European flag

Official Journal
of the European Union

EN

Series L


2023/2859

20.12.2023

REGULATION (EU) 2023/2859 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

of 13 December 2023

establishing a European single access point providing centralised access to publicly available information of relevance to financial services, capital markets and sustainability

(Text with EEA relevance)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Economic and Social Committee (1),

Acting in accordance with the ordinary legislative procedure (2),

Whereas:

(1)

Easy and structured access to data is important in order for decision makers, professional and retail investors, non-governmental organisations, civil society organisations, social and environmental organisations, as well as other stakeholders in the economy and society, to make sound, informed, and environmentally and socially responsible investment decisions that serve the efficient functioning of the market. The provision of reliable and systematised sources of information is likewise of particular relevance for researchers and practitioners in academia, who engage in empirical or theoretical research into financial markets. Ensuring easier access to public information, including to information provided on a voluntary basis, is also necessary in order to increase opportunities for the growth and visibility of and innovation by small and medium-sized enterprises (SMEs). Rolling out common Union data spaces in crucial sectors, including the financial sector, serves the purpose of providing easy access to reliable sources of information in those sectors.

(2)

In its communication of 24 September 2020 entitled ‘A Capital Markets Union for people and businesses – new action plan’ (the ‘CMU Action Plan’), the Commission proposed to improve public access to entities’ financial and non-financial information by building a European single access point (ESAP). The communication of the Commission of 24 September 2020 entitled ‘A digital finance strategy for the EU’ (the ‘Digital Finance Strategy’) set out in general terms how the Union could promote the digital transformation of finance in the coming years, in particular how to promote data-driven finance. Subsequently, in its communication of 6 July 2021 entitled ‘Strategy for Financing the Transition to a Sustainable Economy’, the Commission placed sustainable finance at the heart of the financial system as a key means of achieving the green transition of the Union economy, as part of the European Green Deal set out in the Commission’s communication of 11 December 2019.

(3)

For the green transition of the Union economy to succeed through sustainable finance, it is essential that information related to the sustainability of businesses be easily accessible to investors so that they are better informed when making decisions about investments. For those purposes, public access to the financial and non-financial information of entities such as companies, businesses and financial institutions needs to be improved. An efficient means of doing so at Union level is to establish a centralised platform, ESAP, giving electronic public access to all relevant information.

(4)

ESAP should provide the public with easy, centralised access to information about entities and their products that is made public and is of relevance to financial services, capital markets, sustainability and diversity, but should exclude marketing information. Such access is needed in order to meet the rising demand for investable and diversified financial products that fall under the environmental, social and governance umbrella and to channel capital towards those products. ESAP is intended to be a forward-looking platform that should allow for the inclusion of public information of relevance to financial services, capital markets, sustainability and diversity stemming from future Union legislative acts, such as a Directive of the European Parliament and of the Council on corporate sustainability due diligence and amending Directive (EU) 2019/1937.

(5)

Investors, market participants, advisors, academia and the public at large may have an interest in obtaining information of relevance to financial services, capital markets, sustainability and diversity, other than that required to be made public under Union law, where an entity makes that information publicly accessible. SMEs in particular may want to make more of their information publicly accessible in order to become more visible to potential investors, thereby increasing and diversifying funding opportunities. Market participants may also want to provide more information than that required by Union law. Therefore, ESAP should provide access to information of relevance to financial services, capital markets, sustainability and diversity that is made public on a voluntary basis by any entity governed by the law of a Member State, where such entity chooses to make that information accessible on ESAP. Such information could be submitted on a voluntary basis once the operational soundness and efficiency of ESAP has been ensured, which would in any event be after the submission of the Commission report to the European Parliament and to the Council on the implementation, functioning and effectiveness of ESAP. Information submitted on a voluntary basis should be clearly identified as such.

(6)

Information submitted on a voluntary basis should aim to be uniform in format and comparable in substance, value, utility and reliability to that submitted on a mandatory basis. To ensure the increased comparability and usability of the information made accessible on ESAP on a voluntary basis, the European Supervisory Authority (European Banking Authority) (EBA) established by Regulation (EU) No 1093/2010 of the European Parliament and of the Council (3), the European Supervisory Authority (European Insurance and Occupational Pensions Authority) (EIOPA) established by Regulation (EU) No 1094/2010 of the European Parliament and of the Council (4), and the European Supervisory Authority (European Securities and Markets Authority) (ESMA) established by Regulation (EU) No 1095/2010 of the European Parliament and of the Council (5) (known collectively as ‘European Supervisory Authorities’ or ‘ESAs’) should, through the Joint Committee, develop draft implementing technical standards specifying the metadata to accompany that information and, where applicable, the formats or templates to be used for drawing up such information. The Joint Committee should also take into account any existing standards in the corresponding sectoral Union legislative acts and in particular any standards specifically designed for SMEs.

(7)

ESAP should not create any new disclosure requirements in terms of content, but should instead build upon existing requirements laid down in the Union legislative acts listed in the Annex to this Regulation. It is important to avoid double reporting, in order to prevent the imposition of any additional administrative and financial burden on entities, especially SMEs.

(8)

Historical information should also be able to be included on ESAP in order to increase the availability and comparability of information. Historical information should cover information that was made public no earlier than five years before it was required to be submitted to ESAP. To ensure consistent and complete sets of historical information, the ability to make historical information accessible on ESAP should remain the prerogative of the collection bodies that are Union bodies, offices or agencies.

(9)

ESAP should be established with an ambitious timeframe, while taking intermediate steps to ensure its operational soundness and efficiency. In particular, sufficient time should be allocated for the technical implementation of ESAP and for the collection of information to be put in place in Member States. The development of ESAP should have an initial phase of 12 months, to grant sufficient time to Member States and ESMA to establish the IT infrastructure and test it on the basis of the collection of a limited number of information flows. Subsequently, the development of ESAP should gradually incorporate, over time, an additional number of information flows and functionalities at a pace that allows for ESAP’s sound and efficient development. The functioning of ESAP should be assessed on a regular basis over the course of its implementation and operation to allow for any adjustments to meet the needs of its users and to ensure its technical efficiency.

(10)

The information to be made publicly accessible on ESAP should be collected by collection bodies designated for the purpose of collecting the information that entities are required to make public, or by collection bodies designated for the collection of information that is submitted by entities on a voluntary basis. In order to ensure the full and cost-efficient functioning of ESAP, the collection bodies should make the information available to ESAP in an automated manner through a single application programming interface (API). The collection bodies should draw, to the extent possible, upon existing information collection procedures and infrastructure, at Union and national level, for the transmission of information to ESAP without undue delay. There should be no obligation to make the information accessible on ESAP before that information is made public pursuant to the applicable sectoral Union legislative acts. For the purpose of making information accessible on ESAP, the collection bodies should store the information submitted by the entities or generated by the collection bodies themselves, unless appropriate alternative storage mechanisms are already provided for under Union law. The collection bodies should not be required to build new storage mechanisms where existing Union or national mechanisms can be relied on for the storage of information. Member States should designate at least one collection body for the collection of information submitted by entities on a voluntary basis, which could be the same as the bodies collecting information submitted by entities on a mandatory basis.

