Final Report on draft technical standards for cooperation and information exchange under MiCA

25 March 2024 ESMA75-453128700-949 0 Final Report Draft technical standards specifying requirements for cooperation, exchange of information, and notification between competent authorities, European Supervisory Authorities (ESAs), and third countries under the Markets in Crypto Assets Regulation (MiCA)

1 Table of Contents 1 Executive Summary ........................................................................................................3 2 Draft RTS specifying the information to be exchanged between competent authorities, pursuant to Article 95(10) of MiCA..........................................................................................4 2.1 Background and legal basis .....................................................................................4 2.2 Assessment .............................................................................................................5 3 Draft ITS specifying the relevant standard forms, templates and procedures for the exchange of information between competent authorities, pursuant to Article 95(11) of MiCA.6 3.1 Background and legal basis .....................................................................................6 3.2 Assessment .............................................................................................................6 4 Draft ITS on forms for information exchange between competent authorities and ESMA/EBA, pursuant to Article 96(3) of MiCA........................................................................8 4.1 Background and legal basis .....................................................................................8 4.2 Assessment .............................................................................................................8 5 Draft RTS on the cooperation template with third countries, pursuant to Article 107(3) of MiCA....................................................................................................................................10 5.1 Background and legal basis ...................................................................................10 5.2 Assessment ...........................................................................................................10 6 Annexes........................................................................................................................12 6.1 Annex I: Advice of the Securities and Markets Stakeholder Group.........................12 6.2 Annex II: Feedback on the advice from the SMSG.................................................13 6.3 Annex III: Draft regulatory technical standards specifying the information to be exchanged between competent authorities, pursuant to Article 95(10) of MiCA................14 6.4 Annex IV: Draft implementing technical standards specifying the relevant standard forms, templates and procedures to the exchange of information between competent authorities, pursuant to Article 95(11) of MiCA..................................................................24 6.5 Annex V: Draft implementing technical standards on forms for information exchange between competent authorities and ESMA/EBA, pursuant to Article 96(3) of MiCA ..........49 6.6 Annex VI: Draft regulatory technical standards on the cooperation template with third countries, pursuant to Article 107(3) of MiCA............................................................64

2 List of acronyms EBA European Banking Authority ESCPR Regulation (EU) 2020/1503 of the European Parliament and of the Council of 7 October 2020 on European crowdfunding service providers for business ESMA European Securities and Markets Authority ESAs European Supervisory Authorities ITS Implementing technical standards MAR Regulation (EU) No 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse (MAR) MiCA Regulation (EU) 2023/1114 of the European Parliament and the Council of 31 May 2023 on markets in crypto-assets (MiCA) MiFID II Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (MiFID II) NCAs National competent authority/authorities of EU Member States RTS Regulatory technical standards SMSG Securities and Markets Stakeholder Group

3 1 Executive Summary Reasons for publication The Regulation (EU) 2023/1114 on Markets in Crypto-Assets (MiCA) was published in the Official Journal of the EU on 9 June 2023. The European Securities and Markets Authority (ESMA) has been empowered to develop technical standards and guidelines specifying certain provisions of MiCA. To fulfil this empowerment, ESMA has drafted technical standards for those mandates found in Chapter 1 of Title VII dealing with the powers of competent authorities and cooperation between competent authorities, the European Banking Authority (EBA), and ESMA. These technical standards detail how competent authorities, the European Supervisory Authorities (ESAs), and third-country authorities should cooperate with each other in the performance of their duties under MiCA. Contents This report contains two draft Regulatory Technical Standards (RTS) and two Implementing Technical Standards (ITS) relating to (i) the exchange of information between competent authorities, (ii) procedures, forms and templates for the exchange of information between competent authorities, (iii) procedures, forms and templates for exchange of information between competent authorities and ESMA/EBA, and (iv) the template for cooperation with third-country authorities. In accordance with Article 15 of the ESMA Regulation1 , ESMA did not conduct an open public consultation on the draft technical standards, nor did it analyse the potential related costs and benefits, as this would have been disproportionate in relation to the scope of those standards, taking into account that their addressees are solely the competent authorities of the Member States and not market participants, and their limited financial impact. However, ESMA sought advice and received support from the ESMA Securities and Markets Stakeholder Group (SMSG) established under Regulation (EU) No 1095/2010. Next Steps ESMA will submit the Final Report as well as the draft regulatory and implementing standards to the European Commission. The Commission has three months to decide whether to adopt the technical standards (respectively by means of Commission Delegated Regulations (regulatory technical standards) and Commission Implementing Regulations (implementing technical standards). The Commission may extend that period by one month. The regulatory technical standards will also be subject to non-objection by the European Parliament and Council.

4 2 Draft RTS specifying the information to be exchanged between competent authorities, pursuant to Article 95(10) of MiCA 2.1 Background and legal basis Article 95 (10) of MiCA: ESMA, in close cooperation with EBA, shall develop draft regulatory technical standards to further specify the information to be exchanged between competent authorities pursuant to paragraph

1. ESMA shall submit the draft regulatory technical standards referred to in the first subparagraph to the Commission by 30 June 2024. Power is delegated to the Commission to supplement this Regulation by adopting the regulatory technical standards referred to in the first subparagraph of this paragraph in accordance with Articles 10 to 14 of Regulation (EU) No. 1095/2010.
2. Recital 100 of MiCA emphasises the cross-border nature of markets in crypto-assets. For this reason, the competent authorities under MiCA should cooperate with each other to detect and deter any infringements of MiCA.
3. Article 95 of MiCA requires competent authorities to cooperate with one another for the purposes of investigation, supervision and enforcement activities under MiCA, providing a baseline level of detail on what is expected of them.
4. In particular, Article 95(1) of MiCA, which is referenced in the mandate, specifies that “competent authorities should render assistance to competent authorities of other Member States, and to EBA and ESMA, that they must exchange information without undue delay and cooperate in investigation, supervision and enforcement activities. Where Member States have laid down criminal penalties for the infringements of MiCA, they should ensure that appropriate measures are in place so that competent authorities have all the necessary powers to liaise with judicial, prosecuting or criminal justice authorities within their jurisdiction to receive specific information related to criminal investigations or proceedings commenced for infringements of this Regulation and to provide the same information to other competent authorities as well as to EBA and ESMA, in order to fulfil their obligation to cooperate for the purposes of this Regulation”.
5. Article 95(10) of MiCA requires ESMA to develop, in close coordination with EBA, draft RTS to further specify the information to be exchanged between competent authorities pursuant to Article 95(1) of MiCA. 1 Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC

