1.   For the purposes of this Regulation, a member of the staff of a competent authority who is responsible for manually inserting and modifying information in the electronic central register of the European Banking Authority (EBA) (the ‘electronic central register’) shall be an internal user.

2.   Each competent authority shall appoint at least two members of its staff as internal users.

3.   Competent authorities shall notify EBA of the identity of the persons referred to in paragraph 2.

1.   The application of the electronic central register shall be accessible to internal users only by using two-factor authentication.

2.   EBA shall provide a default username and password and the other security credentials to the internal users for accessing the application of the electronic central register.

3.   Internal users shall be required to change their default username and password at their first log-in into the application of the electronic central register.

4.   EBA shall ensure that the authentication method applied allows the identification of each internal user.

5.   EBA shall ensure that the application of the electronic central register does not allow information to be inserted or modified in the electronic central register by persons who do not have access to the application of the register or who do not have the appropriate permissions to do so.

1.   For the purposes of this Regulation, public users of the electronic central register shall be payment service users and other interested parties, who access the electronic central register through the website of EBA.

2.   Public users shall be able to access the electronic central register without using access credentials.

3.   The access of public users to the electronic central register shall allow them only to read, search and download the information contained in the register. Public users shall not have any rights to modify the content of the register.

4.   When public users access the electronic central register, the website of EBA shall display the search criteria specified in Article 15(1).

1.   Competent authorities shall transmit to EBA the information to be contained in the electronic central register manually via a web user interface or automatically via an application to application interface.

2.   Competent authorities shall notify EBA about their preferred approach for transmission of information under paragraph 1.

3.   Competent authorities which have notified EBA that their preferred approach is to transmit information automatically shall be allowed to transmit information manually upon prior notification to EBA.

4.   Competent authorities shall provide EBA with a hyperlink to their national public register. EBA shall make those hyperlinks publicly available in the electronic central register.

1.   Competent authorities which have decided to transmit information to EBA manually shall insert or modify information for their Member States in the web application of the electronic central register. The information shall be entered in the format specified in paragraphs 2 to 9 of Article 1 of the Commission Implementing Regulation (EU) 2019/410 (3).

2.   The manually inserted or modified information shall be made publicly available in the electronic central register after it has been validated by the application of that register in accordance with Article 8.

3.   When manually inserted or modified information fails to be validated by the application of the electronic central register, the information shall be rejected and not be made publicly available. The internal user shall make the insertion or modification once again using the corrected information.

4.   EBA shall insert a date and time stamp in the manually inserted or modified information in the electronic central register. That date and time stamp shall display the moment of the last change to the register.

5.   Competent authorities shall ensure that all amendments to the content of their national public registers related to the granting or withdrawal of authorisation or registration are inserted in the electronic central register of EBA on the same day.

1.   Competent authorities which have decided to transmit information to EBA automatically shall transmit the information directly from the applications of their national public registers to the application of the electronic central register.

2.   EBA and the competent authorities shall ensure secure transmission of information between the applications of their respective registers in order to safeguard the authenticity, integrity and non-repudiation of the information transmitted, using strong and widely recognised encryption techniques.

3.   Competent authorities shall transmit to EBA in a single batch file with a common standard and structured format (‘the batch file’) the whole set of information set out in paragraphs 2 to 9 of Article 1 of the Implementing Regulation (EU) 2019/410 contained in their national public registers.

4.   The transmission of the batch file shall take place at least once each day on which the content of a national public register has been amended.

5.   Where competent authorities amend the content of their national public registers in relation to the granting or withdrawal of authorisation or registration and they are unable to transmit those changes automatically, they shall insert them manually on the same day.

6.   EBA shall allow the competent authorities to transmit a batch file once a day irrespective of whether the content of their national public registers has been amended.

7.   The information automatically transmitted to the electronic central register shall be made publicly available in the register as soon as possible after the batch file has been processed and validated by the application of the electronic central register in accordance with Article 8 and at the latest by the end of the day on which the batch file was processed and validated. All information previously transmitted, or manually inserted by a competent authority, which is publicly available in the electronic central register shall be replaced by the subsequently transmitted information by that competent authority.