(11)

For the purpose of achieving cost-efficient functioning, the collection bodies should be able to delegate their tasks to a third party. Such delegation should be subject to appropriate safeguards and should not be exercised to such an extent that the collection body becomes merely a ‘letter-box entity’. It should not be possible to delegate the task of taking a discretionary decision to reject or remove information that is manifestly inappropriate, abusive or outside the scope of this Regulation. However, that does not prevent a delegatee from carrying out such rejection or removal in accordance with such a discretionary decision made by the collection body.

(12)

In order for the information made publicly accessible on ESAP to be digitally usable, entities should make that information available in a data extractable format or, where required by Union law, in a machine-readable format. Data extractable formats do not necessarily require information to be structured in such a way that makes it machine readable, whereas machine-readable formats are file formats structured so that software applications can easily identify, recognise and extract specific data, including individual statements of fact, and the internal structure of that data. Both formats should be open to allow for the widest possible use. Open formats should be understood to be platform-independent and made available to the public without any restriction that impedes the re-use of the information contained therein. Draft implementing technical standards should be drawn up by the ESAs, through the Joint Committee, for submission to the Commission, specifying the characteristics of machine-readable and data extractable formats and accounting for any evolving technology trends or standards. To ensure that entities submit the information in the correct format and to address any potential technical issues encountered by entities, the collection bodies should perform automated validations in accordance with this Regulation and provide assistance to the entities submitting information, where needed.

(13)

Entities submitting information and metadata to the collection bodies should remain responsible for the accuracy and completeness of the information in the language in which it is submitted and for the reliability of that information and metadata. Pursuant to the principles of data minimisation and data protection, entities should ensure that no personal data are included in the information being submitted, except where those data constitute a necessary element of the information about entities’ economic activities, including where the name of the entity corresponds to the name of the owner. Where the information submitted contains personal data, entities should ensure that for the disclosure of that personal data they can rely on one of the lawful grounds of processing laid down in Regulation (EU) 2016/679 of the European Parliament and of the Council (6).

(14)

The objective of ESMA is to protect the public interest by contributing to the stability and effectiveness of the financial system, for the Union economy, its citizens and businesses. In that context, ESMA contributes in particular to ensuring the integrity, transparency, efficiency and orderly functioning of financial markets. It has, amongst others, the task of improving investor protection. Accordingly, ESMA should be given the task of establishing and operating ESAP.

(15)

In order to enable entities and the public to identify the collection bodies providing information to ESAP, ESMA should publish on its website a list of the collection bodies and keep that list up to date. If it is necessary to make changes to the list, those changes should be made within the shortest timeframe possible.

(16)

ESAP could be subject to confidentiality breaches, integrity risks and risks related to its own availability and the availability of the information processed therein. Those risks include accidents, errors, deliberate attacks and natural events, and need to be recognised as operational risks. ESMA and the collection bodies should implement appropriate and proportionate policies, including regular reviews, to ensure that ESAP protects the information processed and functions to the highest appropriate standard.

(17)

To facilitate the searching, finding, retrieving and use of data, ESMA should ensure that ESAP offers a set of functionalities, including a search function, a machine translation service and the possibility of extracting information, as well as electronic accessibility features designed for visually impaired persons and persons with disabilities and access needs. The search function should be offered in all official languages of the Union and build at least on the metadata provided pursuant to the Union legislative acts listed in the Annex to this Regulation. The user interface and search function in ESAP should be designed in a manner that is as user-friendly as possible, with a high degree of data comparability, and that caters for a broad range of potential users, such as professional and retail investors, academic institutions and civil society organisations.

(18)

The use and re-use of information that is publicly accessible on ESAP can improve the functioning of the internal market and promote the development of new services that combine and make use of such information. It is therefore necessary, where justified on the grounds of a public interest objective, to allow for the use and re-use of the information that is accessible on ESAP for purposes other than those for which the information was drawn up. Such use and re-use of information should, nonetheless, be subject to objective and non-discriminatory conditions. Moreover, conditions corresponding to those laid down in open standard licences within the meaning of Directive (EU) 2019/1024 of the European Parliament and of the Council (7), allowing for data and content to be freely accessible, used, modified and shared by anyone for any purpose, should apply where appropriate. Entities submitting their information to a collection body for it to be made accessible on ESAP should not limit the use and re-use of that information for regulatory and non-commercial purposes on the basis of a sui generis right, without prejudice to Union law on copyright and other related rights. Neither ESMA nor the collection bodies should bear any liability for the access, use or re-use of information accessible on ESAP, without prejudice to the principles of non-contractual liability laid down in Article 340 of the Treaty on the Functioning of the European Union (TFEU).

(19)

The information available to ESAP should be made accessible to the public in a timely manner. Therefore, the information provided by the collection bodies to ESAP should be made accessible on ESAP without undue delay and, in any event, within the shortest timeframe possible. In order to ensure the uniform quality of the information, the collection bodies should perform automated validations and reject information submitted where it does not comply with the necessary requirements. The automated validations should not relate to the content of the information. In addition to automated validations, the collection bodies should reject or remove information if they determine, for example after receiving information from a stakeholder, that it falls outside the scope of this Regulation, or that it includes content that is manifestly inappropriate or abusive. The collection bodies are not required to manually or automatically check whether information falls outside the scope of this Regulation or whether it is manifestly inappropriate or abusive. The entities should remain responsible for the content. Other duties that the collection bodies might have under other provisions of Union or national law remain unaffected by this Regulation.

(20)

ESAP should provide users with access to information free of charge and on a non-discriminatory basis and should make it possible for users to search, access and download information from ESAP. However, to protect ESMA from an excessive financial burden in relation to costs incurred as a result of serving the needs of any intensive users, ESMA should be allowed to generate revenue. Therefore, by way of derogation from the general principle that information should be accessible free of charge, ESMA should be allowed to impose fees for specific services, including for services with high maintenance or support costs due to searches for and downloads of very large volumes of information or due to a high frequency of access to information made accessible on ESAP, in particular if the use of such information is for commercial purposes. Any fees imposed should, however, not exceed the costs incurred by ESMA for providing those specific services. Any fees collected should be allocated to the overall functioning of ESAP. Some users, including academia and civil society organisations, should not be subject to any fees. The calculation of fees should be transparent and based on clear principles.

(21)

To promote data-driven innovation in finance, help integrate capital markets in the Union, channel investments into sustainable activities and bring about efficiencies for consumers and businesses, ESAP should improve access to public information that could contain personal data. ESAP should, however, only improve access to those personal data that are contained in information made public pursuant to a legal obligation or, where the information is made public voluntarily, to those personal data that are processed on lawful grounds pursuant to Regulation (EU) 2016/679. For any processing of personal data in the context of making information accessible on ESAP, ESMA, in its capacity as data controller of ESAP, and the collection bodies should ensure compliance with Regulation (EU) 2016/679 and Regulation (EU) 2018/1725 of the European Parliament and of the Council (8). Submitting entities should be responsible for identifying the presence of any personal data in the information submitted and for the processing of such personal data on the basis of one of the lawful grounds for processing pursuant to Regulation (EU) 2016/679. Information accompanied by metadata specifying that it contains personal data should not be retained by the collection bodies or ESAP for any longer than is necessary and in any event for no longer than five years, unless otherwise provided in the Union legislative acts listed in the Annex to this Regulation.

(22)

The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 and delivered formal comments on 19 January 2022.

(23)

The European Central Bank provided its opinion on 7 June 2022 (9).

