法律人 LawPlayer logo

資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex

Regulation

Commission Delegated Regulation (EU) 2025/1143 of 12 June 2025 supplementing Regulation (EU) No 600/2014 of the European Parliament and of the Council with regard to regulatory technical standards on the authorisation and organisational requirements for approved publication arrangements and approved reporting mechanisms, and on the authorisation requirements for consolidated tape providers, and repealing Commission Delegated Regulation (EU) 2017/571

CELEX
Delegated Regulation (EU) 2025/1143
Date of document
Articles
32
Source
EUR-Lex
Article 1Information to competent authorities

1.   An applicant seeking authorisation to operate an APA or an ARM pursuant to Article 27d of Regulation (EU) No 600/2014 shall submit to ESMA or, where relevant, the national competent authority the information set out in Articles 2 to 7, and the information regarding all the organisational requirements set out in Section II of this Chapter.

2.   An APA or ARM shall promptly inform ESMA or, where relevant, the national competent authority of any material change to the information provided at the time of the authorisation or thereafter.

Article 2Information on the organisation

1.   The programme of operations referred to in Article 27d(1) of Regulation (EU) No 600/2014 shall include the following:

(a)

information on the organisational structure of the applicant, including an organisational chart and a description of the human, technical, and legal resources allocated to its business activities;

(b)

information on the operational separation policies and procedures to ensure segregation between the APA or ARM and any other activity performed by the applicant;

(c)

information on the compliance policies and procedures of the applicant seeking authorisation to operate an APA or an ARM, including:

(i)

the name of the person or persons responsible for the approval and maintenance of those policies;

(ii)

the arrangements to monitor and enforce the compliance policies and procedures;

(iii)

the measures to be undertaken in the event of a breach which may result in a failure to meet the conditions for initial authorisation;

(iv)

a description of the procedure for reporting to ESMA or, where relevant, the national competent authority any breach which may result in a failure to meet the conditions for initial authorisation;

(d)

a list of all outsourced functions and resources allocated to the control of the outsourced functions.

2.   An applicant seeking authorisation to operate an APA or an ARM pursuant to Article 27d of Regulation (EU) No 600/2014 offering services other than data reporting services shall describe those services in the organisational chart provided under paragraph 1, point (a).

Article 3Information on ownership

1.   An applicant seeking authorisation to operate an APA or an ARM pursuant to Article 27d of Regulation (EU) No 600/2014 shall include in its application for authorisation:

(a)

a list containing the name of each person or entity who directly or indirectly holds 10 % or more of the applicant’s capital or of its voting rights, or whose holding makes it possible to exercise a significant influence on the applicant;

(b)

a list of all undertakings in which a person or entity referred to in point (a) holds 10 % or more of the capital or voting rights or on which that person or entity exercises a significant influence;

(c)

a chart showing the ownership links between the parent undertaking, any subsidiaries and any other associated entities or branches.

2.   The undertakings shown in the chart referred to in paragraph 1, point (c), shall be identified by their full name, legal status and legal address.

Article 4Information on corporate governance

1.   An applicant seeking authorisation to operate an APA or an ARM pursuant to Article 27d of Regulation (EU) No 600/2014 shall include in its application for authorisation information on the internal corporate governance policies and the procedures which govern its management body, senior management, and, where established, committees.

2.   The information set out in paragraph 1 shall include:

(a)

a description of the processes for selection, appointment, performance evaluation and removal of senior management and members of the management body;

(b)

a description of the reporting lines and the frequency of reporting to the senior management and the management body;

(c)

a description of the policies and procedures on access to documents by members of the management body.

