Commission Delegated Regulation (EU) 2025/885 of 29 April 2025 supplementing Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to regulatory technical standards specifying the arrangements, systems and procedures to prevent, detect and report market abuse, the templates to be used for reporting suspected market abuse, and the coordination procedures between the competent authorities for the detection and sanctioning of market abuse in cross-border market abuse situations

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets and amending Regulation (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (1), and in particular Article 92(2), third subparagraph, thereof,

Whereas:

(1) Requirements for the arrangements, procedures and systems that persons professionally arranging or executing transactions in crypto-assets are to have in place for the reporting of orders, transactions and other aspects of the functioning of distributed ledger technology (DLT), including the consensus mechanism, where there might exist circumstances indicating that market abuse has been committed, is being committed or is likely to be committed are necessary. Such requirements are critical and should assist in the prevention and detection of market abuse. Those requirements should also assist in ensuring that reports concerning reasonable suspicions on orders, transactions and other aspects of the functioning of distributed ledger technology (STOR) submitted to competent authorities are meaningful, comprehensive, and useful.

(2) To ensure that prevention and detection of market abuse is effective, appropriate systems should be in place to monitor orders, transactions and other aspects of functioning of the DLT, in accordance with the scale, size and nature of the business activity of the person professionally arranging or executing transactions. Such systems should provide for human analysis carried out by appropriately trained staff based on objective information at the disposal of the reporting entity. The entity should collect additional personal data, only to ensure appropriate human analysis. To allow for further analysis of potential insider dealing or market manipulation or attempted insider dealing or market manipulation, the systems for monitoring market abuse should be capable of producing alerts in line with specified parameters. The access to such alerts should be recorded to ensure that they are only used for detecting market abuse. The whole process is likely to require some level of automation.

(3) To analyse whether the arrangements, systems and procedures to prevent and detect market abuse are appropriate, it is necessary to assess the impact that the person that professionally arranges or executes transactions may have on the market. As part of that assessment, such persons should assess whether they have a significant or dominant position in any crypto-asset market asset segment in which case those arrangements, systems and procedures should be proportionate to their position.

(4) The prevention and detection of market abuse requires an ongoing monitoring of all orders and transactions arranged or executed by persons that professionally arrange or execute transactions, irrespective of whether those orders and transactions are executed on the distributed ledger (‘on-chain’) or outside the distributed ledger (‘off-chain’), including transfers of crypto assets to or from accounts of clients of the same crypto-asset service provider.

(5) To facilitate and promote a consistent approach and practices across the Union in relation to the prevention, detection and sanctioning of market abuse, it is necessary to lay down detailed provisions harmonising the content of, the template for and the timing of the reporting of suspicious orders and transactions and other aspects of the functioning of DLT.

(6) To share resources, to centrally develop and maintain monitoring systems, and to build expertise in the context of monitoring suspicious orders and transactions, persons that professionally arrange or execute transactions in crypto-assets should be able to delegate the prevention and detection of such orders, transactions and other aspects of the functioning of DLT within a group, or to delegate the data analysis and the generation of alerts, subject to appropriate conditions. Such delegation should neither prevent the competent authorities from assessing at any time, whether the arrangements, systems and procedures of the person to whom the functions are delegated are effectively in line with the obligation to prevent and detect market abuse. The obligation to report and the responsibility to comply with this Regulation and with Article 92 of Regulation (EU) 2023/1114 should remain with the delegating person.

(7) Crypto asset service providers operating a trading platform should have appropriate trading rules that contribute to the prevention of market abuse. Those entities should also have facilities to replay the order book in order to analyse the trading activity. A single and harmonised template for electronically submitting a suspicious transaction and order report (‘STOR’) should facilitate the efficient sharing of information on suspicious orders and transactions between competent authorities in cross-border investigations.