(24)

In order to build and maintain public trust in ESAP and to protect each entity from undue alteration of its information, the collection bodies should ensure data integrity and the credibility of the source of the information submitted by entities. More particularly, the collection bodies should ensure appropriate levels of authenticity, availability, integrity and non-repudiation of the information submitted by entities to be made available to and accessible on ESAP. Non-repudiation of information means that the entity should be provided with a reasonable assurance that its submission was delivered and that the recipient has proof of the entity’s identity. A qualified electronic seal as defined in Regulation (EU) No 910/2014 of the European Parliament and of the Council (10) could be used to meet those objectives. A specific legal entity identifier, where available, should be a mandatory attribute of the information submitted.

(25)

In order for the information on ESAP to be comparable over time, users should have access also to past information, including historical information. Unless otherwise provided in the Union legislative acts listed in the Annex to this Regulation, ESAP should provide access to information for a reasonable period of time. For that purpose, ESMA should ensure that personal data are neither retained nor made accessible on ESAP for any longer than required by Union law and, in any event, for no longer than five years, unless otherwise provided in the Union legislative acts within the scope of this Regulation.

(26)

The collection bodies should inform ESMA of any substantial practical difficulties identified in relation to the performance of their tasks. ESMA, in close cooperation with EBA and EIOPA, should monitor the functioning of ESAP and publish an annual report thereon, with the aim of ensuring that potential problems are made transparent and that appropriate action can be taken where necessary. The drawing up of the annual report on the functioning of ESAP by ESMA, in close cooperation with EBA and EIOPA, will also help to ensure that competent authorities are involved and that other stakeholders are consulted through the ad hoc task force, group or committee, as appropriate, to be established by ESMA.

(27)

Given the relevance of the Commission report to the European Parliament and to the Council on the implementation, functioning and effectiveness of ESAP for the possible adoption of a delegated act to postpone the inclusion on ESAP of information for which submission to the collection bodies is not yet required pursuant to this Regulation in application of Directive (EU) 2023/2864 of the European Parliament and of the Council (11) and Regulation (EU) 2023/2869 of the European Parliament and of the Council (12), it is important that the Commission make use of the annual reports on the functioning of ESAP drawn up by ESMA and carry out appropriate consultations of the collection bodies and the relevant expert groups, notably the Expert Group of the European Securities Committee. The European Parliament and the Council should, where they consider it appropriate, be given ample opportunity to discuss the Commission’s report.

(28)

In order, where necessary, to postpone the inclusion on ESAP of certain information that should be made accessible on ESAP, the power to adopt acts in accordance with Article 290 of TFEU should be delegated to the Commission in respect of the date from which that information should be submitted for accessibility on ESAP. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making (13). In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States’ experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts.

(29)

To ensure the smooth processing of the information received or drawn up by the collection bodies and made available to ESAP, it is necessary to lay down certain clear and detailed requirements specifying the format and the metadata of that information and which collection bodies should collect it. In order to ensure the quality of the information submitted to ESAP by the collection bodies, it is also necessary to define the characteristics of the automated validations to be carried out in respect of each item of information submitted by entities to the collection bodies, including the characteristics of the qualified electronic seal to be attached to that information, where required by the collection bodies. To ensure the use and re-use of data on ESAP, a list of the designated open standard licences needs to be established. To facilitate the searching, finding and retrieving of data in a timely manner, the characteristics of the API and the metadata to be implemented also need to be established. Additional requirements as regards an efficient search function should also be implemented, such as the specific legal entity identifier of the entity, the classification of the type of information submitted by the entity and the size of the entity by category. To that end, the ESAs should, through the Joint Committee, develop draft implementing technical standards. When drafting the implementing technical standards, the ESAs, through the Joint Committee, should consult with the collection bodies in advance and analyse, in particular, the potential associated costs and benefits. Additionally, ESMA should be able to develop draft implementing technical standards to determine the nature and extent of the specific services for which fees may be charged and the associated fee structure. Such draft implementing technical standards would allow for global and interoperable access to the information of entities. As regards the implementing technical standards concerning sustainability information, the ESAs, through the Joint Committee, should liaise with EFRAG on the development of those draft standards. The Commission should be empowered to adopt those implementing technical standards by means of implementing acts pursuant to Article 291 TFEU and in accordance with Article 15 of Regulation (EU) No 1093/2010, Article 15 of Regulation (EU) No 1094/2010 and Article 15 of Regulation (EU) No 1095/2010.

(30)

Since the objective of this Regulation, namely, to contribute to integrating the Union financial services and capital markets by providing easy centralised access to public information about entities and their products, cannot be sufficiently achieved by the Member States, but can rather, by reason of its scale and effects, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve that objective.

(31)

ESAP is the first action in the new CMU Action Plan and a concrete realisation of the Digital Finance Strategy. ESAP is thus a major project of common European interest in the field of digital finance. For that reason, as much funding as possible should be sought from the Digital Europe Programme established by Regulation (EU) 2021/694 of the European Parliament and of the Council (14), in particular during the early development stages of ESAP, in line with the amounts presented in the Commission Staff Working Document of 25 November 2021. Those funds are allocated to the Commission during the early development of ESAP, with a view to ensuring that ESMA is the ultimate owner of any resulting assets. After the contribution from the Digital Europe Programme has been exhausted, the funding of ESAP should follow the model provided for the funding of ESMA until 31 December 2027. The contributions of competent authorities under that funding model should not exceed a total of EUR 6 968 000. The funding allocation by Member States is, however, not contingent upon a possible overrun of the cost estimates presented in the Commission Staff Working Document of 25 November 2021. The funding of ESAP after December 2027 should be discussed in the appropriate budgetary procedure in the context of the next Multiannual Financial Framework when assessing whether a larger contribution from the Union budget would be appropriate,

HAVE ADOPTED THIS REGULATION:

Article 1

The European single access point

1.   By 10 July 2027, ESMA shall establish and operate a European single access point (ESAP) providing centralised electronic access to the following information:

(a)

information made public pursuant to the Union legislative acts listed in the Annex or pursuant to any further legally binding Union acts that provide for centralised electronic access to information on ESAP;

(b)

information that any entity governed by the law of a Member State chooses to make accessible on ESAP on a voluntary basis, in accordance with Article 3(1), and that is referred to in the Union legislative acts listed in the Annex or in any further legally binding Union acts that provide for centralised electronic access to information on ESAP.

2.   The information referred to in paragraph 1, point (a), of this Article shall not be submitted to collection bodies for the purpose of being made accessible on ESAP before the date of application of the requirement to submit that information as provided for in the Union legislative acts listed in the Annex or in any further legally binding Union acts that provide for centralised electronic access to information on ESAP.

3.   Collection bodies that are Union bodies, offices or agencies may make available to ESAP historical information starting from the date of application of the requirement to submit the information to ESAP as provided for in the Union legislative acts listed in the Annex or in any further legally binding Union acts that provide for centralised electronic access to information on ESAP.

