on ESAP, including by means of qualified electronic seals;

    (d) 

    the costs incurred by entities and by the collection bodies, including an assessment of whether the collection bodies which are competent authorities have increased their supervisory fees as a result of the costs incurred because of ESAP;

    (e) 

    the costs incurred by ESMA as the operator of ESAP and the funding scheme of ESAP;

    (f) 

    the impact of ESAP on public access to entities’ information in the area of financial services, capital markets and sustainability;

    (g) 

    the impact of ESAP on entities’ visibility to cross-border investors, including the visibility of SMEs;

    (h) 

    the impact of ESAP on the market position of private data providers in the Union;

    (i) 

    the interoperability of ESAP with similar global platforms;

    (j) 

    the implementation and functioning of ESAP in relation to delegation of tasks in accordance with Article 5(8).

    3.  
    Taking into account the added value, technical challenges and expected costs, the report referred to in paragraph 1 shall include a cost-benefit analysis linked to future inclusion within the scope of this Regulation of possibly relevant information that is not yet accessible on ESAP at the time when the report is drawn up, thus resulting in a data gap.

    The report shall also include recommendations on the future development of ESAP.

    4.  
    The Commission shall adopt a delegated act in accordance with Article 14 amending the Union legislative acts referred to in the second subparagraph of this paragraph in order to postpone the inclusion on ESAP of information for which submission to ESAP is not yet required or permitted pursuant to Article 1(1), point (a), by a maximum of 36 months if the Commission concludes in the report referred to in paragraph 1 of this Article that there is evidence of severe and pervasive difficulties as regards the elements listed in paragraph 2, points (a) and (b), of this Article.

    The Union legislative acts referred to in the first subparagraph of this paragraph shall comprise the following:

    — 
    Regulation (EU) No 575/2013 (Article 434b);
    — 
    Regulation (EU) No 537/2014 (Article 13a);
    — 
    Regulation (EU) No 600/2014 (Article 23a);
    — 
    Regulation (EU) 2015/760 (Article 25a);
    — 
    Regulation (EU) 2015/2365 (Article 32a);
    — 
    Regulation (EU) 2017/1131 (Article 37a);
    — 
    Regulation (EU) 2019/2033 (Article 46a);
    — 
    Regulation (EU) 2023/1114 (Article 110a);
    — 
    Regulation (EU) 2023/2631 (Article 15a);
    — 
    Directive 2002/87/EC (Article 30b);
    — 
    Directive 2004/25/EC (Article 16a);
    — 
    Directive 2006/43/EC (Article 20a);
    — 
    Directive 2007/36/EC (Article 14c);
    — 
    Directive 2009/138/EC (Article 304b);
    — 
    Directive 2011/61/EU (Article 69b);
    — 
    Directive 2013/36/EU (Article 116a);
    — 
    Directive 2014/59/EU (Article 128a);
    — 
    Directive 2014/65/EU (Article 87a);
    — 
    Directive (EU) 2016/97 (Article 40a);
    — 
    Directive (EU) 2016/2341 (Article 63a);
    — 
    Directive (EU) 2019/2034 (Article 44a);
    — 
    Directive (EU) 2019/2162 (Article 29a).

    Article 14

    Exercise of the delegation

    1.  
    The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.
    2.  
    The power to adopt a delegated act referred to in Article 13(4) shall be conferred on the Commission for a period of 12 months from the publication of the report referred to in Article 13(1).
    3.  
    The delegation of power referred to in Article 13(4) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect on the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.
    4.  
    Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making.
    5.  
    As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.
    6.  
    A delegated act shall enter into force only if no objection has been expressed either by the European Parliament or by the Council within a period of three months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by three months at the initiative of the European Parliament or of the Council.

    Article 15

    Entry into force

    This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

    This Regulation shall be binding in its entirety and directly applicable in all Member States.



    ANNEX

    List of Union legislative acts under Article 1(1), point (a), of this Regulation

    PART A —   REGULATIONS

    1. Regulation (EC) No 1060/2009 of the European Parliament and of the Council of 16 September 2009 on credit rating agencies (OJ L 302, 17.11.2009, p. 1).

    2. Regulation (EU) No 236/2012 of the European Parliament and of the Council of 14 March 2012 on short selling and certain aspects of credit default swaps (OJ L 86, 24.3.2012, p. 1).