8.   EBA shall not allow competent authorities to transmit a new batch file before they have received the outcome of the validation of their previously transmitted batch file.

9.   Where automatically transmitted information fails to be validated by the application of the electronic central register, the whole set of information contained in the batch file shall be rejected and not be made publicly available in that register.

10.   EBA shall insert a date and time stamp in the information automatically transmitted to the application of the electronic central register. That date and time stamp shall display the moment of the last synchronisation between the electronic central register and the national public registers.

1.   The application of the electronic central register shall validate information transmitted by competent authorities to EBA in order to avoid any missing information or duplication of information.

2.   In order to avoid any missing information, the application of the electronic central register shall perform data validation on the fields filled in or transmitted by the competent authorities to EBA with the exception of the field for the commercial name of the natural or legal person.

3.   In order to avoid duplication of the information, the application of the register shall perform data validation on each of the following fields:

4.   Where the status of authorisation or registration of a natural or legal person, which has agents providing payment services on its behalf, has changed from ‘authorised’ or ‘registered’ to ‘withdrawn’, the application of the electronic central register shall not perform data validation on the agents linked to that person.

5.   Competent authorities shall receive a response from the application of the electronic central register about the result of the data validation process as soon as possible in a clear and unequivocal way. The result of the data validation shall also include the percentage change to the content of the information previously transmitted.

6.   Where the transmitted information fails the validation process, EBA shall include in its response to the competent authorities all the reasons for the rejection.

7.   In the event of a failed validation where the amendments to the content of the national public register are related to granting or withdrawal of authorisation or registration, competent authorities which transmit information automatically shall, by the end of the day on which the validation failed, transmit a corrected or updated batch file with the whole set of information or manually insert the new amendments made to the content of their national public registers related to the granting or withdrawal of authorisation or registration.

8.   For the purposes of the validation of national identification numbers competent authorities shall notify to EBA the types and the formats of the national identification numbers which they use in their national registers.

9.   The application of the electronic central register shall enable competent authorities to insert an agent more than once in the register where the agent provides payment services on behalf of more than one natural or legal person. Each insertion shall be treated as a separate record.

1.   EBA and the competent authorities shall ensure that agents inserted in the electronic central register are linked to the natural or legal person on behalf of which they provide payment services.

2.   Where a natural or legal person, which has agents providing payment services on its behalf, has its status of authorisation or registration changed from ‘authorised’ or ‘registered’ to ‘withdrawn’, the status of the agents linked to that natural or legal person shall be changed from ‘active’ to ‘inactive’.

1.   Competent authorities shall be responsible for the accuracy of information manually inserted in or automatically transmitted to the application of the electronic central register about the natural or legal persons authorised or registered by them, as well as the agents and service providers carrying out services under points (i) and (ii) of point (k) and point (l) of Article 3 of Directive (EU) 2015/2366 listed in their national public registers.

2.   The application of the electronic central register shall enable internal users and applications of the national public registers to insert or modify the information for which their respective competent authority is responsible.

3.   Competent authorities shall not be able to modify the information for which other competent authorities are responsible.

4.   Competent authorities shall not be able to insert information concerning payment institutions, natural or legal persons benefiting from an exemption pursuant to Article 32 of Directive (EU) 2015/2366 and their agents, account information service providers, the institutions referred to in points (4) to (23) of Article 2(5) of Directive 2013/36/EU, electronic money institutions, legal persons benefiting from an exemption pursuant to Article 9 of Directive 2009/110/EC and their agents, and service providers carrying out services under points (i) and (ii) of point (k) and point (l) of Article 3 of Directive (EU) 2015/2366, established in another host Member State.

1.   The application data of the electronic central register shall be backed up and the backup copies shall be stored for the purposes of disaster recovery.

2.   In the event that any security issues are detected, EBA shall be able to immediately shut down the application of the electronic central register and prevent any access to the server.

3.   The application of the electronic central register shall be able to recover from crashes without undue delay and to continue its normal operation.

4.   In the event that the application of the electronic central register is down and cannot process batch files transmitted by the competent authorities, that application shall process the most recent files which were transmitted by each competent authority after restoring its normal operation.