Article 2

Definitions

For the purposes of this Regulation, the following definitions apply:

(1)

‘entity’ means any natural or legal person:

(a)

that is required to submit the information referred to in Article 1(1), point (a), to a collection body; or

(b)

that submits information to a collection body on a voluntary basis pursuant to Article 1(1), point (b), in order for that information to be made accessible on ESAP;

(2)

‘collection body’ means a Union body, office or agency or national body, authority or register designated as such pursuant to any of the Union legislative acts under Article 1(1), point (a), or designated as such by a Member State in accordance with Article 3(2);

(3)

‘data extractable format’ means any open format as defined in Article 2, point (14), of Directive (EU) 2019/1024 that is widely used or required by law, that allows data extraction by a machine and that is human-readable;

(4)

‘machine-readable format’ means a machine-readable format as defined in Article 2, point (13), of Directive (EU) 2019/1024;

(5)

‘qualified electronic seal’ means a qualified electronic seal as defined in Article 3, point (27), of Regulation (EU) No 910/2014;

(6)

‘application programming interface’ or ‘API’ means a set of functions, procedures, definitions and protocols for machine-to-machine communication and the seamless exchange of data;

(7)

‘metadata’ means structured information that makes it easier to retrieve, use or manage an information resource, including by describing, explaining or locating the source of that information;

(8)

‘personal data’ means personal data as defined in Article 4, point (1), of Regulation (EU) 2016/679;

(9)

‘historical information’ means the information referred to in Article 1(1), point (a), that was made public no earlier than five years before the date of application of the requirement to submit that information to ESAP;

(10)

‘Joint Committee’ means the committee referred to in Article 54 of Regulation (EU) No 1093/2010, Article 54 of Regulation (EU) No 1094/2010 and Article 54 of Regulation (EU) No 1095/2010.

Article 3

Voluntary submission of information

1.   From 10 January 2030, an entity may submit the information referred to in Article 1(1), point (b), to the collection body in the Member State where the entity has its registered office for the purpose of making that information accessible on ESAP.

When submitting such information to the collection body, the entity shall:

(a)

ensure that the information is accompanied by metadata specifying that the information is made accessible on ESAP on a voluntary basis;

(b)

ensure that the information is accompanied by metadata specifying whether the information contains personal data;

(c)

ensure that the information is accompanied by the metadata necessary for the functioning of the ESAP search function referred in Article 7(3);

(d)

use a data extractable format for submitting the information;

(e)

ensure that the information submitted falls within the scope of Article 1(1), point (b);

(f)

ensure that no personal data are included in the information, except where the personal data are required by Union or national law or constitute a necessary element of the information about the entity’s economic activities.

2.   By 9 January 2030, each Member State shall designate at least one collection body for the collection of information submitted on a voluntary basis and notify ESMA thereof.

3.   The European Supervisory Authorities established by Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010 of the European Parliament and of the Council (collectively, the ‘ESAs’) shall, through the Joint Committee, develop draft implementing technical standards to specify the following:

(a)

the metadata to accompany the information submitted in accordance with paragraph 1;

(b)

where applicable, the specific formats or templates to be used for submitting the information in accordance with paragraph 1.

4.   When developing the implementing technical standards referred to in paragraph 3, the ESAs shall take into consideration any standards that already exist in the corresponding sectoral Union legislative acts and, in particular, any standards specifically designed for SMEs.

The ESAs shall submit the draft implementing technical standards to the Commission by 10 January 2028.

Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph of this paragraph in accordance with Article 15 of Regulation (EU) No 1093/2010, Article 15 of Regulation (EU) No 1094/2010 and Article 15 of Regulation (EU) No 1095/2010.

The ESAs, through the Joint Committee, shall adopt guidelines for entities to ensure that the metadata submitted is correct, including the conditions for the inclusion of personal data in voluntary submissions.

5.   Where the information referred to in paragraph 1 contains personal data, entities shall ensure that any processing of those data is based on one of the lawful grounds for processing listed in Article 6(1) of Regulation (EU) 2016/679. This Regulation does not create a legal basis for the processing of personal data.

Article 4

List of the collection bodies

ESMA shall publish a list of the collection bodies, containing the uniform resource locator of each collection body, on the web portal referred to in Article 7(1), point (a).

ESMA shall ensure that that list is kept up-to-date and shall notify the Commission of any changes thereto.

Article 5

Tasks of the collection bodies and responsibilities of entities

1.   The collection bodies shall do the following:

(a)

collect the information submitted by entities;

(b)

store the information submitted by entities or generated by the collection bodies themselves and, where relevant, rely on existing procedures and infrastructure in place for the storage of information;

(c)

perform technical automated validations in respect of the information submitted by entities to verify whether the information complies with the following:

(i)

it has been submitted using a data extractable format or, where appropriate, the machine-readable format specified in any of the Union legislative acts under Article 1(1), point (a), pursuant to which the information is submitted;

(ii)

the metadata for the information, as specified pursuant to paragraph 10, point (e), of this Article and, where applicable, Article 3(1), point (a), is available and complete;

(iii)

it is accompanied by a qualified electronic seal, where required;

(d)

not impose conditions on the use and re-use of the information accessible on ESAP, other than conditions that correspond to those laid down in open standard licences as referred to in Article 9;

(e)

implement the API and provide ESAP, free of charge and within the applicable time limits, with the information, the metadata for that information and, where required, the qualified electronic seal;

(f)

insofar as it falls within the technical competence of the collection body, provide assistance to the entities submitting the information in relation to, at least, the submission, rejection and resubmission process;

(g)

ensure that the information referred to in Article 1(1) remains available to ESAP for at least 10 years, unless otherwise provided in the Union legislative acts under Article 1(1), point (a).

For the purposes of point (g) of the first subparagraph of this paragraph, and in accordance with Regulations (EU) 2016/679 and (EU) No 2018/1725, the collection bodies shall take the appropriate technical and organisational measures to ensure that, where the metadata accompanying the submitted information refers to any personal data, that information is not retained for the purpose of being made available to ESAP, nor made accessible on ESAP, for longer than five years, unless otherwise provided in the Union legislative acts under Article 1(1), point (a), of this Regulation.

2.   The collection bodies may reject information submitted by entities where the information is manifestly inappropriate, abusive or outside the scope of the information referred to in Article 1(1).

The collection bodies shall remove information made accessible on ESAP that they determine to be manifestly inappropriate, abusive or outside the scope of the information referred to in Article 1(1).

3.   The collection bodies shall reject information submitted by entities where the automated validations referred to in paragraph 1, point (c), of this Article reveal that the information does not comply with the requirements laid down in that point or, where relevant, on the basis of notifications received pursuant to Article 10(2).

4.   The collection bodies shall notify entities of the rejection or the removal of information and the reasons therefor, within a reasonable timeframe.

5.   Where the information submitted by an entity pursuant to Article 1(1), point (a), is rejected or removed by a collection body, that entity shall rectify and resubmit the information without undue delay. The collection body shall notify ESMA where information is rejected, removed or replaced pursuant to paragraph 2 of this Article.

Entities may choose to submit information only once and to one collection body only. The submission and any re-submission of information, together with the relevant accompanying metadata, shall be made to the same collection body.

6.   Entities shall be responsible for the completeness and accuracy of the information in the language in which it is submitted, as well as for the relevant accompanying metadata they submit to the collection bodies. In particular, entities shall be responsible for the identification of the inclusion of personal data in the information that they submit to the collection body together with the relevant accompanying metadata indicating whether the information contains personal data.

7.   As regards the information within the scope of this Regulation, the collection bodies shall not exercise the right of the maker of a database, referred to in Article 7(1) of Directive 96/9/EC of the European Parliament and of the Council (15), or any other intellectual property rights in a way that prevents or restricts the use and re-use of the contents of the database pursuant to Article 9 of this Regulation.