Article 5Information on the members of the management body

1.   An applicant seeking authorisation to operate an APA or an ARM pursuant to Article 27d of Regulation (EU) No 600/2014 shall include in its application for authorisation the following information in respect of each member of the management body:

(a)

name, date and place of birth, personal national identification number or an equivalent thereof, address and contact details;

(b)

the position for which that member is or will be appointed;

(c)

a curriculum vitae evidencing sufficient experience and knowledge to adequately perform the conferred responsibilities;

(d)

proof of the absence of criminal records relating to money laundering, terrorist financing, provision of financial or data services, acts of fraud or embezzlement, notably through an official certificate, or, where such a certificate is not available in the relevant Member State, a self-declaration of good repute and the authorisation to ESMA or, where relevant, the national competent authority, to request information about whether that member has been convicted of a criminal offence in connection with money laundering, terrorist financing, the provision of financial or data services or in relation to acts of fraud or embezzlement;

(e)

a self-declaration of good repute and the authorisation to ESMA or, where relevant, the national competent authority, to request information about whether that member:

(i)

has been subject to an adverse decision in any proceedings of a disciplinary nature brought by a regulatory authority or government body;

(ii)

has been subject to an adverse judicial finding in civil proceedings before a court in connection with the provision of financial or data services, or for misconduct or fraud in the management of a business;

(iii)

has been part of the management body of an undertaking which was subject to an adverse decision or penalty by a regulatory authority or whose registration or authorisation was withdrawn by a regulatory authority;

(iv)

has been refused the right to carry on activities which require registration or authorisation by a regulatory authority;

(v)

has been otherwise fined, suspended, disqualified, or been subject to any other sanction in relation to fraud, embezzlement or in connection with the provision of financial or data services, by a professional body;

(vi)

has been disqualified from acting as a director, disqualified from acting in any managerial capacity, dismissed from employment or other appointment in an undertaking as a consequence of misconduct or malpractice;

(f)

an indication of the minimum time that is to be devoted to the performance of the member’s functions within the APA or ARM;

(g)

a declaration of any potential conflicts of interest that may exist or arise in performing the duties and how those conflicts are managed.

2.   The information set out in paragraph 1 shall also be included in the notifications referred to in Article 27f(2) of Regulation (EU) No 600/2014 as regards APAs and ARMs. An APA or ARM shall notify electronically to ESMA, or, where relevant, its national competent authority of any change to the membership of its management body before such change takes effect.

Where, for substantiated reasons, it is not possible to make the notification before that change takes effect, it shall be made within 10 working days after the change has occurred.

3.   An APA or an ARM shall record the information set out in paragraph 1 in a medium which enables its storage in a way that ensures that the information is accessible for future reference and which allows for the unchanged reproduction of the information stored. An APA or an ARM shall keep that information up-to-date.

4.   An APA or an ARM shall keep the information set out in paragraph 1, points (d) and (e), for no longer than five years after the concerned member has ceased to perform its function.

5.   Where the proof referred to in paragraph 1, point (d), contains information on other criminal convictions than those listed in that provision, an APA or an ARM shall ensure that only persons responsible for the assessment of the suitability of the members of the management body have access to that information. That information shall be stored separately from other information regarding a member of the management body. Access to that information shall be recorded. That information shall not be stored where it concerns candidate members of the management body that have not been appointed.

6.   ESMA or, where relevant, the national competent authority shall keep the information set out in paragraph 1, points (d) and (e), for no longer than five years after the concerned member of the management body has ceased to perform its function.

Article 6Information on internal controls

1.   An applicant seeking authorisation to operate an APA or an ARM pursuant to Article 27d of Regulation (EU) No 600/2014 shall include in its application for authorisation detailed information regarding its internal controls’ environment. This shall include information regarding its internal control function, compliance function, risk management and its internal audit function.

2.   The detailed information referred to in paragraph 1 shall contain:

(a)

an outline of the organisation of the applicant’s internal control, risk management, compliance and internal audit functions, including where the applicant relies on outsourced functions;

(b)

an assessment of the key risks that may arise in the operation of the APA or ARM;

(c)

the applicant’s internal control policies and procedures to ensure the consistent and effective implementation of those policies;

(d)

any policies, procedures and manuals for monitoring and evaluating the adequacy and effectiveness of the applicant’s systems;

(e)

any policies, procedures and manuals for controlling and safeguarding the applicant’s information processing systems;

(f)

the identity of the internal bodies in charge of evaluating any findings resulting from the performance of the internal control and deciding on their outcome.

