Regulation (EU) 2025/2088 of the European Parliament and of the Council of 8 October 2025 amending Regulations (EU) No 1092/2010, (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010, (EU) No 806/2014, (EU) 2021/523 and (EU) 2024/1620 as regards certain reporting requirements in the fields of financial services and investment support (Text with EEA relevance)

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114, Article 173 and Article 175, third paragraph, thereof,

Having regard to the proposal from the European Commission,

After transmission of the draft legislative act to the national parliaments,

Having regard to the opinion of the European Central Bank (1),

Having regard to the opinion of the European Economic and Social Committee (2),

After consulting the Committee of the Regions,

Acting in accordance with the ordinary legislative procedure (3),

Whereas:

(1) Reporting and disclosure requirements play a key role in ensuring proper monitoring of the application and correct enforcement of Union law. It is therefore important to improve, streamline and modernise those requirements to ensure that they fulfil their intended purpose, to limit the administrative burden and to avoid undue duplication of reporting for authorities and for entities.

(2) Streamlining reporting and disclosure requirements and reducing the administrative burden without undermining the related policy objectives are therefore priorities regarding both reporting and disclosure requirements in the financial sector and the frequency of reporting related to the InvestEU Programme established by Regulation (EU) 2021/523 of the European Parliament and of the Council (4).

(3) Regulations (EU) No 1092/2010 (5), (EU) No 1093/2010 (6), (EU) No 1094/2010 (7), (EU) No 1095/2010 (8), (EU) No 806/2014 (9), (EU) 2021/523 and (EU) 2024/1620 (10) of the European Parliament and of the Council contain arrangements for establishing a number of reporting and disclosure requirements. The collection and exchange of information under those requirements should be simplified, in line with the Commission communication of 16 March 2023 entitled ‘Long-term competitiveness of the EU: looking beyond 2030’.

(4) Financial institutions and other entities active in financial markets are required to report a wide range of information to enable Union and national authorities overseeing the financial system to monitor risks, ensure financial stability and market integrity and protect investors and consumers of financial services in the Union. The European Supervisory Authority (European Banking Authority) (EBA), established by Regulation (EU) No 1093/2010, the European Supervisory Authority (European Insurance and Occupational Pensions Authority) (EIOPA), established by Regulation (EU) No 1094/2010, the European Supervisory Authority (European Securities and Markets Authority) (ESMA), established by Regulation (EU) No 1095/2010 (known collectively as the European Supervisory Authorities (ESAs)) and the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), established by Regulation (EU) 2024/1620, should regularly review reporting and disclosure requirements adopted while applying Union law and propose, where appropriate, to streamline or remove redundant, obsolete or disproportionate requirements. In addition, the ESAs and AMLA should address regulatory gaps in relevant regulatory and implementing technical standards. The ESAs should coordinate their work through the Joint Committee of the European Supervisory Authorities (the ‘Joint Committee’). The ESAs should also regularly analyse the effectiveness of and potential differences among Member States in reporting and disclosure requirements stemming from the application or implementation of Union law, and identify best practices to foster supervisory convergence.

(5) The remaining redundant or obsolete reporting and disclosure requirements stem mainly from horizontal inconsistencies in sector-specific and cross-sector legislation, or from vertical inconsistencies between Union and Member State requirements (‘gold plating’). Other reporting requirements might be inappropriate because of business and regulatory developments. The ESAs and AMLA should therefore not only review regulatory and implementing technical standards, but should also be able to provide opinions on the functioning of legislative acts in force.

(6) The ESAs, the European Systemic Risk Board (ESRB), established by Regulation (EU) No 1092/2010, the Single Resolution Board (SRB), established by Regulation (EU) No 806/2014, the European Central Bank as a competent authority in relation to the tasks conferred on it by Council Regulation (EU) No 1024/2013 (11), and AMLA, in collaboration with the sectoral competent authorities, regularly collect a wide range of information stemming from reporting requirements under Union law. Facilitating the sharing and reuse of that information with other Union and national authorities overseeing the financial system, while safeguarding data protection, professional secrecy and intellectual property rights, should reduce the administrative burden on reporting entities and on authorities by avoiding duplicative requests, in line with the Commission communication of 15 December 2021 entitled ‘Strategy on supervisory data in EU financial services’. Information sharing could also contribute to better coordination of supervisory activities and to supervisory convergence.