8.   A collection body may delegate the tasks referred to in paragraph 1, points (a), (b), (c), (e), (f), (g) and paragraphs 3 and 4 to a legal person governed by the law of a Member State or to a Union body, office or agency (the ‘delegatee’). Any delegation of tasks shall take the form of a written agreement specifying the tasks to be delegated and the conditions under which they are to be carried out (‘delegation agreement’).

The conditions set out in the delegation agreement shall ensure that:

(a)

the delegatee has no conflict of interest;

(b)

the delegatee does not use the information obtained improperly or in an anti-competitive manner or for a purpose other than the one stated in the delegation agreement;

(c)

the delegatee ensures the protection of the information in accordance with Article 6 in relation to the delegated tasks;

(d)

the delegatee regularly informs the collection body regarding its overall performance of the delegated tasks;

(e)

without undue delay, the delegatee informs the collection body of any failure to perform a delegated task.

The collection body shall remain responsible for any tasks that it delegates, including making available to ESMA any information needed by ESMA regarding a delegated task.

The collection body’s liability shall not be affected by the fact that the collection body has delegated tasks to a third party. The collection body shall not delegate its tasks to such an extent that it can no longer be considered a collection body.

The collection body shall ensure that any delegation of tasks is exercised in a cost-efficient manner and that, as far as possible, the delegation is used to allow existing collection procedures and infrastructure to continue to apply for the purposes of ESAP.

The collection body shall notify ESMA of any delegation agreement it concludes.

9.   The collection bodies shall ensure appropriate levels of authenticity, availability, integrity and non-repudiation of the information submitted by entities to be made accessible on ESAP. For the purposes of ensuring those levels, Member States may permit the collection bodies to require that the information that is submitted by entities to be made accessible on ESAP be accompanied by a qualified electronic seal.

10.   The ESAs, through the Joint Committee, shall develop draft implementing technical standards specifying the following:

(a)

how the technical automated validations referred to in paragraph 1, point (c), of this Article are to be performed for each type of information submitted by entities;

(b)

the characteristics of the qualified electronic seal referred to in paragraph 1, point (c)(iii), of this Article and in paragraph 9 of this Article;

(c)

the open standard licences referred to in paragraph 1, point (d), of this Article;

(d)

the characteristics of the API to be implemented pursuant to paragraph 1, point (e), of this Article;

(e)

the characteristics of the metadata necessary for the ESAP search function referred to in Article 7(3), metadata referred to in paragraph 6 of this Article and any other metadata necessary for the functioning of ESAP;

(f)

the time limits referred to in paragraph 1, point (e), of this Article;

(g)

the indicative list and characteristics of formats that are acceptable as data extractable formats and as machine-readable formats as referred to in paragraph 1, point (c)(i), of this Article.

11.   When developing the draft implementing technical standards referred to in paragraph 10, the ESAs shall take into consideration any standards that already exist in the corresponding sectoral Union legislative acts and in particular the standards specifically designed for SMEs.

The ESAs shall submit those draft implementing technical standards to the Commission by 10 September 2024.

Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph of this paragraph in accordance with Article 15 of Regulation (EU) No 1093/2010, Article 15 of Regulation (EU) No 1094/2010 and Article 15 of Regulation (EU) No 1095/2010.

12.   Collection bodies that are Union bodies, offices or agencies that make historical information available to ESAP in accordance with Article 1(3) shall do the following:

(a)

prepare that information in a data extractable format;

(b)

accompany that information by metadata specifying the following:

(i)

the names of the entity;

(ii)

the type of information, as classified pursuant to Article 7(4), point (c);

(iii)

where available, the legal entity identifier of the entity, as specified pursuant to Article 7(4), point (b);

(c)

specify that the information is historical information.

By way of derogation from paragraph 1, point (g), of this Article, historical information shall not be made accessible on ESAP for longer than five years.

Article 6

Cybersecurity

ESMA shall put in place an effective and proportionate IT security policy for ESAP and shall ensure appropriate levels of authenticity, availability, integrity and non-repudiation of the information made accessible on ESAP and of the protection of personal data. ESMA may carry out periodic reviews of the IT security policy and the cybersecurity situation of ESAP in the light of evolving international and Union cybersecurity trends and latest developments.

Article 7

Functionalities of ESAP

1.   ESMA shall ensure that ESAP has at least the following functionalities:

(a)

a web portal with a user-friendly interface, which takes into account the access needs of persons with disabilities, to provide access to the information on ESAP in all official languages of the Union;

(b)

an API enabling easy access to the information on ESAP;

(c)

a search function in all official languages of the Union;

(d)

an information viewer;

(e)

a machine translation service for the information retrieved;

(f)

a download service, including for the download of large quantities of data;

(g)

a notification service informing users of any new information on ESAP;

(h)

the presentation of information submitted on a voluntary basis pursuant to Article 1(1), point (b), in such a manner that:

(i)

it can be clearly distinguished from information submitted on a mandatory basis pursuant to Article 1(1), point (a);

(ii)

where applicable, users are informed that the information does not necessarily meet all the requirements for information submitted on a mandatory basis pursuant to Article 1(1), point (a), and will not necessarily be updated over time.

2.   ESMA shall ensure that ESAP provides for the functionalities referred to in paragraph 1, points (e) and (g), by 10 July 2028. ESMA shall ensure that ESAP provides for the functionalities referred to in paragraph 1, point (h), by 9 January 2030.

3.   The search function referred to in paragraph 1, point (c), of this Article shall allow for a search on the basis of the following metadata:

(a)

the names of the entity that submitted the information and of the natural or legal person to which the information relates;

(b)

the legal entity identifier of the entity that submitted the information and of the legal person to which the information relates;

(c)

the type of information, as referred to in Article 1(1), submitted by the entity and whether such information was submitted on a mandatory basis under Article 1(1), point (a), or on a voluntary basis under point (b) of that paragraph;

(d)

the date and time when the information was submitted by the entity to the collection body;

(e)

the date or period to which the information relates;

(f)

the size of the entity by category that submitted the information and of the legal person to which the information relates;

(g)

the country of the registered office of the legal person to which the information relates;

(h)

the industry sector(s) of the economic activities of the natural or legal person to which the information relates;

(i)

the collection body responsible for the collection of the information;

(j)

the language in which the information was submitted.

4.   The ESAs, through the Joint Committee, shall develop draft implementing technical standards specifying the following:

(a)

the characteristics of the API referred to in paragraph 1, point (b);

(b)

the specific legal entity identifier referred to in paragraph 3, point (b);

(c)

the classification of the types of information referred to in paragraph 3, point (c);

(d)

the categories of the size of the entities referred to in paragraph 3, point (f);

(e)

the characterisation of industry sectors referred to in paragraph 3, point (h).

The ESAs shall submit those draft implementing technical standards to the Commission by 10 September 2024.

Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph of this paragraph in accordance with Article 15 of Regulation (EU) No 1093/2010, Article 15 of Regulation (EU) No 1094/2010 and Article 15 of Regulation (EU) No 1095/2010.

Article 8

Access to information on ESAP

1.   In order to promote transparency and the smooth functioning of Union capital markets, ESMA shall ensure that access to information on ESAP is provided on a non-discriminatory basis and that users have direct and immediate access free of charge to the information on ESAP.

