Home Über uns Sitemap Login Registrieren
Commission Delegated Regulation (EU) 2025/292 of 26 September 2024 supplementing ... (32025R0292)
EU - Rechtsakte: 10 Economic and monetary policy and free movement of capital
2025/292
13.2.2025

COMMISSION DELEGATED REGULATION (EU) 2025/292

of 26 September 2024

supplementing Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to regulatory technical standards establishing a template document for cooperation arrangements between competent authorities and supervisory authorities of third countries

(Text with EEA relevance)

THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (1), and in particular Article 107(3), third subparagraph, thereof,
Whereas:
(1) Article 107(1) of Regulation (EU) 2023/1114 requires the competent authorities of Member States to conclude, where necessary, cooperation arrangements with supervisory authorities of third countries concerning the exchange of information and the enforcement of obligations arising under that Regulation in third countries.
(2) In concluding new cooperation arrangements and updating existing cooperation arrangements with third-country authorities, the competent authorities should, where possible, use the template document set out in this Regulation.
(3) Any transfer of personal data to supervisory authorities of third countries should be undertaken in full compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council (2). Appropriate safeguards for the exchange of personal data between competent authorities of Member States and supervisory authorities of third countries may be provided for, among other things, by administrative arrangements referred to in Article 46(3), point (b), of Regulation (EU) 2016/679, which include enforceable and effective data subject rights.
(4) This Regulation is based on the draft regulatory technical standards developed by the European Securities and Markets Authority (ESMA), in close cooperation with the European Banking Authority and submitted to the Commission.
(5) ESMA has not conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, nor has it analysed the potential related costs and benefits of introducing such standards, as to have done so would have been disproportionate in relation to the scope and impact of those standards, taking into account the fact that the addressees of the standards would only be the competent authorities of the Member States and not market participants.
(6) ESMA has requested the advice of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council (3).
(7) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (4) and delivered an opinion on 27 May 2024,
HAS ADOPTED THIS REGULATION:

Article 1

Cooperation arrangements

The template document to be used by competent authorities of Member States, where possible for cooperation arrangements pursuant to Article 107(1) of Regulation (EU) 2023/1114 is set out in the Annex to this Regulation.

Article 2

Transfers of personal data

Where competent authorities rely on an administrative arrangement pursuant to Article 46(3), point (b), of Regulation (EU) 2016/679 for the transfer of personal data to supervisory authorities of third countries, that arrangement shall be annexed to the cooperation arrangement entered into in accordance with Article 107(1) of Regulation (EU) 2023/1114.

Article 3

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the
Official Journal of the European Union
.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 26 September 2024.
For the Commission
The President
Ursula VON DER LEYEN
(1)  
OJ L 150, 9.6.2023, p. 40
, ELI:
http://data.europa.eu/eli/reg/2023/1114/oj
.
(2)  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (
OJ L 119, 4.5.2016, p. 1
, ELI:
http://data.europa.eu/eli/reg/2016/679/oj
).
(3)  Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (
OJ L 331, 15.12.2010, p. 84
, ELI:
http://data.europa.eu/eli/reg/2010/1095/oj
).
(4)  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (
OJ L 295, 21.11.2018, p. 39
, ELI:
http://data.europa.eu/eli/reg/2018/1725/oj
).

ANNEX

Template document for cooperation arrangements concerning the exchange of information between competent authorities of Member States and supervisory authorities of third countries and the enforcement of obligations arising under Regulation (EU) 2023/1114 in third countries

1.   

Introduction

Description of each signatory authority’s legal basis for the exchange of information in order for them to carry out their duties in accordance with their laws and regulations relating to markets in crypto-assets.
Declaration that pursuant to the laws and regulations that constitute the legal basis for exchange of information, the signatory authorities are to provide each other with reciprocal mutual assistance in accordance with the cooperation arrangements.
Declaration that the provisions of the cooperation arrangements are not intended to create legally binding obligations or supersede domestic law.

2.   

Definitions

An appropriate list of definitions covering the terms used in the cooperation arrangements.

3.   