(7) In order to improve efficiency in the collection, processing and use of information, the ESAs, the ESRB, the SRB, the ECB as a competent authority in relation to the data collected as part of the tasks conferred on it by Regulation (EU) No 1024/2013 and AMLA should, upon request, share, on a regular or case-by-case basis, the information they obtain from financial institutions, other reporting entities or other authorities with authorities that are entitled to collect the same information pursuant to Union law. That includes cases where those authorities are entitled to collect the information from different financial institutions, reporting entities or authorities. For the same purpose, authorities that enhance information by cleaning or enriching it should also be able to share such enhanced information. For the ‘report once’ principle to be applied in a more consistent manner, rather than requesting information from reporting entities, the ESAs, the SRB, the ECB as a competent authority and AMLA should, in general, request information from other authorities where they know or can reasonably expect that those other authorities have already collected such information, and where such a request would not jeopardise the ability of the ESAs, the SRB, the ECB as a competent authority or AMLA to perform their tasks.

(8) While this Regulation lays down specific rules regarding information sharing by the ESAs, the ESRB, the SRB, the ECB as a competent authority and AMLA, other Union authorities as well as national authorities should be able, and are encouraged, to share information with and request information from other authorities as much as possible, to reduce the reporting burden and ensure efficient data flows.

(9) Where necessary to facilitate information sharing between themselves, authorities are encouraged to enter into memoranda of understanding. It should be possible for such memoranda of understanding to set out the technical details necessary to enable efficient and seamless data exchange, and the sharing of resources for the collection and processing of shared data. With a view to establishing, to the extent possible, a simple and standardised format, the Commission should be able to develop guidance on the main elements of such memoranda of understanding.

(10) The rules on information sharing laid down in this Regulation should complement the existing possibilities for information exchange provided for under Union law and, in any event, should not restrict those possibilities. In particular, in certain cases, Union law already contains specific provisions on reporting requirements and on information sharing between authorities. Those provisions are tailored to the specific objectives pursued by the Union law concerned. Where more specific provisions on information sharing already exist, the authorities should be able to share information in accordance with those provisions. Such provisions should prevail in the event of a conflict with this Regulation. Similarly, Regulation (EU) No 806/2014, Regulation (EU) 2024/1620 and Directive (EU) 2015/849 of the European Parliament and of the Council (12), and Regulation (EU) No 1024/2013, introduced comprehensive mechanisms for information sharing between, respectively, the SRB and national resolution authorities within the framework of the single resolution mechanism, between AMLA and national competent authorities dealing with anti-money laundering matters, and between the ECB as a competent authority and national competent authorities that form part of the single supervisory mechanism. To ensure that the exchange of information between those authorities is carried out in accordance with the specific mechanisms introduced by those Union legal acts, it is appropriate to exclude such exchanges from the scope of this Regulation.

(11) The ESAs should assess options for the further integration of substantive and procedural aspects of reporting processes. They should also assess opportunities arising from the increased use of digital technologies, with a view to promoting effective and efficient reporting arrangements that would foster the competitiveness of the financial sector.

(12) With that in mind, over the past few years, the Commission and the authorities responsible for overseeing the financial system have made significant progress in exploring the possibility of establishing integrated reporting systems within specific sectors. Such innovative reporting systems are necessary to reap the benefits of increased data sharing between those authorities. Building on that ongoing sectoral work, those authorities should prepare a report that presents options for improving supervisory data collection, assesses the feasibility and, based on that assessment, presents a roadmap for the implementation of the cross-sectoral integrated reporting system. The goal should be to establish a single integrated reporting system.

(13) In order to support the work on the integration of reporting and with a view to eliminating any unnecessary burden, the authorities overseeing the financial sector should promptly establish a permanent single contact point to whom entities can communicate duplicative, obsolete or redundant reporting and disclosure requirements.

(14) The Commission needs accurate and comprehensive information to develop policies, evaluate existing Union law and assess the impact of potential legislative and non-legislative initiatives, including the impact of legislative acts under negotiation. While this Regulation does not establish new rules on information sharing by the authorities with the Commission, in order to provide for an evidence-based approach with respect to determining and evaluating Union policies, the authorities should have the opportunity, and are encouraged, to share with the Commission, in accordance with applicable rules, the information that financial institutions or other entities have reported to them in accordance with Union law.

(15) Innovation cycles in the financial sector are accelerating, and becoming more open and increasingly collaborative. It should therefore be possible for authorities to share information with financial institutions, researchers and other entities that can demonstrate to the relevant authority that they have a legitimate interest in using that information for the purposes of research and innovation beyond the initial purpose for which the information was collected. The sharing of such information would enhance its utility by increasing the information available for financial sector research, and would provide more opportunities to test products and business models. It would also allow greater collaboration between the various financial market participants, including fintech undertakings, start-ups and incumbent financial institutions. The re-use of data shared by authorities is governed by the general framework laid down in Chapter II of Regulation (EU) 2022/868 of the European Parliament and of the Council (13). However, considering the sensitive nature of the data that the authorities in the financial sector receive for supervision purposes, the protection of the public interest and in particular of the economic security of the Union should be ensured when such data is re-used. Therefore, this Regulation introduces specific mandatory conditions for the re-use of such data, including the anonymisation of personal and non-personal data, to ensure that individual financial institutions cannot be identified and that confidential information is protected. All procedures and steps in the collection, standardisation, anonymisation, storage and sharing of such data should be subject to the latest cybersecurity measures provided for by Union law.