(8) The information fields in such a STOR template, where completed clearly, comprehensively, objectively and accurately, should assist the competent authorities to promptly assess such suspicious orders and transactions and take the necessary action. Such STOR template should therefore enable the persons submitting the STOR to provide the information that competent authorities consider relevant about suspicious orders, transactions or other aspects of the functioning of the distributed ledger technology reported and to explain the reasons for the suspicion. The STOR template should also enable the persons submitting the STOR to provide personal data that would make it possible to identify the persons involved in the suspicious activity and assist the competent authorities in their investigations. Such information should be provided at the outset, so that the integrity of the investigation is not compromised by the potential necessity for a competent authority to revert during an investigation to the person who submitted the STOR. Any processing of personal data under this Regulation should be carried out in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council (2) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. The data minimisation principle in particular should be complied with where personal data are collected to ensure compliance with this Regulation.

(9) To facilitate the submission of a STOR, the template should allow for the attachment of documents and materials that are necessary to support the notification made, including in the form of an annex that lists the suspicious orders or transactions and detailing their prices and volumes. In addition, the STOR template should allow for the reporting of suspicious behaviours connected to the functioning of the DLT.

(10) Persons professionally arranging or executing transactions in crypto-assets should not notify all orders received or transactions conducted that have triggered an internal alert. Such a requirement would be inconsistent with the requirement to assess on a case-by-case basis whether there are reasonable grounds for suspicion.

(11) The analysis of orders, transactions or other aspects of the functioning of the DLT should factor in not only the internal information of the person professionally arranging or executing transactions in crypto-assets, but all the information publicly available, including information about transactions embedded in a public ledger system.

(12) The STORs should be submitted to the competent authority without delay once a reasonable suspicion about the existence of market abuse has been formed. The analysis as to whether a given order or transaction is to be considered suspicious should be based on facts, not speculation or presumption and should be carried out as quickly as practicably possible. Delaying the submission of a report to incorporate further suspicious orders, transactions or other aspects of the functioning of the DLT or accumulating several STORs would be irreconcilable with the obligation to act without delay, where a reasonable suspicion has already been formed. In any case, persons professionally arranging or executing transactions in crypto-assets should assess on a case-by-case basis whether several orders, transactions or other aspects of the functioning of the DLT could be reported in a single STOR.

(13) There might be circumstances where a reasonable suspicion of market abuse is formed after the suspected activity occurred, due to subsequent events or available information. That should not be a reason for not reporting the suspected activity to the competent authority. To demonstrate compliance with the reporting requirements in those specific circumstances, the person submitting the STOR should be able to justify the time discrepancy between the occurrence of the suspected activity and the formation of the reasonable suspicion of market abuse having been committed, being committed or likely to be committed.

(14) To assist persons professionally arranging or executing transactions in crypto-assets in exercising their judgement when considering subsequent suspicious orders or transactions, they should be able to recall and review the analysis of STORs which have been submitted, and of those suspicious orders, transactions and behaviours connected to the functioning of the DLT which were analysed, but in relation to which the competent authority concerned concluded that the grounds for suspicion were not reasonable.

(15) To prevent market abuse to the maximum extent possible, persons professionally arranging or executing transactions in crypto-assets should be able to refine their surveillance systems and to detect patterns of repeated behaviour, the aggregate of which could, considered as a whole, result in a reasonable suspicion of market abuse. Those persons should therefore be required to analyse suspicious orders, transactions, behaviours and other aspects connected to the functioning of the distributed ledger technology which did not lead to a STOR and record such analyses. Such records should also assist such persons in evidencing compliance with Article 92 of Regulation (EU) 2023/1114 and should facilitate the performance by competent authorities of their supervisory, investigatory and enforcement functions under Article 92 of Regulation (EU) 2023/1114.

(16) Considering that markets in crypto-assets are inherently cross-border, it is necessary to specify coordination procedures between the competent authorities for the detection and sanctioning of market abuse in case of cross-border market abuse situations. Such coordination procedures should ensure that there are no conflicting investigations or enforcement activities. In that context, cross-border market abuse situations should include cases in which suspicious transactions are carried out in a Member State concerning a crypto-asset that is admitted to trading in another Member State and cases in which the crypto-asset service provider concerned is operating in more than one Member State.