3.   With respect to the applicant’s internal audit function, the detailed information referred to in paragraph 1 shall contain the following:

(a)

information on the applicant’s adherence to national or international professional standards;

(b)

any internal audit function charter, methodologies, and procedures;

(c)

an explanation of how the internal audit methodology, if any, is developed and applied taking into account the nature of the applicant’s activities, complexities and risks;

(d)

where there is an internal audit committee:

(i)

information on its composition, competences and responsibilities;

(ii)

its work plan for the three years following the date of application, taking into account the nature and extent of the applicant’s activities, complexities and risks.

Article 7Information on digital operational resilience

1.   An applicant seeking authorisation to operate an APA or an ARM pursuant to Article 27d of Regulation (EU) No 600/2014 shall include in its application for authorisation evidence of compliance with the requirements on ICT risk management organisation and capabilities, operational resilience strategy and testing, incident management and ICT third-party risk management under Regulation (EU) 2022/2554.

2.   The information set out in paragraph 1 shall include documents regarding the applicant’s arrangements, in accordance with Regulation (EU) 2022/2554, on:

(a)

ICT risk-management;

(b)

ICT-related incident management;

(c)

digital operational resilience testing;

(d)

ICT third-party risk monitoring.

3.   The information set out in paragraph 1 shall take into account the size and overall risk profile, and the nature, scale and complexity of the applicant’s services, activities and operations.

Article 8Conflicts of interest

1.   An APA or ARM shall operate and maintain effective administrative arrangements, designed to prevent conflicts of interest with clients using its services to meet their regulatory obligations and other entities purchasing data from the APA or ARM. Such arrangements shall include policies and procedures for identifying, managing and disclosing existing and potential conflicts of interest and shall contain:

(a)

an inventory of existing and potential conflicts of interest, setting out their description, identification, prevention, management and disclosure;

(b)

the separation of duties and business functions within the APA or ARM including:

(i)

measures to prevent or control the exchange of information where a risk of conflicts of interest may arise;

(ii)

the separate supervision of relevant persons whose main functions involve interests that are potentially in conflict with those of a client;

(c)

a description of the fee policy for determining fees charged by the APA or ARM and undertakings to which the APA or ARM has close links;

(d)

a description of the remuneration policy for the members of the management body and senior management;

(e)

the rules regarding the acceptance of money, gifts or favours by staff of the APA or ARM and its management body.

2.   The inventory of conflicts of interest as referred to in paragraph 1, point (a) shall include conflicts of interest arising from situations where the APA or ARM:

(a)

may realise a financial gain or avoid a financial loss, to the detriment of a client;

(b)

may have an interest in the outcome of a service provided to a client, which is distinct from the client’s interest in that outcome;

(c)

may have an incentive to prioritise its own interests or the interest of another client or group of clients rather than the interests of a client to whom the service is provided;

(d)

receives or may receive from any person other than a client, in relation to the service provided to a client, an incentive in the form of money, goods or services, other than commission or fees received for the service.

Article 9Organisational requirements regarding outsourcing

1.   An APA or ARM that arranges for activities to be performed on its behalf by third-party service providers, including undertakings with which it has close links, shall ensure that the third-party service provider has the ability and the capacity to perform those activities reliably and professionally.

An APA or ARM shall specify which of the activities are to be outsourced, including a specification of the level of human and technical resources needed to carry out each of those activities.

2.   An APA or ARM that outsources activities shall ensure that the outsourcing does not reduce its ability or power to perform senior management or management body functions.

3.   An APA or ARM shall remain responsible for any outsourced activity and shall adopt organisational measures to ensure:

(a)

that it assesses whether the third-party service provider carries out outsourced activities effectively and in compliance with applicable laws and regulatory requirements and adequately addresses identified failures;

(b)

the identification of the risks in relation to outsourced activities and adequate periodic monitoring;

(c)

adequate control procedures with respect to outsourced activities, including effectively supervising the activities and their risks within the APA or ARM;

(d)

adequate business continuity of outsourced activities.

For the purposes of point (d), the APA or ARM shall obtain information on the business continuity arrangements of the third-party service provider, assess its quality and, where needed, request improvements.

4.   An APA or ARM shall ensure that the third-party service provider cooperates with ESMA or, where relevant, the national competent authority, in connection with outsourced activities.