Type of assistance to be provided

Description of the type of assistance to be provided in accordance with Article 94 of Regulation (EU) 2023/1114 such as:
(a) obtaining information held in the files of the requested authority;
(b) obtaining statements or information from any person;
(c) obtaining documents from persons or entities including through the performance of on-site inspections;
(d) obtaining data traffic records, insofar as permitted by national law and, where applicable, with the assistance of the appropriate judicial authority depending on the implementation of Article 94(3), point (e), of Regulation (EU) 2023/1114 or any equivalent power under the laws of the relevant third country;
(e) obtaining or assisting in obtaining the freezing or sequestration of assets in accordance with Article 94(3), point (f), of Regulation (EU) 2023/1114 or any equivalent power under the laws of the relevant third country;
(f) obtaining or assisting in obtaining the temporary cessation of any practice or conduct that is considered contrary to the laws and regulations relating to markets in crypto-assets in accordance with Article 94(1), point (v), of Regulation (EU) 2023/1114 or any equivalent power under the laws of the relevant third country.

4.   

General provisions – denial of assistance

A list of cases in which cooperation requests may be denied by competent authorities shall include:
(a) the request is not made in compliance with the cooperation arrangements;
(b) the request would require the requested authority to act in a manner that would violate domestic law;
(c) communication of the relevant information could adversely affect the security of the jurisdiction addressed, in particular the fight against terrorism or other serious crimes;
(d) complying with the request could adversely affect the own investigation, such as criminal investigation, by the requested authority or its enforcement activities;
(e) judicial proceedings have already been initiated in respect of the same actions and against the same persons before the relevant authorities of the jurisdiction addressed;
(f) a final judgment has already been delivered in relation to the same persons for the same actions in the jurisdiction addressed, unless the requesting authority can demonstrate that the relief or sanctions sought in any proceedings initiated by the requesting authority would not be of the same nature or duplicative of any relief or sanctions obtained in the jurisdiction of the requested authority.
Assistance shall not be denied on the ground that the type of conduct under investigation is not a violation of the laws and regulations relating to markets in crypto-assets of the jurisdiction of the requested authority.

5.   

Sending and processing requests for assistance

Description of the procedure for sending and processing requests for assistance.

6.   

Permissible uses of information

Description of the rules on the permissible use of the information in accordance with Article 107(5) of Regulation (EU) 2023/1114 and that the information provided shall be intended for the performance of the tasks of the requesting authority to ensure compliance with and enforce the laws and regulations relating to markets in crypto-assets. The information exchanged shall be used solely for the purposes set forth in the request for assistance.
If a requesting authority intends to use the information provided under the cooperation arrangements for any purpose other than that stated in this section, it shall obtain the prior consent of the requested authority.

7.   

Processing of personal data

Indication that the processing of personal data shall be undertaken in full compliance with Regulation (EU) 2016/679.

8.   

Confidentiality restrictions

Description of the rules on confidentiality of any information disclosed, received, exchanged or transmitted. The description shall include the following:
(a) all information exchanged between the signatory authorities under the cooperation arrangements that concerns business or operational conditions or other economic or personal affairs shall be considered to be confidential and shall be subject to the requirements of professional secrecy, except where the requested authority states, at the time of transmission of information, that the information may be disclosed, or where such disclosure is necessary for legal proceedings;
(b) the obligation of professional secrecy applies to all natural and legal persons who work or who have worked for the signatory authorities. Information covered by professional secrecy may not be disclosed to any other natural or legal person or authority except by virtue of provisions laid down by Union or national law, or by virtue of provisions laid down in the laws of the relevant third country at least equivalent to such provisions.
The information exchanged shall not be disclosed to any other authority or entity except with the prior agreement of the signatory authority which provided it.

9.   

General provisions – identification of a contact point

To facilitate cooperation under the arrangements, designation of contact points by the signatory authorities.

10.   

General provisions – revision clause

Periodical review by the signatory authorities of the functioning and effectiveness of the cooperation arrangements with a view to expanding or altering the scope or operation of the arrangements, where necessary.

11.   

Other provisions – Miscellaneous

ELI: http://data.europa.eu/eli/reg_del/2025/292/oj
ISSN 1977-0677 (electronic edition)
Markierungen
Leseansicht