2.   ESMA shall, however, charge fees for specific services with high maintenance and support costs or that involve searches for and downloads of large volumes of information. Those fees shall not exceed the direct costs incurred by ESMA for the provision of those services. The fees collected for those services shall be allocated to the overall functioning of ESAP.

3.   ESMA may require users of the services for which ESMA charges fees, as referred to in paragraph 2, to complete a digital declaration.

4.   Notwithstanding paragraph 2, ESMA shall allow the following entities to have direct and immediate access to the information on ESAP free of charge to the extent necessary for those entities to fulfil their respective responsibilities, mandates and obligations:

(a)

any Union institution, body, office or agency;

(b)

any competent authority designated by a Member State pursuant to a Union legislative act;

(c)

any member of the European Statistical System as defined in Article 4 of Regulation (EC) No 223/2009 of the European Parliament and of the Council (16);

(d)

any member of the European System of Central Banks;

(e)

the resolution authorities designated under Article 3 of Directive 2014/59/EU of the European Parliament and the Council (17);

(f)

any governmental institution, body or agency of a Member State;

(g)

any educational and training establishment for the sole purposes of research, academia, news organisations and non-governmental organisations insofar as access to the information is necessary in the performance of their tasks;

(h)

entities providing and using information on ESAP to fulfil their regulatory obligations.

5.   For the purposes of paragraph 2, ESMA shall develop draft implementing technical standards to determine the nature and extent of the specific services for which fees may be charged and to determine the associated fee structure.

ESMA shall submit those draft implementing technical standards to the Commission.

Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph of this paragraph in accordance with Article 15 of Regulation (EU) No 1095/2010.

6.   ESMA shall publish and make easily accessible on the ESAP website the fee structure, the volume thresholds, if relevant, and the rates. ESMA shall review the volume thresholds and the rates on an annual basis.

Article 9

Use and re-use of information accessible on ESAP

1.   Neither ESMA nor the collection bodies shall bear any liability for the access, use or re-use of information submitted by entities to the collection bodies and made accessible on ESAP.

2.   Personal data accessible on ESAP shall be used and re-used in accordance with Regulation (EU) 2016/679. Any personal data that is re-used shall not be retained for longer than necessary and in any event for no longer than five years, unless otherwise provided in Union legislative acts under Article 1(1), point (a), of this Regulation.

3.   ESMA shall ensure that the use and re-use of information accessible on ESAP is not subject to any conditions unless those conditions fulfil the following requirements:

(a)

they are objective and non-discriminatory;

(b)

they are justified on the grounds of a public interest objective;

(c)

where appropriate, depending on the type of information, they correspond to the conditions laid down in open standard licences within the meaning of Article 2, point (5), of Directive (EU) 2019/1024, and allow the free use, modification and sharing of that information by anyone and for any purpose.

4.   The use and re-use for regulatory and non-commercial purposes of the information made accessible on ESAP shall not be limited by entities submitting their information for publication on the basis of a sui generis right referred to in Article 7(1) of Directive 96/9/EC.

Article 10

Quality of the information

1.   ESMA shall perform automated validations to verify whether all information provided to ESAP by the collection bodies complies with the requirements laid down in Article 5(1), point (c).

Where the information provided by the collection body was submitted by an entity, ESMA may perform the automated validations on the basis of samples. Such automated validations shall not differ from those carried out by the collection bodies pursuant to Article 5(1), point (c).

2.   ESMA shall implement appropriate technical processes to automatically notify a collection body in cases where the information provided does not comply with the requirements laid down in Article 5(1), point (c). In cases of non-compliance with those requirements, entities shall bear the responsibility for the information. The collection body shall notify the entity in cases where the information has been rejected and the reasons for that rejection in accordance with Article 5(4).

3.   ESMA may perform additional data quality, integrity and proof of origin checks. On the basis of the results of those checks, ESMA may notify the collection bodies of deficiencies identified and suspend making information accessible on ESAP.

Article 11

Tasks of ESMA

1.   ESMA shall, in close cooperation with EBA and EIOPA do the following:

(a)

ensure that the information provided by the collection bodies, following submission by the entities, is made accessible without undue delay on ESAP;

(b)

provide service support to the collection bodies;

(c)

ensure that ESAP is accessible for at least 97 % of the time per month, excluding cases of scheduled maintenance, content updates and page upgrades, in which case a clear notice is to be given to users indicating the likely duration of the interruption of services provided by ESAP;

(d)

consult, as appropriate, with the collection bodies to address common issues and common principles of conduct, and in particular to discuss:

(i)

the daily management of ESAP;

(ii)

the development and implementation of a quality policy and, where appropriate, of service level agreements between ESMA and the collection bodies;

(iii)

the funding conditions of ESAP, including the situations in which fees may be charged and the calculation of those fees;

(iv)

existing and potential threats in relation to cybersecurity;

(v)

the implementation and functioning of ESAP in relation to any delegation of tasks in accordance with Article 5(8);

(e)

monitor the implementation and functioning of ESAP and report annually thereon to the Commission, as specified in Article 12.

2.   For the purposes of paragraph 1 of this Article, ESMA shall ensure, through the establishment of an ad hoc task force, group or committee, as appropriate, that experts and relevant stakeholders are consulted to provide advice and support on the technical implementation of ESAP. In addition, ESMA may consult the Securities and Markets Stakeholders Group referred to in Article 37 of Regulation (EU) No 1095/2010.

3.   Unless necessary for the purpose of facilitating access to the information provided by the collection bodies and implementing the requirements of this Regulation, ESMA shall not store information containing personal data except for automatic, intermediate and transient processing. ESMA shall take the appropriate technical and organisational measures to ensure that personal data processing via ESAP is carried out in accordance with Regulation (EU) 2018/1725 and that information containing personal data is not retained or made available any longer than as provided for in Article 5(1), point (g).

4.   ESMA shall ensure that personal data processing complies with the legal framework for the protection of personal data processed by Union institutions, bodies, offices and agencies.

Article 12

Monitoring the implementation and functioning of ESAP

1.   ESMA, in close cooperation with EBA and EIOPA, shall monitor the functioning of ESAP based on at least the qualitative and quantitative indicators laid down in paragraph 2, and shall publish and submit to the European Parliament and to the Council an annual report on the functioning of ESAP.

2.   The qualitative and quantitative indicators referred to in paragraph 1 are the following:

(a)

the number of visitors, searches and downloads;

(b)

the types of information viewed and downloaded by percentage;

(c)

the fees referred to in Article 8(2) and amounts charged by ESMA;

(d)

the percentage of searches that lead to a view or a download per type of information and access;

(e)

the amount and percentage of machine-readable information accessible on ESAP and the amount and percentage of machine-readable views and downloads;

(f)

the proportion of notifications pursuant to the automated validations referred to in Article 10(2);

(g)

any significant malfunction or incident affecting the operation or overall performance of ESAP;

(h)

an assessment of the accessibility, quality, usability, reliability and timeliness of the information on ESAP;

(i)

an assessment of whether ESAP meets its objectives, taking into account the evolution of its use and information flows within the Union;

(j)

an assessment of end-user satisfaction;

(k)

a comparison with similar systems in third countries.

3.   Before submitting the report referred to in paragraph 1 of this Article, ESMA shall consult the ad hoc task force, group or committee to be established pursuant to Article 11(2) of this Regulation and it may consult the Securities and Markets Stakeholder Group referred to in Article 37 of Regulation (EU) No 1095/2010.