5.   Where an APA or ARM outsources a critical or important function, it shall provide ESMA or, where relevant, the national competent authority with:

(a)

the identification of the third-party service provider;

(b)

the organisational measures with respect to outsourcing and the risks posed by it as specified in paragraph 3;

(c)

internal or external reports on the outsourced activities.

Article 10Management of incomplete or potentially erroneous information by APAs

1.   APAs shall set up and maintain appropriate arrangements to ensure that they accurately publish the trade reports received from investment firms without themselves introducing any errors or omitting information and shall correct information where they have themselves caused the error or omission.

2.   APAs shall continuously monitor in real-time the performance of their IT systems ensuring that the trade reports they have received have been successfully published.

3.   APAs shall perform periodic reconciliations between the trade reports they receive and the trade reports that they publish, verifying the correct publication of the information.

4.   An APA shall confirm the receipt of a trade report to the reporting investment firm, including the transaction identification code assigned by the APA. An APA shall refer to the transaction identification code in any subsequent communication with the reporting firm in relation to a specific trade report.

5.   An APA shall set up and maintain appropriate arrangements to identify on receipt trade reports that are incomplete or contain information that is likely to be erroneous. These arrangements shall include automated price and volume alerts, taking into account:

(a)

the sector and the segment in which the financial instrument is traded;

(b)

liquidity levels, including historical trading levels;

(c)

appropriate price and volume benchmarks;

(d)

if needed, other parameters according to the characteristics of the financial instrument.

6.   Where an APA determines that a trade report it receives is incomplete or contains information that is likely to be erroneous, it shall not publish that trade report and shall promptly alert the investment firm submitting that trade report.

7.   In exceptional circumstances APAs shall delete and amend information in a trade report upon request from the entity providing the information when that entity cannot delete or amend its own information for technical reasons.

8.   APAs shall publish non-discretionary policies on information cancellation and amendments in trade reports which set out the penalties that APAs may impose on investment firms providing trade reports where the incomplete or erroneous information has led to the cancellation or amendment of trade reports.

Article 11Management of incomplete or potentially erroneous information by ARMs

1.   An ARM shall set up and maintain appropriate arrangements to identify transaction reports that are incomplete or contain obvious errors caused by clients. An ARM shall perform validation of the transaction reports against the requirements established under Article 26 of Regulation (EU) No 600/2014 for field, format and content of fields in accordance with Table 1 of Annex I to Commission Delegated Regulation (EU) 2017/590  ( 10 ) .

2.   An ARM shall set up and maintain appropriate arrangements to identify transaction reports which contain errors or omissions caused by that ARM itself and to correct, including deleting or amending, such errors or omissions. An ARM shall perform validation for field, format and content of fields in accordance with Table 2 of Annex I to Delegated Regulation (EU) 2017/590.

3.   An ARM shall continuously monitor in real-time the performance of its systems ensuring that a transaction report it has received has been successfully reported to the competent authority in accordance with Article 26 of Regulation (EU) No 600/2014.

4.   An ARM shall perform periodic reconciliations at the request of ESMA or, where relevant, the national competent authority, or the competent authority to whom the ARM submits transaction reports, between the information that the ARM receives from its client or generates on the client’s behalf for transaction reporting purposes and data samples of the information provided by the competent authority.

5.   Any corrections, including cancellations or amendments of transaction reports, that are not correcting errors or omissions caused by an ARM, shall only be made at the request of a client and per transaction report. Where an ARM cancels or amends a transaction report at the request of a client, it shall provide this updated transaction report to the client.

6.   Where an ARM, before submitting the transaction report, identifies an error or omission caused by a client, it shall not submit that transaction report and shall promptly notify the investment firm of the details of the error or omission to enable the client to submit a corrected set of information.

7.   Where an ARM becomes aware of errors or omissions caused by the ARM itself, it shall promptly submit a correct and complete report.

8.   An ARM shall promptly notify the client of the details of the error or omission and provide an updated transaction report to the client. An ARM shall also promptly notify ESMA or, where relevant, the national competent authority, and the competent authority to whom the ARM submitted the transaction report about the error or omission.

