Legalize / European Union / Regulation

Regulation (EU) 2023/2859 of the European Parliament and of the Council of 13 December 2023 establishing a European single access point providing centralised access to publicly available information of relevance to financial services, capital markets and sustainability (Text with EEA relevance)

Type Regulation

Publication 2023-12-13

State In force

Department Council of the European Union, European Parliament

Source EUR-Lex

Reform history JSON API

Article 1

The European single access point

By 10 July 2027, ESMA shall establish and operate a European single access point (ESAP) providing centralised electronic access to the following information:

(a) information made public pursuant to the Union legislative acts listed in the Annex or pursuant to any further legally binding Union acts that provide for centralised electronic access to information on ESAP;

(b) information that any entity governed by the law of a Member State chooses to make accessible on ESAP on a voluntary basis, in accordance with Article 3(1), and that is referred to in the Union legislative acts listed in the Annex or in any further legally binding Union acts that provide for centralised electronic access to information on ESAP.

Article 2

Definitions

For the purposes of this Regulation, the following definitions apply:

(1) ‘entity’ means any natural or legal person: (a) that is required to submit the information referred to in Article 1(1), point (a), to a collection body; or (b) that submits information to a collection body on a voluntary basis pursuant to Article 1(1), point (b), in order for that information to be made accessible on ESAP;

(2) ‘collection body’ means a Union body, office or agency or national body, authority or register designated as such pursuant to any of the Union legislative acts under Article 1(1), point (a), or designated as such by a Member State in accordance with Article 3(2);

(3) ‘data extractable format’ means any open format as defined in Article 2, point (14), of Directive (EU) 2019/1024 that is widely used or required by law, that allows data extraction by a machine and that is human-readable;

(4) ‘machine-readable format’ means a machine-readable format as defined in Article 2, point (13), of Directive (EU) 2019/1024;

(5) ‘qualified electronic seal’ means a qualified electronic seal as defined in Article 3, point (27), of Regulation (EU) No 910/2014;

(6) ‘application programming interface’ or ‘API’ means a set of functions, procedures, definitions and protocols for machine-to-machine communication and the seamless exchange of data;

(7) ‘metadata’ means structured information that makes it easier to retrieve, use or manage an information resource, including by describing, explaining or locating the source of that information;

(8) ‘personal data’ means personal data as defined in Article 4, point (1), of Regulation (EU) 2016/679;

(9) ‘historical information’ means the information referred to in Article 1(1), point (a), that was made public no earlier than five years before the date of application of the requirement to submit that information to ESAP;

(10) ‘Joint Committee’ means the committee referred to in Article 54 of Regulation (EU) No 1093/2010, Article 54 of Regulation (EU) No 1094/2010 and Article 54 of Regulation (EU) No 1095/2010.

Article 3

Voluntary submission of information

When submitting such information to the collection body, the entity shall:

(a) ensure that the information is accompanied by metadata specifying that the information is made accessible on ESAP on a voluntary basis;

(b) ensure that the information is accompanied by metadata specifying whether the information contains personal data;

(c) ensure that the information is accompanied by the metadata necessary for the functioning of the ESAP search function referred in Article 7(3);

(d) use a data extractable format for submitting the information;

(e) ensure that the information submitted falls within the scope of Article 1(1), point (b);

(f) ensure that no personal data are included in the information, except where the personal data are required by Union or national law or constitute a necessary element of the information about the entity’s economic activities.

The European Supervisory Authorities established by Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010 of the European Parliament and of the Council (collectively, the ‘ESAs’) shall, through the Joint Committee, develop draft implementing technical standards to specify the following:

(a) the metadata to accompany the information submitted in accordance with paragraph 1;

(b) where applicable, the specific formats or templates to be used for submitting the information in accordance with paragraph 1.

The ESAs shall submit the draft implementing technical standards to the Commission by 10 January 2028.

Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph of this paragraph in accordance with Article 15 of Regulation (EU) No 1093/2010, Article 15 of Regulation (EU) No 1094/2010 and Article 15 of Regulation (EU) No 1095/2010.

The ESAs, through the Joint Committee, shall adopt guidelines for entities to ensure that the metadata submitted is correct, including the conditions for the inclusion of personal data in voluntary submissions.

Article 4

List of the collection bodies

ESMA shall publish a list of the collection bodies, containing the uniform resource locator of each collection body, on the web portal referred to in Article 7(1), point (a).

ESMA shall ensure that that list is kept up-to-date and shall notify the Commission of any changes thereto.