5 2.2 Assessment 5. Considering the cross-border nature of markets in crypto-assets, it is necessary to ensure that competent authorities cooperate effectively in a variety of contexts and be able to exchange all the information that may be needed to undertake their supervisory, investigatory and enforcement duties effectively. Depending on the situation, the relevant information may range from supervisory information to information relating to market abuse oversight. It is particularly important for competent authorities to exchange information on suspicions of infringements and breaches of compliance with MiCA, to enable effective reactions from all relevant competent authorities. 6.. Commission Delegated Regulation (EU) 2017/586, Commission Implementing Regulation (EU) 2018/292 and Commission Delegated Regulation (EU) 2022/2113, which respectively relate to MiFID II, MAR and ECSPR, provided a basis for the information to be specified in this draft RTS ensuring consistency with existing EU financial regulations, while taking into account the specificities and supervisory experience relating to markets in crypto-assets. 7. In order to ensure smooth cooperation between competent authorities in the exercise of their mandates under MiCA, via these draft RTS, ESMA specifies a non-exhaustive list of the information relevant for competent authorities to exchange for the purposes of MiCA. 8. The Securities and Markets Stakeholder Group (SMSG) supported the adoption of the technical standards. The only modifications to this RTS since consulting the SMSG have stemmed from ESMA’s legal review and involved the removal of (i) information relating to the circumstances (e.g. upon request or proactively) in which the listed information should be exchanged and (ii) information to be shared between authorities as already listed in Regulation (EU) 2023/1114. 9. ESMA’s draft RTS on the information to be exchanged between competent authorities under MiCA referred to in Article 95(10) of MiCA is set out in Annex III (section 6.3).

6 3 Draft ITS specifying the relevant standard forms, templates and procedures for the exchange of information between competent authorities, pursuant to Article 95(11) of MiCA 3.1 Background and legal basis Article 95 (11) of MiCA: ESMA, in close cooperation with EBA, shall develop draft implementing technical standards to establish standard forms, templates and procedures for the cooperation and exchange of information between competent authorities. ESMA shall submit the draft implementing technical standards referred to in the first subparagraph to the Commission by 30 June 2024. Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph of this paragraph in accordance with Article 15 of Regulation (EU) No. 1095/2010. 10. Recital 100 of MiCA emphasises the cross-border nature of markets in crypto-assets. For this reason, the competent authorities under MiCA should cooperate with each other to detect and deter any infringements of MiCA. To enable strong cooperation on enforcement, it is imperative that the competent authorities exchange information among one another in a timely and standardised manner. 11. Article 95 of MiCA requires competent authorities to cooperate with one another for the purposes of investigation, supervision and enforcement activities under MiCA, providing a baseline level of detail on what is expected of them. 12. Article 95(11) of MiCA empowers ESMA to develop draft ITS to specify the procedures, templates and forms that competent authorities should use to ensure smooth and efficient cooperation with each other. 3.2 Assessment 13. Technical standards on the cooperation, exchange of information, or on the consultation process between competent authorities that have been developed by ESMA under existing financial legislation served as a precedent for the draft ITS under Article 95(11) of MiCA. Similar provisions are found in (i) the ITS on the procedures and forms for exchange of information and assistance between competent authorities on market abuse under Market MAR2 and (ii) the ITS on standard forms, templates and procedures for cooperation in supervisory activities, for onsite verifications and investigations and exchange of information between competent authorities under MiFID II.3 14. The draft ITS set out rules for competent authorities requesting cooperation or information from other competent authorities and the procedures for the requested competent authorities 2 Commission Implementing Regulation (EU) 2018/292 3 Commission Implementing Regulation (EU) 2017/980 and 981

7 replying to those requests. The draft ITS also establish the procedures for requests (i) to take a statement from a person, (ii) to open investigations or carry out on-site inspections, and (iii) for the provision of unsolicited information. In addition, the draft ITS set out in Annexes the forms and templates to be used by competent authorities. 15. Inspired by similar provisions contained in MiFID II Implementing Regulation, the draft ITS include a distinction between urgent and non-urgent requests to ensure that a competent authority can quickly obtain the necessary time-sensitive information or action from other competent authorities whenever needed to stop or prevent significant harm or potential significant harm to investors or the stability of or trust in the financial system. 16. In their advice on this set of draft ITS under MiCA, the SMSG supported the adoption of the technical standards, without additional comments. Only non-material changes have been made to these draft ITS since consulting the SMSG. 17. ESMA’s draft ITS specifying the information to be exchanged between competent authorities and the relevant standard forms, templates and procedures referred to in Articles 95 (11) of MiCA are set out in Annex IV (section 6.4).