9.   The requirement to correct or cancel erroneous transaction reports or report omitted transactions shall not extend to errors or omissions which occurred more than five years before the date that the ARM became aware of such errors or omissions.

Article 12Connectivity of ARMs

1.   An ARM shall have in place policies, arrangements and technical capabilities to comply with the technical specification for the submission of transaction reports required by ESMA or, where relevant, the national competent authority and by other competent authorities to whom the ARM sends transaction reports.

2.   An ARM shall have in place adequate policies, arrangements and technical capabilities to receive transaction reports from clients and to transmit information back to clients. The ARM shall provide the client with a copy of the transaction report which the ARM submitted to the competent authority on the client’s behalf.

Article 13Machine readability requirements for APAs

1.   APAs shall publish information in accordance with Article 27g(1) of Regulation (EU) No 600/2014 in a machine readable way.

2.   Information shall only be considered published in a machine-readable way where all of the following conditions are met:

(a)

it is in a file format structured so that software applications can easily identify, recognise and extract specific data;

(b)

it is stored in an appropriate IT architecture that enables automatic access;

(c)

it is robust enough to ensure continuity and regularity in the performance of the services provided and ensures adequate access in terms of speed;

(d)

it can be accessed, read, used and copied by computer software that is free of charge and publicly available.

For the purposes of point (a) of the first subparagraph, the file format shall be specified by free, non-proprietary and open standards. The file format shall include the type of files or messages, the rules to identify them, and the name and data type of the fields they contain.

3.   APAs shall:

(a)

make instructions available to the public, explaining how and where to easily access and use the data, including identification of the file format;

(b)

make public any changes to the instructions referred to in point (a) at least three months before they come into effect, unless there is an urgent and duly justified need for changes in instructions to take effect more quickly;

(c)

include a link to the instructions referred to in point (a) on the homepage of their website.

Article 14Details of transactions to be published by APAs

An APA shall make public:

(a)

for transactions executed in respect of shares, depositary receipts, exchange-traded funds (ETFs), certificates and other similar financial instruments, the details of a transaction specified in Table 3 of Annex I to Commission Delegated Regulation (EU) 2017/587  ( 11 ) and, use the appropriate flags listed in Table 4 of Annex I to Delegated Regulation (EU) 2017/587;

(b)

for transactions executed in respect of bonds, structured finance products, emission allowances and derivatives the details of a transaction specified in Table 2 of Annex II to Commission Delegated Regulation (EU) 2017/583  ( 12 ) and use the appropriate flags listed in Table 3 of Annex II to Delegated Regulation (EU) 2017/583.

Article 15Information to ESMA

1.   An applicant seeking authorisation to operate a consolidated tape (‘CT’) pursuant to Article 27db of Regulation (EU) No 600/2014 shall submit to ESMA the information set out in Articles 16 to 29.

2.   A CTP shall promptly inform ESMA of any material change to the information provided at the time of the authorisation or thereafter.

Article 16Information on ownership

1.   An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall include in its application for authorisation:

(a)

a list containing the name of each person or entity who directly or indirectly holds 10 % or more of the applicant’s capital or of its voting rights or whose holding makes it possible to exercise a significant influence on the applicant;

(b)

a list of all undertakings in which a person or entity referred to in point (a) holds 10 % or more of the capital or voting rights or on which that person or entity exercises a significant influence;

(c)

a chart showing the ownership links between the parent undertaking, any subsidiaries and any other associated entities or branches.

2.   The undertakings mentioned in the chart referred to in paragraph 1, point (c), shall be identified by their full name, legal status and legal address.

Article 17Information on the organisation

1.   An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall include in its application for authorisation the following information on the organisation:

(a)

information on the organisational structure of the applicant, including an organisational chart and a description of the human, technical and legal resources allocated to its business activities;

(b)

information on the operational separation policies and procedures to ensure segregation between the CTP and any other activities performed by the applicant;

(c)

information on the compliance policies and procedures of the CTP, including:

(i)

the name of the person or persons responsible for the approval and maintenance of those policies;

(ii)

the arrangements to monitor and enforce the compliance policies and procedures;

(iii)

the measures to be undertaken in the event of a breach which may result in a failure to meet the conditions for initial authorisation;

(iv)

a description of the procedure for reporting to ESMA any breach which may result in a failure to meet the conditions for initial authorisation;

(d)

a list of all outsourced functions and resources allocated to the control of the outsourced functions.