Article 5

Tasks of the collection bodies and responsibilities of entities

The collection bodies shall do the following:

(a) collect the information submitted by entities;

(b) store the information submitted by entities or generated by the collection bodies themselves and, where relevant, rely on existing procedures and infrastructure in place for the storage of information;

(c) perform technical automated validations in respect of the information submitted by entities to verify whether the information complies with the following: (i) it has been submitted using a data extractable format or, where appropriate, the machine-readable format specified in any of the Union legislative acts under Article 1(1), point (a), pursuant to which the information is submitted; (ii) the metadata for the information, as specified pursuant to paragraph 10, point (e), of this Article and, where applicable, Article 3(1), point (a), is available and complete; (iii) it is accompanied by a qualified electronic seal, where required;

(d) not impose conditions on the use and re-use of the information accessible on ESAP, other than conditions that correspond to those laid down in open standard licences as referred to in Article 9;

(e) implement the API and provide ESAP, free of charge and within the applicable time limits, with the information, the metadata for that information and, where required, the qualified electronic seal;

(f) insofar as it falls within the technical competence of the collection body, provide assistance to the entities submitting the information in relation to, at least, the submission, rejection and resubmission process;

(g) ensure that the information referred to in Article 1(1) remains available to ESAP for at least 10 years, unless otherwise provided in the Union legislative acts under Article 1(1), point (a).

For the purposes of point (g) of the first subparagraph of this paragraph, and in accordance with Regulations (EU) 2016/679 and (EU) No 2018/1725, the collection bodies shall take the appropriate technical and organisational measures to ensure that, where the metadata accompanying the submitted information refers to any personal data, that information is not retained for the purpose of being made available to ESAP, nor made accessible on ESAP, for longer than five years, unless otherwise provided in the Union legislative acts under Article 1(1), point (a), of this Regulation.

The collection bodies shall remove information made accessible on ESAP that they determine to be manifestly inappropriate, abusive or outside the scope of the information referred to in Article 1(1).

Entities may choose to submit information only once and to one collection body only. The submission and any re-submission of information, together with the relevant accompanying metadata, shall be made to the same collection body.

The conditions set out in the delegation agreement shall ensure that:

(a) the delegatee has no conflict of interest;

(b) the delegatee does not use the information obtained improperly or in an anti-competitive manner or for a purpose other than the one stated in the delegation agreement;

(c) the delegatee ensures the protection of the information in accordance with Article 6 in relation to the delegated tasks;

(d) the delegatee regularly informs the collection body regarding its overall performance of the delegated tasks;

(e) without undue delay, the delegatee informs the collection body of any failure to perform a delegated task.

The collection body shall remain responsible for any tasks that it delegates, including making available to ESMA any information needed by ESMA regarding a delegated task.

The collection body’s liability shall not be affected by the fact that the collection body has delegated tasks to a third party. The collection body shall not delegate its tasks to such an extent that it can no longer be considered a collection body.

The collection body shall ensure that any delegation of tasks is exercised in a cost-efficient manner and that, as far as possible, the delegation is used to allow existing collection procedures and infrastructure to continue to apply for the purposes of ESAP.

The collection body shall notify ESMA of any delegation agreement it concludes.

The ESAs, through the Joint Committee, shall develop draft implementing technical standards specifying the following:

(a) how the technical automated validations referred to in paragraph 1, point (c), of this Article are to be performed for each type of information submitted by entities;

(b) the characteristics of the qualified electronic seal referred to in paragraph 1, point (c)(iii), of this Article and in paragraph 9 of this Article;

(d) the characteristics of the API to be implemented pursuant to paragraph 1, point (e), of this Article;

(e) the characteristics of the metadata necessary for the ESAP search function referred to in Article 7(3), metadata referred to in paragraph 6 of this Article and any other metadata necessary for the functioning of ESAP;

(f) the time limits referred to in paragraph 1, point (e), of this Article;

(g) the indicative list and characteristics of formats that are acceptable as data extractable formats and as machine-readable formats as referred to in paragraph 1, point (c)(i), of this Article.

The ESAs shall submit those draft implementing technical standards to the Commission by 10 September 2024.

Collection bodies that are Union bodies, offices or agencies that make historical information available to ESAP in accordance with Article 1(3) shall do the following:

(a) prepare that information in a data extractable format;

(b) accompany that information by metadata specifying the following: (i) the names of the entity; (ii) the type of information, as classified pursuant to Article 7(4), point (c); (iii) where available, the legal entity identifier of the entity, as specified pursuant to Article 7(4), point (b);

By way of derogation from paragraph 1, point (g), of this Article, historical information shall not be made accessible on ESAP for longer than five years.

Article 6

Cybersecurity

ESMA shall put in place an effective and proportionate IT security policy for ESAP and shall ensure appropriate levels of authenticity, availability, integrity and non-repudiation of the information made accessible on ESAP and of the protection of personal data. ESMA may carry out periodic reviews of the IT security policy and the cybersecurity situation of ESAP in the light of evolving international and Union cybersecurity trends and latest developments.

