|
Official Journal |
EN L series |
|
2026/1291 |
15.6.2026 |
COMMISSION IMPLEMENTING REGULATION (EU) 2026/1291
of 12 June 2026
laying down implementing technical standards for the application of Regulation (EU) No 596/2014 of the European Parliament and of the Council with regard to the format of insider lists, and repealing Commission Implementing Regulation (EU) 2022/1210
(Text with EEA relevance)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse (market abuse regulation) and repealing Directive 2003/6/EC of the European Parliament and of the Council and Commission Directives 2003/124/EC, 2003/125/EC and 2004/72/EC (1), and in particular Article 18(9), third subparagraph, thereof,
Whereas:
|
(1) |
Pursuant to Article 18 of Regulation (EU) No 596/2014, issuers, emission allowance market participants, auction platforms, auctioneers, auction monitors (‘entities’) and any person acting on their behalf or on their account are required to draw up and promptly update a list of all persons who have access to inside information and who are working for them under a contract of employment, or otherwise performing tasks through which they have access to inside information, including advisers, accountants or credit rating agencies (‘insider list’) in accordance with a precise format. The establishment of a precise format, including the use of standard templates, should facilitate the uniform application of the requirement to draw up and promptly update insider lists. The establishment of such a precise format should also ensure that competent authorities are provided with the information necessary to fulfil the task of protecting the integrity of the financial markets and investigate possible market abuse. |
|
(2) |
Article 18(9) of Regulation (EU) No 596/2014 empowered the Commission to determine the precise format of insider lists and the format for updating insider lists which the Commission did in Commission Implementing Regulation (EU) 2016/347 (2). Regulation (EU) 2019/2115 of the European Parliament and of the Council (3) amended Article 18 of Regulation (EU) No 596/2014 to introduce the possibility for issuers whose financial instruments are admitted to trading on an SME growth market to maintain only a list of persons who, due to the nature of their function or position within the issuer, have regular access to inside information, while giving Member States the option of introducing a requirement for those issuers to provide more extensive insider lists that include all persons who have access to inside information, where justified by specific national market integrity concerns. Regulation (EU) 2019/2115 also introduced in Article 18(6) of Regulation (EU) No 596/2014 a new empowerment for the Commission to determine the format of those more extensive insider lists and required that such a format be proportionate and represent a lighter administrative burden compared to the format determined in accordance with Article 18(9) of Regulation (EU) No 596/2014 (‘alleviated format’). The Commission acted upon that empowerment by adopting Commission Implementing Regulation (EU) 2022/1210 (4), which repealed Implementing Regulation (EU) 2016/347. Regulation (EU) 2024/2809 of the European Parliament and of the Council (5) further amended Regulation (EU) No 596/2014 by deleting the empowerment in Article 18(6) and replacing the empowerment in Article 18(9) with a new empowerment for the Commission to review the implementing technical standards on the format of the insider lists to extend the use of the alleviated format to all insider lists referred to in Article 18(1) and (6), first and second subparagraphs. It follows that Implementing Regulation (EU) 2022/1210 should be repealed and replaced by a new Regulation. |
|
(3) |
To ensure that the drawing up and updating of insider lists impose only a limited administrative burden, while enabling competent authorities to identify persons that have access to inside information and establish links between insiders and persons involved in suspicious trading, the insider lists referred to in Article 18(1) and (6), first and second subparagraphs, of Regulation (EU) No 596/2014 should be drawn up and updated in accordance with the alleviated format that has so far applied to the insider lists referred to in Article 18(6), second subparagraph, of that Regulation. |
|
(4) |
Pursuant to Article 18 of Regulation (EU) No 596/2014, persons acting on behalf or on the account of an entity are to draw up and promptly update a list of all persons who have access to inside information that concerns that entity and who are working for them under a contract of employment, or are otherwise performing tasks through which they have access to inside information. To avoid unnecessary duplication of data and to minimise administrative burdens, where a legal person acts on behalf or on the account of an entity (‘third-party service provider’) and has access to inside information which directly concerns that entity, that entity should include in its insider list the details of only one natural person acting as a contact person for that third-party service provider. |
|
(5) |
Since multiple pieces of inside information can exist within an entity at the same time, the insider lists referred to in Article 18(1) and (6), second subparagraph, of Regulation (EU) No 596/2014 should identify the exact piece of inside information to which the persons referred to in Article 18(1) of Regulation (EU) No 596/2014 have access. To that end, those insider lists should contain a section specific to each piece of inside information (the ‘event-based section’). Each event-based section should list all persons having access to a specific piece of inside information and, for each person, indicate the date and time when the insider obtained access to that piece of inside information and the date and time when the insider ceased to have access to that piece of inside information. A new section should be added to the insider lists referred to in Article 18(1) and (6), second subparagraph, of Regulation (EU) No 596/2014 upon the identification of a new piece of inside information. |