5.   EBA shall notify the competent authorities of any failure or down-time of the application of the electronic central register.

6.   Where a failure of the application of the electronic central register has affected the processing of a batch file transmitted by a competent authority, EBA shall request the competent authority to submit a new batch file. Where the competent authority is unable to do so, it shall request EBA to roll-back the data to the version that was submitted with the last validated batch file prior to the failure.

7.   EBA shall develop its register in accordance with the international standards for cyber security.

1.   The electronic central register shall be able to accommodate the initial set of data currently existing in the public registers maintained by the competent authorities.

2.   The application of the electronic central register shall be able to accommodate an increase in the volume of the information received from competent authorities. Such an increase shall not affect the availability of the register.

3.   EBA shall ensure that the electronic central register becomes available immediately after normal operation has been restored following any failure of the application of the register.

4.   The automated transmission of information referred to in Article 7 shall not affect the availability of the electronic central register.

5.   EBA shall inform public users of any unavailability of the electronic central register as well as of the reasons for that unavailability and the recovery of that register by displaying that information on its website

1.   EBA shall monitor the operation of the application of the register, analyse its performance and, where necessary, introduce changes to ensure that the application complies with the requirements set out in this Regulation.

2.   EBA shall monitor the regular transmission and update of information in the electronic central register by the competent authorities.

3.   EBA shall review the suitability of the non-functional requirements specified in this Chapter on a regular basis.

4.   EBA shall provide support to the competent authorities in relation to the operation of the electronic central register. For that purpose EBA shall introduce a functionality in the application of the register enabling competent authorities to submit a query. EBA shall put all such queries in a queue.

5.   EBA shall respond to the queries referred to in paragraph 4 without undue delay by the end of the day on which the query was made. EBA shall respond to the queries in order of reception.

6.   EBA shall provide the competent authorities with a testing environment and support for that technical environment.

7.   EBA shall establish a designated channel for communication of incidents related to the operation of the electronic central register.

1.   The electronic central register shall enable recording of all the information transmitted by competent authorities to EBA.

2.   The electronic central register shall enable recording of all automated or manual actions performed by the applications of the national public registers or by internal users respectively, as well as the time when those actions were performed.

3.   EBA shall be able to access the data recorded pursuant to paragraphs 1 and 2.

4.   EBA shall be able to extract reports from the data recorded pursuant to paragraphs 1 and 2 which enable it to monitor and interpret the information transmitted by the competent authorities.

1.   The electronic central register shall enable users of the register to search information in the register on the basis of different search criteria including each of the following:

2.   The electronic central register shall perform the search of information when at least one of the search criteria is filled in.

3.   The electronic central register shall enable users of the register to use any combination of the criteria specified in paragraph 1.

4.   The electronic central register shall enable users of the register to select the information in items (a), (d), (e) and (j) of paragraph 1 from a drop-down menu.

5.   The electronic central register shall enable users of the register to select the search criteria referred to in points (g), (h) and (i) of paragraph 1 from a multi-select menu.

6.   EBA shall ensure that searches that enable the use of symbols or signs to replace individual characters and/or words (wildcard searches) are available for users of the register to increase the breadth of a search.

7.   EBA shall inform the users of the register how to use the symbols referred to in paragraph 6 by displaying the information on its website.

1.   The electronic central register shall display as search results all natural and legal persons which meet the search criteria filled in by the user of the register.

2.   The information displayed concerning the natural and legal persons shall include the following:

3.   When selecting the name of a natural or legal person from the displayed search results, the information specified in paragraphs 2 to 9 of Article 1 of Implementing Regulation (EU) 2019/410 shall be displayed for the respective person, including the latest date and time stamp inserted by EBA.

4.   Agents shall be displayed both as a separate record and as part of the record of the natural or legal person on behalf of which they provide payment services.

5.   EBA shall accurately display in the electronic central register the information transmitted by the competent authorities and ensure that the information displayed is complete.

1.   EBA shall make the content of the electronic central register available for manual and automated download by public users of the register by copying the content to a standardised file.

2.   EBA shall update the standardised file referred to in paragraph 1 at least twice a day at pre-determined intervals. EBA shall disclose the pre-determined intervals for such updates.