Article 7

Functionalities of ESAP

ESMA shall ensure that ESAP has at least the following functionalities:

(a) a web portal with a user-friendly interface, which takes into account the access needs of persons with disabilities, to provide access to the information on ESAP in all official languages of the Union;

(b) an API enabling easy access to the information on ESAP;

(d) an information viewer;

(e) a machine translation service for the information retrieved;

(f) a download service, including for the download of large quantities of data;

(g) a notification service informing users of any new information on ESAP;

(h) the presentation of information submitted on a voluntary basis pursuant to Article 1(1), point (b), in such a manner that: (i) it can be clearly distinguished from information submitted on a mandatory basis pursuant to Article 1(1), point (a); (ii) where applicable, users are informed that the information does not necessarily meet all the requirements for information submitted on a mandatory basis pursuant to Article 1(1), point (a), and will not necessarily be updated over time.

The search function referred to in paragraph 1, point (c), of this Article shall allow for a search on the basis of the following metadata:

(a) the names of the entity that submitted the information and of the natural or legal person to which the information relates;

(b) the legal entity identifier of the entity that submitted the information and of the legal person to which the information relates;

(c) the type of information, as referred to in Article 1(1), submitted by the entity and whether such information was submitted on a mandatory basis under Article 1(1), point (a), or on a voluntary basis under point (b) of that paragraph;

(d) the date and time when the information was submitted by the entity to the collection body;

(e) the date or period to which the information relates;

(f) the size of the entity by category that submitted the information and of the legal person to which the information relates;

(g) the country of the registered office of the legal person to which the information relates;

(h) the industry sector(s) of the economic activities of the natural or legal person to which the information relates;

(i) the collection body responsible for the collection of the information;

(j) the language in which the information was submitted.

The ESAs, through the Joint Committee, shall develop draft implementing technical standards specifying the following:

(a) the characteristics of the API referred to in paragraph 1, point (b);

(b) the specific legal entity identifier referred to in paragraph 3, point (b);

(d) the categories of the size of the entities referred to in paragraph 3, point (f);

(e) the characterisation of industry sectors referred to in paragraph 3, point (h).

The ESAs shall submit those draft implementing technical standards to the Commission by 10 September 2024.

Article 8

Access to information on ESAP

Notwithstanding paragraph 2, ESMA shall allow the following entities to have direct and immediate access to the information on ESAP free of charge to the extent necessary for those entities to fulfil their respective responsibilities, mandates and obligations:

(a) any Union institution, body, office or agency;

(b) any competent authority designated by a Member State pursuant to a Union legislative act;

(c) any member of the European Statistical System as defined in Article 4 of Regulation (EC) No 223/2009 of the European Parliament and of the Council (²);

(d) any member of the European System of Central Banks;

(e) the resolution authorities designated under Article 3 of Directive 2014/59/EU of the European Parliament and the Council (³);

(f) any governmental institution, body or agency of a Member State;

(g) any educational and training establishment for the sole purposes of research, academia, news organisations and non-governmental organisations insofar as access to the information is necessary in the performance of their tasks;

(h) entities providing and using information on ESAP to fulfil their regulatory obligations.

ESMA shall submit those draft implementing technical standards to the Commission.

Article 9

Use and re-use of information accessible on ESAP

ESMA shall ensure that the use and re-use of information accessible on ESAP is not subject to any conditions unless those conditions fulfil the following requirements:

(a) they are objective and non-discriminatory;

(b) they are justified on the grounds of a public interest objective;

(c) where appropriate, depending on the type of information, they correspond to the conditions laid down in open standard licences within the meaning of Article 2, point (5), of Directive (EU) 2019/1024, and allow the free use, modification and sharing of that information by anyone and for any purpose.

Article 10

Quality of the information

Where the information provided by the collection body was submitted by an entity, ESMA may perform the automated validations on the basis of samples. Such automated validations shall not differ from those carried out by the collection bodies pursuant to Article 5(1), point (c).

Article 11

Tasks of ESMA

ESMA shall, in close cooperation with EBA and EIOPA do the following:

(a) ensure that the information provided by the collection bodies, following submission by the entities, is made accessible without undue delay on ESAP;

(b) provide service support to the collection bodies;

(c) ensure that ESAP is accessible for at least 97 % of the time per month, excluding cases of scheduled maintenance, content updates and page upgrades, in which case a clear notice is to be given to users indicating the likely duration of the interruption of services provided by ESAP;

Reading this document does not replace reading the official text published in the Official Journal of the European Union. We assume no responsibility for any inaccuracies arising from the conversion of the original to this format.