2.   A CTP offering services other than data reporting services shall describe those services in the organisational chart provided under paragraph 1, point (a).

Article 18Information on corporate governance

1.   An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall include in its application for authorisation information on the internal corporate governance policies and the procedures which govern its management body, senior management, and, where established, committees.

2.   The information set out in paragraph 1 shall include:

(a)

a description of the processes for selection, appointment, performance evaluation and removal of senior management and members of the management body;

(b)

a description of the reporting lines and the frequency of reporting to the senior management and the management body;

(c)

a description of the policies and procedures on access to documents by members of the management body.

Article 19Information on the members of the management body

1.   An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall include in its application for authorisation the following information in respect of each member of the management body:

(a)

name, date and place of birth, personal national identification number or an equivalent thereof, address and contact details;

(b)

the position for which that member is or will be appointed;

(c)

a curriculum vitae evidencing sufficient experience and knowledge to adequately perform the conferred responsibilities;

(d)

proof of the absence of criminal records relating to money laundering, terrorist financing, provision of financial services or data services, acts of fraud or embezzlement, notably through an official certificate, or, where such a certificate is not available in the relevant Member State, a self-declaration of good repute and the authorisation to ESMA to request information about whether that member has been convicted of a criminal offence in connection with money laundering, terrorist financing, the provision of financial services or data services or in relation to acts of fraud or embezzlement;

(e)

a self-declaration of good repute and the authorisation to ESMA to request information about whether that member:

(i)

has been subject to an adverse decision in any proceedings of disciplinary nature brought by a regulatory authority or government body;

(ii)

has been subject to an adverse judicial finding in civil proceedings before a court in connection with the provision of financial or data services, or for misconduct or fraud in the management of a business;

(iii)

has been part of the management body of an undertaking which was subject to an adverse decision or penalty by a regulatory authority or whose registration or authorisation was withdrawn by a regulatory authority;

(iv)

has been refused the right to carry on activities which require registration or authorisation by a regulatory authority;

(v)

has been otherwise fined, suspended, disqualified, or been subject to any other sanction in relation to fraud, embezzlement or in connection with the provision of financial or data services, by a professional body;

(vi)

has been disqualified from acting as a director, disqualified from acting in any managerial capacity, dismissed from employment or other appointment in an undertaking as a consequence of misconduct or malpractice;

(f)

an indication of the minimum time that is to be devoted to the performance of the member’s functions within the CTP;

(g)

a declaration of any potential conflicts of interest that may exist or arise in performing the duties and how those conflicts are managed.

2.   The information set out in paragraph 1 shall also be included in the notifications referred to in Article 27f(2) of Regulation (EU) No 600/2014 as regards CTPs. A CTP shall notify electronically to ESMA any change to the membership of its management body before such change takes effect.

Where, for substantiated reasons, it is not possible to make the notification before that change takes effect, it shall be made within 10 working days after the change has occurred.

3.   A CTP shall record the information set out in paragraph 1 in a medium which enables its storage in a way that ensures that the information is accessible for future reference and which allows for the unchanged reproduction of the information stored. A CTP shall keep that information up-to-date.

4.   A CTP shall keep the information set out in paragraph 1, points (d) and (e), for no longer than five years after the concerned member has ceased to perform its function.

5.   Where the proof referred to in paragraph 1, point (d), contains information on other criminal convictions than those listed in that provision, a CTP shall ensure that only persons responsible for the assessment of the suitability of the members of the management body have access to that information. That information shall be stored separately from other information regarding a member of the management body. Access to that information shall be recorded. That information shall not be stored where it concerns candidate members of the management body that have not been appointed.

6.   ESMA shall keep the information set out in paragraph 1, points (d) and (e), for no longer than five years after the concerned member of the management body has ceased to perform its function.