(16) Changing the frequency of reporting on the InvestEU Programme by implementing partners from biannual to annual should reduce the administrative burden on implementing partners, financial intermediaries, small and medium-sized enterprises and other companies, without altering any substantive element of Regulation (EU) 2021/523.

(17) Since the objectives of this Regulation, namely, to improve, streamline and modernise reporting requirements, cannot be sufficiently achieved by the Member States as the reporting requirements concerned are laid down in Union law but can rather, by reason of legal certainty and the consistency of reporting, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.

(18) Regulations (EU) No 1092/2010, (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010, (EU) No 806/2014, (EU) 2021/523 and (EU) 2024/1620 should therefore be amended accordingly,

HAVE ADOPTED THIS REGULATION:

Article 1

Amendments to Regulation (EU) No 1092/2010

Regulation (EU) No 1092/2010 is amended as follows:

(1) in Article 8, paragraph 3 is replaced by the following: ‘3.   Without prejudice to Articles 15 and 16 and the application of criminal law, no confidential information received by the persons referred to in paragraph 1 of this Article whilst performing their duties shall be divulged to any person or authority whatsoever, except in summary or aggregate form, such that individual financial institutions cannot be identified.’

Article 2

Amendments to Regulation (EU) No 1093/2010

Regulation (EU) No 1093/2010 is amended as follows:

(1) in Article 16a(1), the following subparagraphs are added: ‘In its opinions, the Authority may, where appropriate, address the functioning of legislative acts in force, including the appropriateness of removing any redundant or obsolete reporting and disclosure requirements in Union law or in measures of national law transposing Union law. To provide opinions on legislative acts in force, as referred to in the second subparagraph, the Authority may consult all relevant stakeholders specifically on that matter and take their input into account. The Commission may, after considering those opinions, where appropriate, submit to the European Parliament and to the Council a legislative proposal.’

(4) in Article 35, paragraph 4 is replaced by the following: ‘4.   Before requesting information in accordance with this Article, and in order to ensure that there is no duplication of reporting requirements, the Authority shall take account of information collected by other authorities as defined in Article 35a(12) and any relevant existing statistics produced and disseminated by the European Statistical System and the European System of Central Banks.’

(7) in Article 70(3), the first subparagraph is replaced by the following: ‘3.   Paragraphs 1 and 2 of this Article shall not prevent the Authority from exchanging information with competent authorities and with other authorities as defined in Article 35a(12) in accordance with this Regulation and other Union legislation applicable to financial institutions.’.

Article 3

Amendments to Regulation (EU) No 1094/2010

Regulation (EU) No 1094/2010 is amended as follows:

(1) in Article 16a(1), the following subparagraphs are added: ‘In its opinions, the Authority may, where appropriate, address the functioning of legislative acts in force, including the appropriateness of removing any redundant or obsolete reporting and disclosure requirements in Union law or in measures of national law transposing Union law. To provide opinions on legislative acts in force, as referred to in the second subparagraph, the Authority may consult all relevant stakeholders specifically on that matter and take their input into account. The Commission may, after considering those opinions, where appropriate, submit to the European Parliament and to the Council a legislative proposal.’

(4) in Article 35, paragraph 4 is replaced by the following: ‘4.   Before requesting information in accordance with this Article, and in order to ensure that there is no duplication of reporting requirements, the Authority shall take account of information collected by other authorities as defined in Article 35a(12) and any relevant existing statistics produced and disseminated by the European Statistical System and the European System of Central Banks.’

(7) in Article 70(3), the first subparagraph is replaced by the following: ‘3.   Paragraphs 1 and 2 of this Article shall not prevent the Authority from exchanging information with competent authorities and with other authorities as defined in Article 35a(12) in accordance with this Regulation and other Union legislation applicable to financial institutions.’.

Article 4

Amendments to Regulation (EU) No 1095/2010

Regulation (EU) No 1095/2010 is amended as follows:

(1) in Article 16a(1), the following subparagraphs are added: ‘In its opinions, the Authority may, where appropriate, address the functioning of legislative acts in force, including the appropriateness of removing any redundant or obsolete reporting and disclosure requirements in Union law or in measures of national law transposing Union law. To provide opinions on legislative acts in force, as referred to in the second subparagraph, the Authority may consult all relevant stakeholders specifically on that matter and take their input into account. The Commission may, after considering those opinions, where appropriate, submit to the European Parliament and to the Council a legislative proposal.’