8 4 Draft ITS on forms for information exchange between competent authorities and ESMA/EBA, pursuant to Article 96(3) of MiCA 4.1 Background and legal basis Article 96 (3) of MiCA: ESMA, in close cooperation with EBA, shall develop draft implementing technical standards to establish standard forms, templates and procedures for the cooperation and exchange of information between competent authorities and EBA and ESMA. ESMA shall submit the draft implementing technical standards referred to in the first subparagraph to the Commission by 30 June 2024. Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph of this paragraph in accordance with Article 15 of Regulation (EU) No. 1095/2010. 18. Article 96 of MiCA lays down the obligation for competent authorities to cooperate and exchange information with ESMA and EBA. To ease such cooperation and exchange of information, Article 96(3) of MiCA empowers ESMA, in cooperation with EBA, to establish, through ITS, standard forms, templates and procedure for the cooperation and exchange of information between competent authorities and ESMA and EBA, in different fields pertaining to markets in crypto-assets. 19. Article 96(1) of MiCA specifies that the information that competent authorities shall exchange with the EBA and ESMA is that which is necessary in order for the authorities to carry out their respective duties under Chapters 1, 2 and 3 of Title VII of MiCA. Such information consists of requests or notifications by NCAs to ESMA and/or EBA relating to cooperation, investigations, precautionary measures, the compilation of ESMA or EBA registers and the reporting of administrative penalties and measures. 4.2 Assessment 20. ESMA used the technical standards on the cooperation and exchange of information between NCAs and ESMA and other entities that have been developed under existing financial legislation as a basis for the draft ITS under Article 96(3) of MiCA. In particular, the structure of the ITS on the procedures and forms for exchange of information and cooperation between NCAs, ESMA, the Commission and other entities4 under Articles 24(2) and 25 of MAR is relevant also to the MiCA environment. 21. Given that the scope of the draft ITS does not extend to the entire set of provisions contained in MICA, but is limited to certain provisions thereof, it was necessary to draw up procedures 4 Commission Implementing Regulation (EU) 2020/1406

9 and documents that were fit to cover the exchanges of information provided for in the relevant provisions (Chapters 1, 2 and 3 of Title VII of MiCA). 22. Accordingly, the proposed draft ITS set out streamlined procedures and templates that should ease the communication between competent authorities and ESMA and EBA. For this reason, the cooperation request form (Annex I of the draft ITS) lists the specific cases in which a request for information can be made, and for which the exchange of information is to take place. 23. The SMSG provided advice supporting the adoption of the technical standards without making further comments. Only non-material changes have been made to this draft ITS since consulting the SMSG. 24. ESMA’s draft ITS specifying the information to be exchanged between NCAs and ESMA and EBA and the relevant standard forms, templates and procedures referred to in Articles 96 (3) of MiCA are set out in Annex V (section 6.5).

10 5 Draft RTS on the cooperation template with third countries, pursuant to Article 107(3) of MiCA 5.1 Background and legal basis Article 107 (3) of MiCA: ESMA, in close cooperation with EBA, shall develop draft regulatory technical standards establishing a template document for cooperation arrangements referred to in paragraph 1 for use by competent authorities of Member States where possible. ESMA shall submit the draft regulatory technical standards referred to in the first subparagraph to the Commission by 30 June 2024. Power is delegated to the Commission to supplement this Regulation by adopting the regulatory technical standards referred to in the first subparagraph of this paragraph in accordance with Articles 10 to 14 of Regulation (EU) No. 1095/2010. 25. Article 107(1) of MiCA requires that NCAs “where necessary, conclude cooperation arrangements with supervisory authorities of third countries concerning the exchange of information with those supervisory authorities of third countries and the enforcement of obligations under this Regulation in those third countries. Those cooperation arrangements shall ensure at least an efficient exchange of information that allows the competent authorities to carry out their duties under this Regulation. A competent authority shall inform EBA, ESMA and the other competent authorities where it intends to conclude such an arrangement”. 5.2 Assessment 26. The closest precedent to this draft RTS is the Commission Delegated Regulation (EU) 2021/1783, adopted pursuant to Article 26(2) of MAR. However, it is relevant to note that the scope of Article 107(1) MiCA is not limited to the detection and enforcement of market abuse5 . 27. Given the flexible approach offered by Commission Delegated Regulation (EU) 2021/1783 supplementing MAR in relation to the content of the cooperation arrangements with the supervisory authorities from third countries, ESMA has followed a similar structure6 . 5 Another precedent can be found in Commission Delegated Regulation (EU) 2018/1644 of 13 July 2018 supplementing Regulation (EU) 2016/1011 of the European Parliament and of the Council with regards to regulatory technical standards determining the minimum content of cooperation arrangements with competent authorities of third countries whose legal framework and supervisory practices have been recognised as equivalent. While Article 88 of MiFID II contains a similar provision on cooperation with third-country authorities without an ESMA mandate to establish a common template, Article 79(2) of MiFID II supplemented by Commission Implementing Regulation (EU) 2017/988, contains more specific provisions on cooperation arrangements in respect of a trading venue whose operations are of substantial importance in a host Member State that may be useful precedents when drafting the MiCA RTS. 6 Introduction; Definitions; Content of the assistance to be provided; General provisions- denial of assistance; Sending and processing requests for assistance; Permissible uses of information; Confidentiality restrictions; General provisions- identification of a contact point; General provisions- revision clause; Other provisions- Miscellaneous

11 28. Accordingly, the draft RTS establish a high-level template that can be used by the signatories of the agreements. This template is articulated around the cases in which it is possible to deny assistance, the types of assistance that can be provided, the permissible uses of information and the applicable confidentiality restrictions. 29. In particular, the requirements regarding the exchange of personal data are one of the main components of these cooperation agreements with non-EU authorities. 30. EU law7 introduces strong restrictions to the possibility for public authorities to share personal data. These restrictions also impact NCAs that can, as a result, only sign cooperation agreements and exchange information with the supervisory authorities of third countries where the disclosed information is subject to guarantees of professional secrecy that are at least equivalent to the ones set out in Article 100 of MiCA. 31. One of the main tools developed at a global level to facilitate these exchanges is the IOSCO Administrative Arrangement specifying the safeguards for the transfer of personal data8 . This Administrative Arrangement can be applicable to exchanges of data between EEA signatories and non-EEA signatories. 32. The possibility to include the Administrative Arrangement in an agreement is specifically addressed by Article 2 of the draft RTS, heavily inspired by Commission Delegated Regulation (EU) 2021/1783. This article determines that, “[W]here competent authorities avail themselves of the option to provide appropriate safeguards for the transfer of personal data to supervisory authorities of third countries in the form of an administrative arrangement pursuant to Article 46(3) of Regulation (EU) 2016/679, that arrangement shall be annexed to and constitute a part of the cooperation arrangement entered into in accordance with Article 107 of [MiCA]”. 33. The SMSG provided advice supporting the adoption of the technical standards without making further comments. Only non-material changes have been made to this draft RTS since consulting the SMSG. 34. ESMA’s draft RTS on the cooperation template with third countries referred to in Article 107(3) of MiCA are set out in Annex VI (section 6.6). 7 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data 8 https://www.iosco.org/about/?subsection=administrative_arrangement