|
(6) |
To reduce administrative burdens and avoid duplicative entries in the insider lists referred to in Article 18(1) and (6), second subparagraph, of Regulation (EU) No 596/2014 with respect to persons who, due to the nature of their function or position within an entity, have access to all inside information at all times (‘permanent insiders’), it should be possible to list those persons in a supplementary section of the insider list (the ‘permanent insiders’ section’). As that section should be of a different nature to the event-based sections of the insider list, it should not be created each time upon the identification of a new piece of inside information. That section should rather specify the date and time when a permanent insider obtained and ceased to have access to all inside information at all times. An entity that decides to draw up and keep up to date a permanent insiders’ section, should not include the permanent insiders listed therein also in the event-based sections of the insider list, since those insiders are deemed to have access to all inside information at all times. |
|
(7) |
Since Article 18(6), first subparagraph, of Regulation (EU) No 596/2014 allows issuers whose financial instruments are admitted to trading on an SME growth market to include in their insider lists only those persons who, due to the nature of their function or position within the issuer, have regular access to inside information, the insider lists referred to in that provision should not include separate event-based sections. Instead, they should list all insiders having regular access to inside information and, for each of them, specify the date and time when the insider obtained and ceased to have regular access to inside information. It follows that that list of insiders should not be amended each time upon the emergence of a specific piece of inside information, unless the list of insiders having regular access to inside information changes. |
|
(8) |
This Regulation respects the fundamental rights and observes the principles recognised by the Charter of Fundamental Rights of the European Union, and notably the right to protection of personal data. The processing of personal data for the purposes of this Regulation should be carried out in accordance with Union law on the protection of personal data. In that regard, any processing of personal data performed by competent authorities in application of this Regulation should be carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (6). |
|
(9) |
To ensure that the insider lists can be made available to the competent authority as soon as possible upon request and that they can always be updated without delay, insider lists should be kept in an electronic form. The electronic form should ensure that the information included in the insider list is kept confidential. To avoid a disproportionate administrative burden on issuers whose financial instruments are admitted to trading on an SME growth market, such issuers should not be required to draw up and keep up to date the insider list in an electronic form, provided that the completeness, confidentiality and integrity of the information included in the insider list is ensured. |
|
(10) |
To reduce the administrative burden associated with the transmission of insider lists to the competent authority, the specific electronic means of transmission should be determined by the competent authorities themselves, while ensuring the confidentiality of those lists. |
|
(11) |
The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (7) and delivered formal comments on 4 February 2026. |
|
(12) |
This Regulation is based on the draft implementing technical standards submitted to the Commission by the European Securities and Markets Authority (ESMA). |
|
(13) |
ESMA has conducted open public consultations on the draft implementing technical standards on which this Regulation is based and requested the advice of the Securities Markets Stakeholder Group established by Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council (8). ESMA did not analyse the potential related costs and benefits as that would have been disproportionate in relation to the expected impact on market participants of the amendments, |
HAS ADOPTED THIS REGULATION:
Article 1
Insider list referred to in Article 18(1) of Regulation (EU) No 596/2014
1. The insider list referred to in Article 18(1) of Regulation (EU) No 596/2014 shall contain a section specific to each piece of inside information and shall be drawn up and kept up to date in accordance with Template 1 of Annex I to this Regulation.
2. By way of derogation from paragraph 1, persons who, due to the nature of their function or position, have access to all inside information at all times may be listed separately in a permanent insiders’ section of the insider list. That section shall be drawn up and kept up to date in accordance with Template 2 of Annex I to this Regulation. Where a permanent insiders’ section is drawn up and kept up to date, the persons listed therein shall not be included in the section of the insider list referred to in paragraph 1.
3. The insider list referred to in Article 18(1) of Regulation (EU) No 596/2014 shall be kept in an electronic form that, at all times, ensures that:
|
(a) |
access to the insider list is restricted to clearly identified persons that need that access due to the nature of their function or position; |
|
(b) |
the information included is accurate and kept up to date; |
|
(c) |
previous versions of the insider list are accessible. |
4. The competent authority shall specify on its website the electronic means by which the insider list referred to in Article 18(1) of Regulation (EU) No 596/2014 is to be transmitted to the competent authority. Those electronic means shall ensure that the completeness, integrity and confidentiality of the information contained in that insider list are maintained at all times during the transmission of that list to the competent authority.