    3. Regulation (EU) No 345/2013 of the European Parliament and of the Council of 17 April 2013 on European venture capital funds (OJ L 115, 25.4.2013, p. 1).

    4. Regulation (EU) No 346/2013 of the European Parliament and of the Council of 17 April 2013 on European social entrepreneurship funds (OJ L 115, 25.4.2013, p. 18).

    5. Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and amending Regulation (EU) No 648/2012 (OJ L 176, 27.6.2013, p. 1).

    6. Regulation (EU) No 537/2014 of the European Parliament and of the Council of 16 April 2014 on specific requirements regarding statutory audit of public-interest entities and repealing Commission Decision 2005/909/EC (OJ L 158, 27.5.2014, p. 77).

    7. Regulation (EU) No 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse (market abuse regulation) and repealing Directive 2003/6/EC of the European Parliament and of the Council and Commission Directives 2003/124/EC, 2003/125/EC and 2004/72/EC (OJ L 173, 12.6.2014, p. 1).

    8. Regulation (EU) No 600/2014 of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Regulation (EU) No 648/2012 (OJ L 173, 12.6.2014, p. 84).

    9. Regulation (EU) No 1286/2014 of the European Parliament and of the Council of 26 November 2014 on key information documents for packaged retail and insurance-based investment products (PRIIPs) (OJ L 352, 9.12.2014, p. 1).

    10. Regulation (EU) 2015/760 of the European Parliament and of the Council of 29 April 2015 on European long-term investment funds (OJ L 123, 19.5.2015, p. 98).

    11. Regulation (EU) 2015/2365 of the European Parliament and of the Council of 25 November 2015 on transparency of securities financing transactions and of reuse and amending Regulation (EU) No 648/2012 (OJ L 337, 23.12.2015, p. 1).

    12. Regulation (EU) 2016/1011 of the European Parliament and of the Council of 8 June 2016 on indices used as benchmarks in financial instruments and financial contracts or to measure the performance of investment funds and amending Directives 2008/48/EC and 2014/17/EU and Regulation (EU) No 596/2014 (OJ L 171, 29.6.2016, p. 1).

    13. Regulation (EU) 2017/1129 of the European Parliament and of the Council of 14 June 2017 on the prospectus to be published when securities are offered to the public or admitted to trading on a regulated market, and repealing Directive 2003/71/EC (OJ L 168, 30.6.2017, p. 12).

    14. Regulation (EU) 2017/1131 of the European Parliament and of the Council of 14 June 2017 on money market funds (OJ L 169, 30.6.2017, p. 8).

    15. Regulation (EU) 2019/1238 of the European Parliament and of the Council of 20 June 2019 on a pan-European Personal Pension Product (PEPP) (OJ L 198, 25.7.2019, p. 1).

    16. Regulation (EU) 2019/2033 of the European Parliament and of the Council of 27 November 2019 on the prudential requirements of investment firms and amending Regulations (EU) No 1093/2010, (EU) No 575/2013, (EU) No 600/2014 and (EU) No 806/2014 (OJ L 314, 5.12.2019, p. 1).

    17. Regulation (EU) 2019/2088 of the European Parliament and of the Council of 27 November 2019 on sustainability-related disclosures in the financial services sector (OJ L 317, 9.12.2019, p. 1).

    18. Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (OJ L 150, 9.6.2023, p. 40).

    19. Regulation (EU) 2023/2631 of European Parliament and of the Council of 22 November 2023 on European Green Bonds and optional disclosures for bonds marketed as environmentally sustainable and for sustainability-linked bonds (OJ L, 2023/2631, 30.11.2023, ELI: http://data.europa.eu/eli/reg/2023/2631/oj).

    PART B —   DIRECTIVES

    1. Directive 2002/87/EC of the European Parliament and of the Council of 16 December 2002 on the supplementary supervision of credit institutions, insurance undertakings and investment firms in a financial conglomerate and amending Council Directives 73/239/EEC, 79/267/EEC, 92/49/EEC, 92/96/EEC, 93/6/EEC and 93/22/EEC, and Directives 98/78/EC and 2000/12/EC of the European Parliament and of the Council (OJ L 35, 11.2.2003, p. 1).

    2. Directive 2004/25/EC of the European Parliament and of the Council of 21 April 2004 on takeover bids (OJ L 142, 30.4.2004, p. 12).

    3. Directive 2004/109/EC of the European Parliament and of the Council of 15 December 2004 on the harmonisation of transparency requirements in relation to information about issuers whose securities are admitted to trading on a regulated market and amending Directive 2001/34/EC (OJ L 390, 31.12.2004, p. 38).