12 6 Annexes 6.1 Annex I: Advice of the Securities and Markets Stakeholder Group On 18 December 2023, ESMA’s Securities and Markets Stakeholder Group adopted the following advice in relation to the draft technical standards proposed in this Final Report. “ESMA requested the opinion of the SMSG regarding two RTSs and two ITSs relating to (i) the exchange of information between competent authorities, (ii) procedures, forms and templates for the exchange of information between competent authorities, (iii) procedures, forms and templates for exchange of information between competent authorities and ESMA/EBA, and (iv) the template for cooperation with third-country authorities. The SMSG supports the adoption of the proposed technical standards. […] MiCA Regulation empowers ESMA to develop technical standards dealing with the powers of competent authorities and cooperation between competent authorities, the European Banking Authority (EBA), and ESMA. These technical standards detail how competent authorities, the European Supervisory Authorities (ESAs), and third-country authorities should cooperate with each other in the performance of their supervisory duties (and other requirements) under MiCA. ESMA requested the opinion of the SMSG regarding two RTSs and two ITSs relating to (i) the exchange of information between competent authorities, (ii) procedures, forms and templates for the exchange of information between competent authorities, (iii) procedures, forms and templates for exchange of information between competent authorities and ESMA/EBA, and (iv) the template for cooperation with third-country authorities. The SMSG, having examined the drafts, supports the adoption of the proposed technical standards.” See here for full advice: https://www.esma.europa.eu/sites/default/files/2023-12/ESMA24- 229244789-4623_SMSG_Advice_on_second_MiCA_package.pdf

13 6.2 Annex II: Feedback on the advice from the SMSG ESMA acknowledges the advice provided by the SMSG with regards to the four technical standards covered in this Final Report. The draft implementing technical standards proposed pursuant to Articles 95(11) and 96(3) of MiCA and the draft regulatory technical standards proposed pursuant to Article 107(3) of MiCA have not materially changed following the consultation of the SMSG. The only modifications to the draft regulatory standards proposed pursuant to Article 95(10) of MiCA since consulting the SMSG have stemmed from ESMA’s legal review and involved the removal of (i) information relating to the circumstances (e.g. upon request or proactively) in which the listed information should be exchanged and (ii) information to be shared between authorities as already listed in Regulation (EU) 2023/1114.

14 6.3 Annex III: Draft regulatory technical standards specifying the information to be exchanged between competent authorities, pursuant to Article 95(10) of MiCA COMMISSION DELEGATED REGULATION (EU) …/… of [•] supplementing Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to regulatory technical standards on information to be exchanged between competent authorities (Text with EEA relevance) THE EUROPEAN COMMISSION, Having regard to the Treaty on the Functioning of the European Union, Having regard to Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets and amending Regulation (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/19379 , and in particular Article 95 (10), third subparagraph, thereof, Whereas: (1) Markets in crypto-assets are inherently cross-border. It is therefore necessary for competent authorities to be able to exchange information that enables them to effectively supervise entities operating in their respective jurisdictions. (2) The information to be exchanged by competent authorities pursuant to Article 95(1) of Regulation (EU) 2023/1114 should therefore allow those authorities to effectively carry out their investigation, supervision and enforcement actitivites under that Regulation. Consequently, it is necessary to specify the information that competent authorities may need to exchange to be able to perform those tasks. (3) To ensure that competent authorities can effectively monitor the issuance and offer to the public of crypto-assets other than asset-referenced tokens and e-money tokens, competent authorities should exchange information relating to the crypto-assets themselves, including their technical characteristics and categorisation, but also information related to their offer, as well as their issuers, offerors and persons seeking admission to trading. In particular, competent authorities should exchange general information and documents allowing the identification of the relevant persons and understanding of the project, including notified crypto-asset white papers, as well as information related to identified breaches, imposed 9 OJ L 150, 9.6.2023, p. 40.

15 administrative penalties and measures, enforcement actions and relevant compliance and conduct history. (4) Similarly, to ensure that competent authorities can effectively supervise the issuance of asset-referenced tokens, competent authorities should exchange information relating to the technical characteristics of asset-referenced tokens. In addition to this, they should exchange information necessary to ensure that asset-referenced tokens are only issued by persons authorised to do so, and offered by the issuer or by a person authorised to do so by the issuer. Further, in order to assess compliance by issuers of asset-referenced tokens with Title III of Regulation (EU) 2023/1114, competent authorities should exchange information and documents on the prudential requirements and governance arrangements of the asset-referenced token issuer, including its management body and its suitability, its shareholders, imposed administrative penalties and measures, enforcement actions and information on asset-referenced token issuers’ relevant compliance and conduct history. (5) Competent authorities should, in order to be able to effectively monitor the issuance of e￾money tokens, exchange information relating to the technical characteristics of e-money tokens. Furthermore, competent authorities should exchange information to ensure that e￾money tokens are issued by entities referred to in Article 48(1) of Regulation (EU) 2023/1114, to ensure compliance by such issuers with the relevant requirements in accordance with Title IV of the same Regulation, and to exchange information on any imposed administrative penalties and measures, enforcement actions and e-money token issuers’ relevant compliance and conduct history. (6) To ensure that competent authorities can effectively monitor crypto-asset service providers, competent authorities should exchange general information and constituting documents and other documents that provide insight into the structure and operational activities of crypto-asset service providers. For the same reason, competent auhtorities should also exchange information about the authorisation process and the subsequent compliance with Title V of Regulation (EU) 2023/1114. This includes information on the management body of crypto-asset service providers, information on the suitability to manage a crypto-asset service provider and the reputation of the members of the management body, and information about shareholders, imposed administrative penalties and measures, enforcement actions and crypto-asset service providers’ relevant compliance and conduct history. (7) In order to discharge their supervisory duties in a comprehensive manner, competent authorities should also exchange relevant information on suspicions of market abuse. (8) Finally, competent authorities should exchange information regarding any suspicions of irregularities in the activities of natural and legal persons in scope of Regulation (EU) 2023/1114, as well as details of any risks these irregularities could pose to investor protection or financial stability. (9) The exchange of information between competent authorities in relation to investigation, supervision and enforcement activities should be carried out in compliance with the right to protection of personal data of the persons concerned, as set out in Articles 7 and 8,