Article 13

Review

1.   By 10 January 2029 the Commission shall, in close cooperation with ESMA, and taking into account the annual reports referred to in Article 12, submit a report to the European Parliament and to the Council on the implementation, functioning and effectiveness of ESAP.

2.   The report referred to in paragraph 1 shall address the following:

(a)

the technical challenges faced by entities and by the collection bodies during the implementation of ESAP;

(b)

the effectiveness of the information collection and transmission system for ESAP purposes;

(c)

the operational resilience of ESAP against ICT risks and the reliability of the information made accessible on ESAP, including by means of qualified electronic seals;

(d)

the costs incurred by entities and by the collection bodies, including an assessment of whether the collection bodies which are competent authorities have increased their supervisory fees as a result of the costs incurred because of ESAP;

(e)

the costs incurred by ESMA as the operator of ESAP and the funding scheme of ESAP;

(f)

the impact of ESAP on public access to entities’ information in the area of financial services, capital markets and sustainability;

(g)

the impact of ESAP on entities’ visibility to cross-border investors, including the visibility of SMEs;

(h)

the impact of ESAP on the market position of private data providers in the Union;

(i)

the interoperability of ESAP with similar global platforms;

(j)

the implementation and functioning of ESAP in relation to delegation of tasks in accordance with Article 5(8).

3.   Taking into account the added value, technical challenges and expected costs, the report referred to in paragraph 1 shall include a cost-benefit analysis linked to future inclusion within the scope of this Regulation of possibly relevant information that is not yet accessible on ESAP at the time when the report is drawn up, thus resulting in a data gap.

The report shall also include recommendations on the future development of ESAP.

4.   The Commission shall adopt a delegated act in accordance with Article 14 amending the Union legislative acts referred to in the second subparagraph of this paragraph in order to postpone the inclusion on ESAP of information for which submission to ESAP is not yet required or permitted pursuant to Article 1(1), point (a), by a maximum of 36 months if the Commission concludes in the report referred to in paragraph 1 of this Article that there is evidence of severe and pervasive difficulties as regards the elements listed in paragraph 2, points (a) and (b), of this Article.

The Union legislative acts referred to in the first subparagraph of this paragraph shall comprise the following:

Regulation (EU) No 575/2013 (Article 434b);

Regulation (EU) No 537/2014 (Article 13a);

Regulation (EU) No 600/2014 (Article 23a);

Regulation (EU) 2015/760 (Article 25a);

Regulation (EU) 2015/2365 (Article 32a);

Regulation (EU) 2017/1131 (Article 37a);

Regulation (EU) 2019/2033 (Article 46a);

Regulation (EU) 2023/1114 (Article 110a);

Regulation (EU) 2023/2631 (Article 15a);

Directive 2002/87/EC (Article 30b);

Directive 2004/25/EC (Article 16a);

Directive 2006/43/EC (Article 20a);

Directive 2007/36/EC (Article 14c);

Directive 2009/138/EC (Article 304b);

Directive 2011/61/EU (Article 69b);

Directive 2013/36/EU (Article 116a);

Directive 2014/59/EU (Article 128a);

Directive 2014/65/EU (Article 87a);

Directive (EU) 2016/97 (Article 40a);

Directive (EU) 2016/2341 (Article 63a);

Directive (EU) 2019/2034 (Article 44a);

Directive (EU) 2019/2162 (Article 29a).

Article 14

Exercise of the delegation

1.   The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.

2.   The power to adopt a delegated act referred to in Article 13(4) shall be conferred on the Commission for a period of 12 months from the publication of the report referred to in Article 13(1).

3.   The delegation of power referred to in Article 13(4) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect on the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

4.   Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making.

5.   As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.

6.   A delegated act shall enter into force only if no objection has been expressed either by the European Parliament or by the Council within a period of three months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by three months at the initiative of the European Parliament or of the Council.

Article 15

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Strasbourg, 13 December 2023.

For the European Parliament

The President

R. METSOLA

For the Council

The President

P. NAVARRO RÍOS


(1)   OJ C 290, 29.7.2022, p. 58.

(2)  Position of the European Parliament of 9 November 2023 (not yet published in the Official Journal) and decision of the Council of 27 November 2023.

(3)  Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC (OJ L 331, 15.12.2010, p. 12).

(4)  Regulation (EU) No 1094/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Insurance and Occupational Pensions Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/79/EC (OJ L 331, 15.12.2010, p. 48).

(5)  Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84).

(6)  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).

(7)  Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and the re-use of public sector information (OJ L 172, 26.6.2019, p. 56).

(8)  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).

(9)   OJ C 307, 12.8.2022, p. 3.

(10)  Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73).

(11)  Directive (EU) 2023/2864 of the European Parliament and of the Council of 13 December 2023 amending certain Directives as regards the establishment and functioning of the European single access point (OJ L, 2023/2864, 20.12.2023, ELI: http://data.europa.eu/eli/dir/2023/2864/oj).

(12)  Regulation (EU) 2023/2869 of the European Parliament and of the Council of 13 December 2023 amending certain Regulations as regards the establishment and functioning of the European single access point (OJ L, 2023/2869, 20.12.2023, ELI: http://data.europa.eu/eli/reg/2023/2869/oj).

(13)   OJ L 123, 12.5.2016, p. 1.

(14)  Regulation (EU) 2021/694 of the European Parliament and of the Council of 29 April 2021 establishing the Digital Europe Programme and repealing Decision (EU) 2015/2240 (OJ L 166, 11.5.2021, p. 1).

(15)  Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases (OJ L 77, 27.3.1996, p. 20).

(16)  Regulation (EC) No 223/2009 of the European Parliament and of the Council of 11 March 2009 on European statistics and repealing Regulation (EC, Euratom) No 1101/2008 of the European Parliament and of the Council on the transmission of data subject to statistical confidentiality to the Statistical Office of the European Communities, Council Regulation (EC) No 322/97 on Community Statistics, and Council Decision 89/382/EEC, Euratom establishing a Committee on the Statistical Programmes of the European Communities (OJ L 87, 31.3.2009, p. 164).

(17)  Directive 2014/59/EU of the European Parliament and of the Council of 15 May 2014 establishing a framework for the recovery and resolution of credit institutions and investment firms and amending Council Directive 82/891/EEC, and Directives 2001/24/EC, 2002/47/EC, 2004/25/EC, 2005/56/EC, 2007/36/EC, 2011/35/EU, 2012/30/EU and 2013/36/EU, and Regulations (EU) No 1093/2010 and (EU) No 648/2012, of the European Parliament and of the Council (OJ L 173, 12.6.2014, p. 190).


ANNEX

List of Union legislative acts under Article 1(1), point (a), of this Regulation

PART A —   REGULATIONS

1.

Regulation (EC) No 1060/2009 of the European Parliament and of the Council of 16 September 2009 on credit rating agencies (OJ L 302, 17.11.2009, p. 1).

2.

Regulation (EU) No 236/2012 of the European Parliament and of the Council of 14 March 2012 on short selling and certain aspects of credit default swaps (OJ L 86, 24.3.2012, p. 1).

3.

Regulation (EU) No 345/2013 of the European Parliament and of the Council of 17 April 2013 on European venture capital funds (OJ L 115, 25.4.2013, p. 1).

4.