5. Issuers, emission allowance market participants, auction platforms, auctioneers, auction monitors and any person acting on their behalf or on their account shall retain the personal data relating to persons on the insider list that they draw up and update pursuant to Article 18(1) of Regulation (EU) No 596/2014 for no longer than five years after a person ceased to be on their insider list.
A competent authority that received an insider list transmitted pursuant to Article 18(1), point (c), of Regulation (EU) No 596/2014 shall retain the personal data relating to persons on that insider list for no longer than necessary for performing its supervisory tasks, subject to regular review of the need to retain those data.
Article 2
Insider lists referred to in Article 18(6) of Regulation (EU) No 596/2014
1. The insider lists referred to in Article 18(6), first subparagraph, of Regulation (EU) No 596/2014 shall be drawn up and kept up to date in accordance with the Template set out in Annex II to this Regulation.
2. The insider lists referred to in Article 18(6), second subparagraph, of Regulation (EU) No 596/2014 shall contain a section specific to each piece of inside information and shall be drawn up and kept up to date in accordance with Template 1 of Annex I to this Regulation.
By way of derogation from the first subparagraph, persons who, due to the nature of their function or position within the issuer, have access to all inside information at all times may be listed separately in a permanent insiders’ section of the insider list. That section shall be drawn up and kept up to date in accordance with Template 2 of Annex I to this Regulation. Where a permanent insiders’ section is drawn up and kept up to date, the persons listed therein shall not be included in the section of the insider list referred to in the first subparagraph.
3. The insider lists referred to in Article 18(6) of Regulation (EU) No 596/2014 shall be kept in any form that ensures that the completeness, integrity and confidentiality of the information contained in those lists are maintained at all times during the transmission of those lists to the competent authority.
4. Issuers whose financial instruments are admitted to trading on an SME growth market shall retain the personal data relating to persons on the insider list that they draw up and update pursuant to Article 18(6) of Regulation (EU) No 596/2014 for no longer than five years after a person ceased to be on their insider list.
A competent authority that received an insider list transmitted pursuant to Article 18(6), third subparagraph, of Regulation (EU) No 596/2014 shall retain the personal data relating to persons on that insider list for no longer than necessary for performing its supervisory tasks, subject to regular review of the need to retain those data.
Article 3
Repeal
Implementing Regulation (EU) 2022/1210 is repealed.
References to the repealed Regulation shall be construed as references to this Regulation.
Article 4
Entry into force
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 12 June 2026.
For the Commission
The President
Ursula VON DER LEYEN
(1) OJ L 173, 12.6.2014, p. 1, ELI: http://data.europa.eu/eli/reg/2014/596/oj.
(2) Commission Implementing Regulation (EU) 2016/347 of 10 March 2016 laying down implementing technical standards with regard to the precise format of insider lists and for updating insider lists in accordance with Regulation (EU) No 596/2014 of the European Parliament and of the Council (OJ L 65, 11.3.2016, p. 49, ELI: http://data.europa.eu/eli/reg_impl/2016/347/oj).
(3) Regulation (EU) 2019/2115 of the European Parliament and of the Council of 27 November 2019 amending Directive 2014/65/EU and Regulations (EU) No 596/2014 and (EU) No 2017/1129 as regards the promotion of the use of SME growth markets (OJ L 320, 11.12.2019, p. 1, ELI: http://data.europa.eu/eli/reg/2019/2115/oj).
(4) Commission Implementing Regulation (EU) 2022/1210 of 13 July 2022 laying down implementing technical standards for the application of Regulation (EU) No 596/2014 of the European Parliament and of the Council with regard to the format of insider lists and their updates (OJ L 187, 14.7.2022, p. 23, ELI: http://data.europa.eu/eli/reg_impl/2022/1210/oj).
(5) Regulation (EU) 2024/2809 of the European Parliament and of the Council of 23 October 2024 amending Regulations (EU) 2017/1129, (EU) No 596/2014 and (EU) No 600/2014 to make public capital markets in the Union more attractive for companies and to facilitate access to capital for small and medium-sized enterprises (OJ L, 2024/2809, 14.11.2024, ELI: http://data.europa.eu/eli/reg/2024/2809/oj).