16 respectively, of the Charter of Fundamental Rights of the European Union and must comply with Regulation (EU) 2016/679 of the European Parliament and of the Council10 . (10) This Regulation is based on the draft regulatory technical standards drafted by the European Securities and Markets Authority (ESMA) in close cooperation with the European Banking Authority (EBA) and submitted to the European Commission. (11) ESMA has requested the advice of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council11 . (12) ESMA did not conduct a public consultation or analysed the potential related costs and benefits of the draft regulatory technical standards on which this Regulation is based, as such consultation and analysis would have been highly disproportionate in relation to the scope and impact of those standards, taking into account the fact that those standards principally concern competent authorities, HAS ADOPTED THIS REGULATION: Article 1 Information to be exchanged in relation to crypto-assets other than asset-referenced tokens or e-money tokens Competent authorities shall exchange the following information about a crypto-asset other than an asset-referenced token or e-money token and, as applicable, about its issuer and/or offeror and/or person seeking its admission to trading and/or the operator of the trading platform or other person that has or should have drawn up the crypto-asset white paper referred to in Article 6 of Regulation (EU) 2023/1114: (a) general information and documents received in the context of the notification of an intended offer to the public or admission to trading, and where relevant supplemented thereafter, including: (i) their name, ISO 17442 legal entity identifier (LEI), registered address and, where different, head office, contact details, relevant excerpts from nationally held registers and where applicable articles of association, as referred to in Annex I of Regulation (EU) 2023/1114; (ii) all versions of the crypto-asset white paper drafted pursuant to Articles 4(1) and 5(1) of Regulation (EU) 2023/1114, and information relating to any updates made to it pursuant to article 12 of Regulation (EU) 2023/1114; (iii) all versions of the marketing communications referred to in Articles 4(1) and 5(1) of Regulation (EU) 2023/1114, and information relating to any updates made to them pursuant to article 12 of Regulation (EU) 2023/1114; 10 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1). 11 Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84).

17 (iv) all information on the offer to the public and admission to trading received pursuant to Article 8(6) of Regulation (EU) 2023/1114; (v) the explanation, as referred to in Article 8(4) of Regulation (EU) 2023/1114, of why the crypto-asset described in the crypto-asset white paper should not be considered to be a crypto-asset excluded from the scope of Regulation (EU) 2023/1114 pursuant to Article 2(4) of Regulation (EU) 2023/1114, or an e-money token, or an asset-referenced token; (vi) the description of the offer to the public of a crypto-asset and any information used to assess the conditions for the exemptions contained in Article 4(2) and Article 4(3) of Regulation (EU) 2023/1114; (b) information on any penalty, including criminal penalties, administrative measures or enforcement actions, imposed on the persons referred to in the introductory sentence of this Article; (c) any other information necessary for cooperating in investigation, supervision and enforcement activities concerning crypto-assets other than an asset-referenced tokens or e￾money tokens and the persons referred to in the introductory sentence of this Article pursuant to Article 95(1) of Regulation (EU) 2023/1114. Article 2 Information to be exchanged in relation to asset-referenced tokens Competent authorities shall exchange the following information about an asset-referenced token, its applicant issuer and issuer and, as applicable, its offeror and/or person seeking admission to trading of the asset-referenced token in accordance with Article 19(1) of Regulation (EU) 2023/1114 and/or relevant third parties pursuant to Article 34(5)(h) of that Regulation: (a) general information and documents received in the context of the application for authorisation as an issuer of asset-referenced tokens pursuant to Commission Delegated Regulation (EU) 2024/[XXX] [adopted pursuant to Article 18(6), third subparagraph, of Regulation (EU) 2023/1114], and where relevant supplemented thereafter in the framework of supervision, including: (i) their name, ISO 17442 legal entity identifier (LEI), registered address and, where different, head office, contact details, relevant excerpts from nationally held registers and where applicable articles of association and instruments of constitution; (ii) all versions of the crypto-asset white paper(s) referred to in Article 18(2) of Regulation (EU) 2023/1114, and information relating to any updates made to it pursuant to Article 25 of Regulation (EU) 2023/1114; (iii) all versions of the marketing communications referred to in Article 29 of Regulation (EU) 2023/1114; (iv) the legal opinion referred to in Article 18(2), point (e), of Regulation (EU) 2023/1114; (v) the programme of operations referred to in Article 18(2), point (d) of Regulation (EU) 2023/1114;