(17) It is necessary to lay down provisions for the transmission of STORs among competent authorities. Such requirements are critical, in the absence of a transaction reporting regime, to ensure efficient market supervision and enforcement while preventing the transmission of a massive flow of information that would not be useful for the receiving authority.

(18) This Regulation is based on the draft regulatory technical standards submitted by the European Securities and Markets Authority to the Commission (‘ESMA’).

(19) ESMA has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the advice of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and the Council (3),

(20) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 (4) and delivered their opinion on 22 January 2025,

HAS ADOPTED THIS REGULATION:

Article 1

Definitions

For the purposes of this Regulation, the following definitions shall apply:

(1) ‘suspicious transaction and order report’ (STOR) means the report on suspicious orders or transactions, including any cancellation or modification thereof, and other aspects of functioning of the DLT where circumstances might exist indicating that market abuse has been committed, is being committed or is likely to be committed.

(2) ‘electronic means’ are means of electronic equipment for the processing (including digital compression), storage and transmission of data, employing wires, radio, optical technologies, or any other electromagnetic means;

(3) ‘group’ means a group as defined in Article 2, point (11), of Directive 2013/34/EU of the European Parliament and of the Council (5);

(4) ‘order’ means each and every order, including each and every quote, irrespective of whether its purpose is initial submission, modification, update or cancellation of an order and irrespective of its type.

Article 2

General requirements

(a) effective and ongoing monitoring, for the purposes of preventing, detecting and identifying orders and transactions where circumstances might exist indicating that market abuse has been committed, is being committed or is likely to be committed, of all orders received and transmitted, and all transactions in crypto-assets executed;

(b) effective and ongoing monitoring of aspects of the functioning of the DLT, for the purposes of detecting and identifying other aspects of the functioning of the distributed ledger technology, including the consensus mechanism, where circumstances might exist indicating that market abuse has been committed, is being committed or is likely to be committed;

(c) the transmission of STORs to competent authorities in accordance with the requirements set out in this Regulation and using the template set out in the Annex.

(a) the capacity in which the order is placed or the transaction is executed;

(b) the types of clients concerned;

(c) whether the orders were placed or transactions executed on or outside a trading platform.

(a) appropriate and proportionate in relation to the scale, size and nature of their business activity;

(b) regularly assessed, at least through an annually conducted audit and internal review, and updated when necessary;

(c) clearly documented in writing, including any changes or updates to them, for the purposes of compliance with this Regulation, and that the documented information is maintained for a period of 5 years.

Article 3

Prevention, monitoring and detection

(a) cover the full range of trading activities undertaken by the persons professionally arranging or executing transactions in crypto-assets;

(b) produce alerts indicating activities requiring further analysis to detect potential market abuse;

(d) enable persons professionally arranging or executing transactions in crypto-assets to analyse, individually and comparatively each transaction executed and each order placed, modified, cancelled or rejected inside and outside a trading platform, irrespective of whether or not the orders and transactions are placed and executed by means of the distributed ledger, and aspects of the functioning of DLT that could constitute market abuse.

The ICT systems referred to in the first subparagraph shall include ICT systems capable of deferred automated reading, replaying and analysis of order book data. Such systems shall have sufficient capacity to operate in an algorithmic trading environment.

For the purposes of the second subparagraph, algorithmic trading means trading in crypto-assets where a computer algorithm automatically determines individual parameters of orders, including as to whether to initiate the order, the timing, price or quantity of the order, or how to manage the order after its submission, with limited or no human intervention, and does not include any system that is only used for the purpose of routing orders to one or more trading platform or for the processing of orders involving no determination of any trading parameters or for the confirmation of orders or the post-trade processing of executed transactions.