(6) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1, ELI: http://data.europa.eu/eli/reg/2016/679/oj).
(7) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj).
(8) Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84, ELI: http://data.europa.eu/eli/reg/2010/1095/oj).
ANNEX I
TEMPLATE 1
Template for the insider lists referred to in Article 1(1) and Article 2(2), first subparagraph
Description of the specific piece of inside information to which this section relates to:
Date and time of creation of this section (i.e. when the specific piece of inside information was identified): [yyyy-mm-dd, hh:mm UTC (Coordinated Universal Time)]
Date and time of the last update of this section: [yyyy-mm-dd, hh:mm UTC (Coordinated Universal Time)]
Date of transmission to the competent authority: [yyyy-mm-dd]
|
First name(s) of the insider (in the case of third-party service providers, the first name(s) of the natural person acting as a contact person for that third-party service provider) |
Surname(s) of the insider (in the case of third-party service providers, the surname(s) of the natural person acting as a contact person for that third-party service provider) |
Professional telephone number(s) (work direct telephone line and work mobile numbers) |
Function and reason for being insider |
Obtained (the date and time when the insider obtained access to the specific piece of inside information) |
Ceased (the date and time when the insider ceased to have access to the specific piece of inside information) |
National Identification Number (if applicable) or otherwise Date of Birth |
|
[Text] |
[Text] |
[Numbers (no space)] |
[Text describing role, function and reason for being on this list, including the company name and address in the case of third-party service providers] |
[yyyy-mm-dd, hh:mm UTC] |
[yyyy-mm-dd, hh:mm UTC] |
[Number and/or text or yyyy-mm-dd for the date of birth] |
TEMPLATE 2
Template for the permanent insiders’ section referred to in Article 1(2) and Article 2(2), second subparagraph
Date and time of creation of the permanent insiders’ section: [yyyy mm-dd, hh:mm UTC (Coordinated Universal Time)]
Date and time of the last update of the permanent insiders’ section: [yyyy-mm-dd, hh:mm UTC (Coordinated Universal Time)]
Date of transmission to the competent authority: [yyyy-mm-dd]
|
First name(s) of the insider (in the case of third-party service providers, the first name(s) of the natural person acting as a contact person for that third-party service provider) |
Surname(s) of the insider (in the case of third-party service providers, the surname(s) of the natural person acting as a contact person for that third-party service provider) |
Professional telephone number(s) (work direct telephone line and work mobile numbers) |
Function and reason for being insider |
Obtained (the date and time when the insider obtained access to all inside information at all times) |
Ceased (the date and time when the insider ceased to have access to all inside information at all times) |
National Identification Number (if applicable) or otherwise Date of Birth |
|
[Text] |
[Text] |
[Numbers (no space)] |
[Text describing role, function and reason for being in this section, including the company name and address in the case of third-party service providers] |
[yyyy-mm-dd, hh:mm UTC] |
[yyyy-mm-dd, hh:mm UTC] |
[Number and/or text or yyyy-mm-dd for the date of birth] |
ANNEX II
Template for the insider list referred to in Article 2(1)
Date and time of creation of the insider list: [yyyy-mm-dd, hh:mm UTC (Coordinated Universal Time)]
Date and time of the last update of the insider list: [yyyy-mm-dd, hh:mm UTC (Coordinated Universal Time)]
Date of transmission to the competent authority: [yyyy-mm-dd]
|
First name(s) of the insider (in the case of third-party service providers, the first name(s) of the natural person acting as a contact person for that third-party service provider) |
Surname(s) of the insider (in the case of third-party service providers, the surname(s) of the natural person acting as a contact person for that third-party service provider) |
Professional telephone number(s) (work direct telephone line and work mobile numbers) |
Function and reason for being insider |
Obtained (the date and time when the insider obtained regular access to inside information) |
Ceased (the date and time when the insider ceased to have regular access to inside information) |
National Identification Number (if applicable) or otherwise Date of Birth |
|
[Text] |
[Text] |
[Numbers (no space)] |
[Text describing role, function and reason for being on this list, including the company name and address in the case of third-party service providers] |
[yyyy-mm-dd, hh:mm UTC] |
[yyyy-mm-dd, hh:mm UTC] |
[Number and/or text or yyyy-mm-dd for the date of birth] |
ELI: http://data.europa.eu/eli/reg_impl/2026/1291/oj
ISSN 1977-0677 (electronic edition)