18 (vi) information about the members of the management body of the asset-referenced token issuer, including their name and information on the positions they hold within the management body and information necessary to assess their good repute and suitability, in particular information about their relevant knowledge, skills, work experience and time committed to their duties within the management body of the asset￾referenced token issuer, and the information about their reputation listed in Article [8(1)(e)] of Commission Delegated Regulation (EU) 2024/[XXX] [adopted pursuant to Article 18(6), third subparagraph, of Regulation (EU) 2023/1114]; (vii) where relevant, information on, and the competent authority’s assessment of, any changes to the management body of the issuer of asset-referenced tokens as referred to in Article 33 of Regulation (EU) 2023/1114; (viii) information about shareholders who hold 20% or more of the share capital or voting rights of the issuer of asset-referenced tokens, including their identity, the amount of their holdings and the information about their reputation listed in Article [2(a)] of Commission Delegated Regulation 2024/[XXX] [adopted pursuant to Article 42(4), third subparagraph, of Regulation (EU) 2023/1114]; (ix) where relevant, the competent authority’s assessment of any proposed acquisitions or disposals of a qualified holding in an asset-referenced token issuer, as referred to in Article 41(4) of Regulation (EU) 2023/1114; (x) information about the organisational structure, operational conditions and compliance with the requirements set out in Title III of Regulation (EU) 2023/1114 of the issuer of the asset-referenced token, including but not limited to: (1) the governance arrangements and internal control mechanisms referred to in Article 34 of Regulation (EU) 2023/1114; (2) the compliance of the issuer of asset-referenced tokens with own fund requirements, including on the outcome of stress testing programmes, in accordance with Article 35(1), (2) and (5) of Regulation (EU) 2023/1114; (3) where applicable, the compliance of the issuer of asset-referenced token with additional own funds requirements in accordance with Article 35(3) of Regulation (EU) 2023/1114; (4) the compliance of the issuer of asset-referenced tokens with the requirements on the reserve of assets as laid down in Article 36 of Regulation (EU) 2023/1114; (5) independent audit of the reserve of assets of an issuer of asset-referenced tokens, including a summary of results, pursuant to Article 36(9) of Regulation (EU) 2023/1114; (6) all versions of the recovery plan of the issuer of asset-referenced tokens produced pursuant to article 46(2) of Regulation (EU) 2023/1114, and information relating to any arrangements of the recovery plan implemented or updates made to it pursuant to article 46(3) of Regulation (EU) 2023/1114; (7) all versions of the redemption plan of an issuer of asset-reference tokens produced pursuant to article 47(1) of Regulation (EU) 2023/1114, and information relating to any amendments made to it pursuant to article 47(3) of Regulation (EU) 2023/1114;

19 (b) information about the authorisation as an issuer of asset-referenced tokens, including where the authorisation was refused or the application for authorisation was retracted, and information about the withdrawal of authorisation pursuant to Article 24 of Regulation (EU) 2023/1114; (c) where relevant, the plan of the issuer of asset-referenced tokens to discontinue the provision of services and activities as approved pursuant to Article 34(7) of Regulation (EU) 2023/1114; (d) information on the loss by the third-party entity referred to in Article 34(5), point (h) of Regulation (EU) 2023/1114 of its authorisation as a credit institution, as a crypto-asset service provider, as a payment institution, or as an electronic money institution; (e) information on any temporary suspensions by a competent authority of the redemption of asset-referenced tokens and an identification of the circumstances that might affect the interests of the holders of asset-referenced tokens and financial stability pursuant to Article 46(4) of Regulation (EU) 2023/1114; (f) information on any infringements of the national provisions transposing Directive (EU) 2015/849 of the European Parliament and of the Council 12 by the members of the management body of the issuer of asset-referenced tokens or by shareholders or members, whether direct or indirect, that have qualifying holdings in the issuer of asset-referenced tokens; (g) information on any penalty, including criminal penalties, administrative measures or enforcement actions, imposed on an issuer of an asset-referenced tokens; (h) any other information necessary for cooperating in investigation, supervision and enforcement activities concerning asset-referenced tokens and the persons referred to in the introductory sentence of this Article, pursuant to Article 95(1) of Regulation (EU) 2023/1114. Article 3 Information to be exchanged in relation to e-money tokens Competent authorities shall exchange the following information about an e-money token and its issuer: (a) information and documents received in the context of the notification by an issuer of e-money tokens pursuant to Article 48 of Regulation (EU) 2023/1114 and where relevant supplemented thereafter in the framework of supervision, including: (i) the name of the issuer, its ISO 17442 legal entity identifier (LEI) code or another identifier as required pursuant to applicable national law, its registered address and/or head office, its contact details, as referred to in Annex III, points 1 to 6, of Regulation (EU) 2023/1114; 12 Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (OJ L 141, 5.6.2015, p. 73).

20 (ii) all versions of the crypto-asset white paper referred to in Article 48(7) of Regulation (EU) 2023/1114; (iii) all versions of the marketing communications referred to in Article 53 of Regulation (EU) 2023/1114; (iv) information about the organisational structure, operational conditions and compliance with the requirements set out in Title IV of Regulation (EU) 2023/1114 of the issuer of the e-money token and information provided as part of the authorisation process as credit institution pursuant to Directive 2013/36/EU of the European Parliament and of the Council13 or as electronic money institution pursuant to Directive 2009/110/EC of the European Parliament and of the Council 14 and as updated in the framework of supervision, including but not limited to: (1) its compliance with the requirements on the investment of funds set out in Article 54 of Regulation (EU) 2023/1114; (2) the recovery and redemption plans produced pursuant to Article 55 of Regulation (EU) 2023/1114 and information relating to any updates made to them; (3) where, in accordance with Article 58(2) of Regulation (EU) 2023/1114, a competent authority has required an electronic money institution issuing non-significant e￾money tokens to comply with any requirements referred to in Article 58(1) of that Regulation, information on the compliance with such requirements; (b) where applicable, any arrangements or measures of the recovery plan effectively implemented, pursuant to Article 55 of Regulation (EU) 2023/1114; (c) information on any temporary suspensions by a competent authority of the redemption of e-money tokens and an identification of the circumstances that might affect the interests of the holders of asset-referenced tokens and financial stability, pursuant to Article 55 of Regulation (EU) 2023/1114; (d) information on any penalty, including criminal penalties, administrative measures or enforcement actions, imposed on an issuer of e-money tokens; (e) any other information necessary for cooperating in investigation, supervision and enforcement activities concerning e-money tokens, their issuers pursuant to Article 95(1) of Regulation (EU) 2023/1114. Article 4 Information to be exchanged in relation to crypto-asset service providers 13 Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC (OJ L 176, 27.6.2013, p. 338). 14 Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7).