Article 20Information on internal controls

1.   An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall include in its application for authorisation detailed information regarding its internal control’s environment. This shall include information regarding its internal control function, compliance function, risk management function and its internal audit function.

2.   The detailed information set out in paragraph 1 shall contain:

(a)

an outline of the organisation of the applicant’s internal control, risk management, compliance and internal audit functions, including where the applicant relies on outsourced functions;

(b)

an assessment of the key risks that may arise in the operation of the CT;

(c)

the applicant’s internal control policies and procedures to ensure the consistent and effective implementation of those policies;

(d)

any policies, procedures and manuals for monitoring and evaluating the adequacy and effectiveness of the applicant’s systems;

(e)

any policies, procedures and manuals for controlling and safeguarding the applicant’s information processing systems;

(f)

the identity of the internal bodies in charge of evaluating any findings resulting from the performance of the internal control and deciding on their outcome.

3.   With respect to the applicant’s internal audit function, the detailed information referred to in paragraph 1 shall contain the following:

(a)

information on the applicant’s adherence to national or international professional standards;

(b)

any internal audit function charter, methodologies, and procedures;

(c)

an explanation of how the internal audit methodology, if any, is developed and applied taking into account the nature of the applicant’s activities, complexities and risks;

(d)

where there is an Internal Audit Committee:

(i)

information on its composition, competences and responsibilities;

(ii)

its work plan for the three years following the date of application, taking into account the nature and extent of the applicant’s activities, complexities and risks.

Article 21Information on conflicts of interest

An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall include in its application for authorisation the information regarding its administrative arrangements designed to prevent conflicts of interest. Such arrangements shall include policies and procedures for identifying, managing and disclosing existing and potential conflicts of interest and shall contain:

(a)

an inventory of existing and potential conflicts of interest, setting out their description, identification, prevention, management and disclosure;

(b)

the separation of duties and business functions within the CTP, including:

(i)

measures to prevent or control the exchange of information where a risk of conflicts of interest may arise;

(ii)

the separate supervision of relevant persons whose main functions involve interests that are potentially in conflict with those of a client;

(c)

a description of the remuneration policy for the members of the management body and senior management;

(d)

the rules regarding the acceptance of money, gifts or favours by staff of the CTP and its management body.

Article 22Information on business operativity

1.   An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall include in its application the following information:

(a)

the expected total capital expenditure to develop the CT;

(b)

the expected operating expenditure to run the CT;

(c)

a description of the liquid net assets funded by equity to cover potential general business losses in order to continue providing services taking into account the information referred to in points (a) and (b).

2.   An applicant seeking authorisation to operate the CT for bonds shall also provide terms of reference, statutes, contracts, or other documentation to demonstrate the existence of arrangements for revenue redistribution in accordance with Article 27h(5) of Regulation (EU) No 600/2014.

Article 23Information on outsourcing

1.   An applicant seeking authorisation to operate a CT that arranges for activities to be performed on its behalf by third-party service providers, including undertakings with which it has close links, shall include in its application for authorisation confirmation that the third-party service provider has the ability and the capacity to perform the activities reliably and professionally.

2.   The applicant shall specify which of the activities are to be outsourced, including a specification of the level of human and technical resources needed to carry out each of those activities.

3.   The applicant that outsources activities shall provide evidence that the outsourcing does not reduce its ability or power to perform senior management or management body functions.

4.   The applicant shall provide evidence that it remains responsible for any outsourced activity and shall adopt organisational measures to ensure:

(a)

that it assesses whether the third-party service provider is carrying out outsourced activities effectively and in compliance with applicable laws and regulatory requirements and adequately addresses identified failures;

(b)

the identification of the risks in relation to outsourced activities and adequate periodic monitoring;

(c)

adequate control procedures with respect to outsourced activities, including effectively supervising the activities and their risks within the CTP;

(d)

adequate business continuity of outsourced activities.

For the purposes of point (d), the applicant shall obtain information on the business continuity arrangements of the third-party service provider, assess its quality and, where needed, request improvements.