Regulation (EU) No 346/2013 of the European Parliament and of the Council of 17 April 2013 on European social entrepreneurship funds (OJ L 115, 25.4.2013, p. 18).

5.

Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and amending Regulation (EU) No 648/2012 (OJ L 176, 27.6.2013, p. 1).

6.

Regulation (EU) No 537/2014 of the European Parliament and of the Council of 16 April 2014 on specific requirements regarding statutory audit of public-interest entities and repealing Commission Decision 2005/909/EC (OJ L 158, 27.5.2014, p. 77).

7.

Regulation (EU) No 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse (market abuse regulation) and repealing Directive 2003/6/EC of the European Parliament and of the Council and Commission Directives 2003/124/EC, 2003/125/EC and 2004/72/EC (OJ L 173, 12.6.2014, p. 1).

8.

Regulation (EU) No 600/2014 of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Regulation (EU) No 648/2012 (OJ L 173, 12.6.2014, p. 84).

9.

Regulation (EU) No 1286/2014 of the European Parliament and of the Council of 26 November 2014 on key information documents for packaged retail and insurance-based investment products (PRIIPs) (OJ L 352, 9.12.2014, p. 1).

10.

Regulation (EU) 2015/760 of the European Parliament and of the Council of 29 April 2015 on European long-term investment funds (OJ L 123, 19.5.2015, p. 98).

11.

Regulation (EU) 2015/2365 of the European Parliament and of the Council of 25 November 2015 on transparency of securities financing transactions and of reuse and amending Regulation (EU) No 648/2012 (OJ L 337, 23.12.2015, p. 1).

12.

Regulation (EU) 2016/1011 of the European Parliament and of the Council of 8 June 2016 on indices used as benchmarks in financial instruments and financial contracts or to measure the performance of investment funds and amending Directives 2008/48/EC and 2014/17/EU and Regulation (EU) No 596/2014 (OJ L 171, 29.6.2016, p. 1).

13.

Regulation (EU) 2017/1129 of the European Parliament and of the Council of 14 June 2017 on the prospectus to be published when securities are offered to the public or admitted to trading on a regulated market, and repealing Directive 2003/71/EC (OJ L 168, 30.6.2017, p. 12).

14.

Regulation (EU) 2017/1131 of the European Parliament and of the Council of 14 June 2017 on money market funds (OJ L 169, 30.6.2017, p. 8).

15.

Regulation (EU) 2019/1238 of the European Parliament and of the Council of 20 June 2019 on a pan-European Personal Pension Product (PEPP) (OJ L 198, 25.7.2019, p. 1).

16.

Regulation (EU) 2019/2033 of the European Parliament and of the Council of 27 November 2019 on the prudential requirements of investment firms and amending Regulations (EU) No 1093/2010, (EU) No 575/2013, (EU) No 600/2014 and (EU) No 806/2014 (OJ L 314, 5.12.2019, p. 1).

17.

Regulation (EU) 2019/2088 of the European Parliament and of the Council of 27 November 2019 on sustainability-related disclosures in the financial services sector (OJ L 317, 9.12.2019, p. 1).

18.

Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (OJ L 150, 9.6.2023, p. 40).

19.

Regulation (EU) 2023/2631 of European Parliament and of the Council of 22 November 2023 on European Green Bonds and optional disclosures for bonds marketed as environmentally sustainable and for sustainability-linked bonds (OJ L, 2023/2631, 30.11.2023, ELI: http://data.europa.eu/eli/reg/2023/2631/oj).

PART B —   DIRECTIVES

1.

Directive 2002/87/EC of the European Parliament and of the Council of 16 December 2002 on the supplementary supervision of credit institutions, insurance undertakings and investment firms in a financial conglomerate and amending Council Directives 73/239/EEC, 79/267/EEC, 92/49/EEC, 92/96/EEC, 93/6/EEC and 93/22/EEC, and Directives 98/78/EC and 2000/12/EC of the European Parliament and of the Council (OJ L 35, 11.2.2003, p. 1).

2.

Directive 2004/25/EC of the European Parliament and of the Council of 21 April 2004 on takeover bids (OJ L 142, 30.4.2004, p. 12).

3.

Directive 2004/109/EC of the European Parliament and of the Council of 15 December 2004 on the harmonisation of transparency requirements in relation to information about issuers whose securities are admitted to trading on a regulated market and amending Directive 2001/34/EC (OJ L 390, 31.12.2004, p. 38).

4.

Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC (OJ L 157, 9.6.2006, p. 87).

5.

Directive 2007/36/EC of the European Parliament and of the Council of 11 July 2007 on the exercise of certain rights of shareholders in listed companies (OJ L 184, 14.7.2007, p. 17).

6.

Directive 2009/65/EC of the European Parliament and of the Council of 13 July 2009 on the coordination of laws, regulations and administrative provisions relating to undertakings for collective investment in transferable securities (UCITS) (OJ L 302, 17.11.2009, p. 32).

7.

Directive 2009/138/EC of the European Parliament and of the Council of 25 November 2009 on the taking-up and pursuit of the business of Insurance and Reinsurance (Solvency II) (OJ L 335, 17.12.2009, p. 1).

8.

Directive 2011/61/EU of the European Parliament and of the Council of 8 June 2011 on Alternative Investment Fund Managers and amending Directives 2003/41/EC and 2009/65/EC and Regulations (EC) No 1060/2009 and (EU) No 1095/2010 (OJ L 174, 1.7.2011, p. 1).

9.

Directive 2013/34/EU of the European Parliament and of the Council of 26 June 2013 on the annual financial statements, consolidated financial statements and related reports of certain types of undertakings, amending Directive 2006/43/EC of the European Parliament and of the Council and repealing Council Directives 78/660/EEC and 83/349/EEC (OJ L 182, 29.6.2013, p. 19).

10.

Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338).

11.

Directive 2014/59/EU of the European Parliament and of the Council of 15 May 2014 establishing a framework for the recovery and resolution of credit institutions and investment firms and amending Council Directive 82/891/EEC, and Directives 2001/24/EC, 2002/47/EC, 2004/25/EC, 2005/56/EC, 2007/36/EC, 2011/35/EU, 2012/30/EU and 2013/36/EU, and Regulations (EU) No 1093/2010 and (EU) No 648/2012, of the European Parliament and of the Council (OJ L 173, 12.6.2014, p. 190).

12.

Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349).

13.

Directive (EU) 2016/97 of the European Parliament and of the Council of 20 January 2016 on insurance distribution (OJ L 26, 2.2.2016, p. 19).

14.

Directive (EU) 2016/2341 of the European Parliament and of the Council of 14 December 2016 on the activities and supervision of institutions for occupational retirement provision (IORPs) (OJ L 354, 23.12.2016, p. 37).

15.

Directive (EU) 2019/2034 of the European Parliament and of the Council of 27 November 2019 on the prudential supervision of investment firms and amending Directives 2002/87/EC, 2009/65/EC, 2011/61/EU, 2013/36/EU, 2014/59/EU and 2014/65/EU (OJ L 314, 5.12.2019, p. 64).

16.

Directive (EU) 2019/2162 of the European Parliament and of the Council of 27 November 2019 on the issue of covered bonds and covered bond public supervision and amending Directives 2009/65/EC and 2014/59/EU (OJ L 328, 18.12.2019, p. 29).

ELI: http://data.europa.eu/eli/reg/2023/2859/oj

ISSN 1977-0677 (electronic edition)