21 Competent authorities shall exchange the following information concerning crypto-asset service providers: (a) information and documents received in the context of the application for authorisation as a crypto-asset service provider pursuant to Commission Delegated Regulation (EU) 2024/[XXX] [adopted pursuant to Article 62(5), third subparagraph, of Regulation (EU) 2023/1114], and where relevant supplemented thereafter in the framework of supervision, including: (i) the name of the crypto-asset service provider, its ISO 17442 legal entity identifier (LEI) code, its website’s URL, its contact email address, telephone number and physical address, and excerpts from nationally held registers; (ii) where applicable, the crypto-asset provider’s articles of association, as referred to in Article 62(2)(c) of Regulation (EU) 2023/1114; (iii) information about the natural persons that are members of the management body of the crypto-asset service provider which was provided as part of the authorisation process and updated thereafter as needed, including: (1) the name and personal identification number, where the latter is available in the relevant Member State; (2) information on the functions which such persons hold within the crypto-asset service provider; (3) where relevant, information on, and the competent authority’s assessment of, any changes to the management body of the crypto-asset service provider; (iv) information necessary to assess the good repute and suitability of the natural persons responsible for the management of the crypto-asset service provider, including where available: (1) information about their work experience, skills and time committed to their duties within the management body of the crypto-asset service provider; (2) the information about their reputation set out in Article [7(f)] of Commission Delegated Regulation (EU) 2024/XXX [adopted pursuant to Article 62(5), third subparagraph, of Regulation (EU) 2023/1114]; (v) information about shareholders who hold 10% or more of the share capital or voting rights of the crypto-asset service provider, including their identity, the amount of their holdings, and the information about their reputation listed in Article [2(a)] of Commission Delegated Regulation (EU) 2024/[XXX] [adopted pursuant to Article 84(4) of Regulation (EU) 2023/1114], and where relevant, the competent authority’s assessment of any proposed acquisitions or disposals of a qualified holding in a crypto-asset service provider, as referred to in Article 83 of Regulation (EU) 2023/1114; (vi) information about the organisational structure, operational conditions and compliance with the requirements set out in Title V of Regulation (EU) 2023/1114 of the crypto￾asset service provider, including but not limited to:

22 (1) the programme of operations setting out the types of crypto-asset services provided, including where and how these services are provided, pursuant to article 62(2), point (d), of Regulation (EU) 2023/1114; (2) information about the governance arrangements and internal control mechanisms; (3) information concerning compliance with Articles 67, 68 and 70 of Regulation (EU) 2023/1114, including risk-management and accounting procedures; (4) where available, the number of clients established or situated in a given Member State to which the crypto-asset service provider is providing services, the value of the crypto-assets managed or held for those clients, and the volumes of transactions executed for those clients; (b) information relating to the records kept by crypto-asset service providers in accordance with Articles 68(9) and 76(15) of Regulation (EU) 2023/1114; (c) information about the authorisation as a crypto-asset service provider, including where the authorisation was refused or the application for authorisation was retracted, and information on the withdrawal of authorisation pursuant to Article 64 of Regulation (EU) 2023/1114; (d) information about any situations in which a crypto-asset service provider is suspected of not complying with the requirements set out in Title V of Regulation (EU) 2023/1114, together with an explanation of the measures taken or planned; (e) information on any penalty, including criminal penalties, administrative measures or enforcement actions imposed on a crypto-asset service provider; (f) any other information necessary for cooperating in investigation, supervision and enforcement activities concerning crypto-asset service providers, pursuant to Article 95(1) of Regulation (EU) 2023/1114. Article 5 Information to be exchanged in relation to the prevention and prohibition of market abuse involving crypto-assets Competent authorities shall exchange information concerning suspicions of insider dealing as referred to in Article 89 of Regulation (EU) 2023/1114, of unlawful disclosure of inside information as referred to in Article 90 of Regulation (EU) 2023/1114, or of market manipulation as referred to in Article 91 of Regulation (EU) 2023/1114, including all of the following: (a) records of crypto-asset services, activities, orders and transactions undertaken by crypto￾asset service providers kept pursuant to article 68(9) of Regulation (EU) 2023/1114; (b) data relating to all orders in crypto-assets advertised through the systems of a crypto-asset service provider operating a trading platform kept pursuant to article 76(15) of Regulation (EU) 2023/1114; (c) reports of suspicious orders or transactions (STORs) as referred to in Article 92(1) of Regulation (EU) 2023/1114;

23 (d) any indications or evidence gathered supporting the suspicions referred to in this Article; (e) any other information necessary for cooperating in investigation, supervision and enforcement activities relating to Title VI of Regulation (EU) 2023/1114. Article 6 Information to be exchanged in relation to precautionary measures Competent authorities shall exchange information in relation to precautionary measures as referred to in Article 102 of Regulation (EU) 2023/1114, including: (a) information on any suspicions of irregularities in the activities of an offeror or person seeking admission to trading of crypto-assets other than asset-referenced tokens or e-money tokens, an issuer of an asset referenced token or e-money token, or a crypto-asset service provider; (b) information on any precautionary measures planned or taken in accordance with Article 102(2) of Regulation (EU) 2023/1114; (c) any other information necessary for cooperating in the adoption of precautionary measures referred to in Article 102 of Regulation (EU) 2023/1114. Article 7 Entry into force and application This Regulation shall enter into force on the [twentieth] day following that of its publication in the Official Journal of the European Union. This Regulation shall be binding in its entirety and directly applicable in all Member States. Done at Brussels, [date] For the Commission The President [For the Commission On behalf of the President [Position]

24 6.4 Annex IV: Draft implementing technical standards specifying the relevant standard forms, templates and procedures to the exchange of information between competent authorities, pursuant to Article 95(11) of MiCA