    4. Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC (OJ L 157, 9.6.2006, p. 87).

    5. Directive 2007/36/EC of the European Parliament and of the Council of 11 July 2007 on the exercise of certain rights of shareholders in listed companies (OJ L 184, 14.7.2007, p. 17).

    6. Directive 2009/65/EC of the European Parliament and of the Council of 13 July 2009 on the coordination of laws, regulations and administrative provisions relating to undertakings for collective investment in transferable securities (UCITS) (OJ L 302, 17.11.2009, p. 32).

    7. Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009, p. 1).

    8. Directive 2011/61/EU of the European Parliament and of the Council of 8 June 2011 on Alternative Investment Fund Managers and amending Directives 2003/41/EC and 2009/65/EC and Regulations (EC) No 1060/2009 and (EU) No 1095/2010 (OJ L 174, 1.7.2011, p. 1).

    9. Directive 2013/34/EU of the European Parliament and of the Council of 26 June 2013 on the annual financial statements, consolidated financial statements and related reports of certain types of undertakings, amending Directive 2006/43/EC of the European Parliament and of the Council and repealing Council Directives 78/660/EEC and 83/349/EEC (OJ L 182, 29.6.2013, p. 19).

    10. Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338).

    11. Directive 2014/59/EU of the European Parliament and of the Council of 15 May 2014 establishing a framework for the recovery and resolution of credit institutions and investment firms and amending Council Directive 82/891/EEC, and Directives 2001/24/EC, 2002/47/EC, 2004/25/EC, 2005/56/EC, 2007/36/EC, 2011/35/EU, 2012/30/EU and 2013/36/EU, and Regulations (EU) No 1093/2010 and (EU) No 648/2012, of the European Parliament and of the Council (OJ L 173, 12.6.2014, p. 190).

    12. Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349).

    13. Directive (EU) 2016/97 of the European Parliament and of the Council of 20 January 2016 on insurance distribution (OJ L 26, 2.2.2016, p. 19).

    14. Directive (EU) 2016/2341 of the European Parliament and of the Council of 14 December 2016 on the activities and supervision of institutions for occupational retirement provision (IORPs) (OJ L 354, 23.12.2016, p. 37).

    15. Directive (EU) 2019/2034 of the European Parliament and of the Council of 27 November 2019 on the prudential supervision of investment firms and amending Directives 2002/87/EC, 2009/65/EC, 2011/61/EU, 2013/36/EU, 2014/59/EU and 2014/65/EU (OJ L 314, 5.12.2019, p. 64).

    16. Directive (EU) 2019/2162 of the European Parliament and of the Council of 27 November 2019 on the issue of covered bonds and covered bond public supervision and amending Directives 2009/65/EC and 2014/59/EU (OJ L 328, 18.12.2019, p. 29).

    ▼M1

    17. Directive (EU) 2024/1760 of the European Parliament and of the Council of 13 May 2024 on corporate sustainability due diligence and amending Directive (EU) 2019/1937 and Regulation (EU) 2023/2859 (OJ L, 2024/1760, 5.7.2024, ELI: http://data.europa.eu/eli/dir/2024/1760/oj).


    ( 1 ) Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases (OJ L 77, 27.3.1996, p. 20).

    ( 2 ) Regulation (EC) No 223/2009 of the European Parliament and of the Council of 11 March 2009 on European statistics and repealing Regulation (EC, Euratom) No 1101/2008 of the European Parliament and of the Council on the transmission of data subject to statistical confidentiality to the Statistical Office of the European Communities, Council Regulation (EC) No 322/97 on Community Statistics, and Council Decision 89/382/EEC, Euratom establishing a Committee on the Statistical Programmes of the European Communities (OJ L 87, 31.3.2009, p. 164).

    ( 3 ) Directive 2014/59/EU of the European Parliament and of the Council of 15 May 2014 establishing a framework for the recovery and resolution of credit institutions and investment firms and amending Council Directive 82/891/EEC, and Directives 2001/24/EC, 2002/47/EC, 2004/25/EC, 2005/56/EC, 2007/36/EC, 2011/35/EU, 2012/30/EU and 2013/36/EU, and Regulations (EU) No 1093/2010 and (EU) No 648/2012, of the European Parliament and of the Council (OJ L 173, 12.6.2014, p. 190).

    Top