5.   Where the applicant outsources any critical or important function, it shall provide ESMA with:

(a)

the identification of the third-party service provider;

(b)

the organisational measures and policies with respect to outsourcing and the risks posed by it as specified in paragraph 4;

(c)

internal or external reports on the outsourced activities.

Article 24Information on market data fees and licensing models

An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall provide ESMA with the information referred to in Article 17 of Delegated Regulation (EU) 2025/1156.

Article 25Information on digital operational resilience

1.   An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall include in its application for authorisation evidence of compliance with the requirements on ICT risk management organisation and capabilities, operational resilience strategy and testing, incident management and ICT third-party risk monitoring under Regulation (EU) 2022/2554.

2.   The information set out in paragraph 1 shall include documents regarding the applicant’s arrangements, in accordance with Regulation (EU) 2022/2554, on:

(a)

ICT risk management;

(b)

ICT-related incident management;

(c)

digital operational resilience testing;

(d)

ICT third-party risk monitoring.

3.   The information set out in paragraph 1 shall take into account the size and overall risk profile, and the nature, scale and complexity of the applicant’s services, activities and operations.

Article 26Information on energy efficiency

1.   An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall provide in its application for authorisation information on the expected power utilisation effectiveness ratio as defined by ISO/IEC 30134-2:2016  ( 13 ) and the best practices referred to in the most recent version of the European Code of Conduct on Data Centre Energy Efficiency.

2.   For the purposes of the expected power utilisation effectiveness ratio referred to in paragraph 1, the applicant shall consider the activities set out in points 8.1 of Annexes I and II to Commission Delegated Regulation (EU) 2021/2139  ( 14 ) .

Article 27Information on record keeping arrangements

An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall provide ESMA with information on the arrangements adopted to ensure that:

(a)

each key stage of the CTP business may be reconstituted;

(b)

the original content of a record related to its business in accordance with Article 27ha(3) of Regulation (EU) No 600/2014 before any corrections or other amendments may be recorded, traced and retrieved;

(c)

measures to prevent unauthorised alteration of such records are in place;

(d)

the data recorded are secured and confidential;

(e)

a mechanism for identifying and correcting errors is incorporated in the record keeping system;

(f)

in the case of a system failure, the records are timely recovered.

Article 28Information on organisational requirements

An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall provide ESMA with the information on the arrangements in place to ensure compliance with the organisational requirements laid down in Article 27h of Regulation (EU) No 600/2014.

Article 29Information on reception, consolidation and dissemination of data and data quality

An applicant seeking authorisation to operate a CT pursuant to Article 27db of Regulation (EU) No 600/2014 shall provide ESMA with information on:

(a)

the transmission protocols referred to in Article 22a of Regulation (EU) No 600/2014, in accordance with the requirements set out in Article 2 of Delegated Regulation (EU) 2025/1155;

(b)

the technical features of the systems adopted to ensure that the speed of dissemination of core market data and regulatory data matches the information on the basis of which the applicant was selected;

(c)

the methods adopted to ensure data quality, in accordance with the requirements set out in Article 10 of Delegated Regulation (EU) 2025/1155;

(d)

the documentation certifying that the modern interface technologies adopted for the dissemination of market data and for connectivity comply with the minimum requirements set out in Article 9 of Delegated Regulation (EU) 2025/1155.

Article 30Information from joint applicants

In addition to the requirements set out in Article 15, joint applicants seeking authorisation to operate a CT shall include in their application for authorisation information on the necessity in terms of technical and logistical capacity for each applicant to jointly operate the CT.

Article 31Repeal

Delegated Regulation (EU) 2017/571 is repealed.

References to the repealed Regulation shall be construed as references to this Regulation.

Article 32Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union .

32 articles

Cite this act

Commission Delegated Regulation (EU) 2025/1143 of 12 June 2025 supplementing Regulation (EU) No 600/2014 of the European Parliament and of the Council with regard to regulatory technical standards on the authorisation and organisational requirements for approved publication arrangements and approved reporting mechanisms, and on the authorisation requirements for consolidated tape providers, and repealing Commission Delegated Regulation (EU) 2017/571 (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32025R1143

© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.

EU-EurLex-Reuse-2011-833

本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com