COMMISSION IMPLEMENTING REGULATION (EU) 2024/XXX of XXXX laying down implementing technical standards for the application of Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to standard forms, templates and procedures for the cooperation and exchange of information between competent authorities (Text with EEA relevance) THE EUROPEAN COMMISSION, Having regard to the Treaty on the Functioning of the European Union, Having regard to Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/193715, and in particular Article 95(11), third subparagraph, thereof, Whereas: (1) Markets in crypto-assets are inherently cross-border. It is therefore necessary for competent authorities to be able to exchange information to effectively supervise issuers, offerors and crypto-asset service providers operating across the Union. Competent authorities under Regulation (EU) No 2023/1114 should have access to the information necessary to allow them to discharge their supervisory, investigative and enforcement duties and functions effectively. (2) To ensure that authorities designated as competent authorities under Regulation (EU) No 2023/1114 are able to cooperate and exchange information in an efficient and timely manner and provide each other mutual assistance for the purposes of that Regulation, it is appropriate to set out common procedures, forms and templates to be used by competent authorities for cooperation and exchange of information, including for the submission of requests for assistance, acknowledgments of receipts and replies to such requests. (3) The exchange of written information should assist a competent authority in fulfilling its duties. Where oral communications may be appropriate, including before a written request is sent, they may be used to provide information about an upcoming request for assistance and to discuss any issues that may impede the assistance being provided. In urgent cases, a request for assistance by oral communication should also be permitted where the urgency is not due to delay by the requesting party. 15 OJ L 150, 9.6.2023, p. 40.

25 (4) Urgent requests for cooperation or exchange of information may be sent where a response is needed promptly to permit the requesting authority to take action to stop or prevent significant harm or potential significant harm to investors or the stability of or trust in the financial system. This would include cases where, for instance, the competent authority of a host Member State recently obtained evidence showing that a crypto-asset service provider authorised in another Member State is marketing crypto-assets which are not compatible with the protection of clients or retail holders in accordance with Article 102 of Regulation (EU) 2023/1114. Urgent requests should also cover cases where a competent authority of a host Member State has received relevant complaints relating to a crypto￾asset service provider authorised in another Member State or where a competent authority has reasons to believe that a crypto-asset service provider operating in its jurisdiction is at risk of insolvency, which may affect clients in its jurisdiction or the stability of financial markets. (5) Regulation (EU) No 2023/1114 establishes that competent authorities should cooperate with each other, exchange information and render each other assistance. However, requests to issue a statement or to carry out an on-site inspection or an investigation should be put forward only where a simple request for information would not be sufficient. Prior to filing a request for assistance to a competent authority of another Member State, the requesting authority is expected to have undertaken all actions within the scope of its powers in its own jurisdiction, with the caveat that it may not be feasible for the requesting authority to have exhausted all the methods of enquiry prior to the request. (6) Unsolicited exchanges of information should be provided in accordance with Regulation (EU) No 2023/1114, including on a voluntary basis when the competent authority of a Member State considers that information in its possession may be of use for another competent authority. (7) A request for assistance pursuant to Regulation (EU) No 2023/1114 should provide sufficient information about the subject matter of the request, including the reason for the request and its context, to enable the requested authority to process the request efficiently and expediently. Indicating the facts giving rise to the suspicion should not be considered as a precondition for a requesting authority to receive assistance where the requested information is necessary for the requesting authority to fulfil its duties. (8) Beyond the use of specific forms for requesting and replying to a request for assistance, the procedures for cooperation should allow and facilitate the communication, consultation and interaction between the requesting authority and the requested authority throughout the process, to ensure an efficient processing of a request for information or assistance. These procedures should also allow competent authorities to provide each other with feedback on the usefulness of the information or assistance received, on the outcome of the case in relation to which the assistance was sought and on any problems encountered in providing such information or assistance. (9) The procedures and forms for the exchange of information and assistance should ensure the confidentiality of the information exchanged or transmitted and compliance with the rules on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

26 (10) This Regulation is based on the draft implementing technical standards developed by the European Securities and Markets Authority (ESMA) in close cooperation with European Banking Authority (EBA) and submitted to the Commission. (11) ESMA did not conduct open public consultations on the draft implementing technical standards on which this Regulation is based nor analysed the potential related costs and benefits of introducing the procedures and forms to be used by the relevant competent authorities, as this would have been disproportionate in relation to the scope and impact of those standards, taking into account that their addressees would only be the competent authorities of the Member States and not market participants. (12) ESMA has requested the opinion of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council16 . HAS ADOPTED THIS REGULATION: Article 1 Definitions For the purposes of this Regulation, ‘electronic means’ are means of electronic equipment for the processing (including digital compression), storage and transmission of data, employing wires, radio, optical technologies, or any other electromagnetic means that ensure that completeness, integrity and confidentiality of the information are maintained during the transmission. Article 2 Contact points

1. Each competent authority shall designate a contact point for the purposes of the communication of requests for cooperation or exchange of information pursuant to Article 95 of Regulation (EU) No 2023/1114.
2. Competent authorities shall communicate the details of their contact points to ESMA by [date

• within 30 working days of this Regulation entering into force]. They shall provide updated information to ESMA as necessary.

3. ESMA shall maintain a list of the contact points designated by competent authorities pursuant to paragraph 1 and update that list as necessary for the use of the competent authorities. Article 3 Request for cooperation or exchange of information 16 OJ L 331, 15.12.2010, p. 84.

27

1. A requesting authority shall make a request for cooperation or exchange of information in writing by post or electronic means. It shall address the request to the contact point designated pursuant to Article 2.
2. When requesting cooperation or exchange of information, a competent authority shall use the form set out in Annex I and shall: (a) specify the details of the relevant information that the requesting authority is seeking from the requested authority; (b) identify, where appropriate, issues relating to the confidentiality of the information that may be obtained.
3. The requesting authority may attach to the request any document or supporting material deemed necessary to support the request. Article 4 Acknowledgment of receipt
4. Within 5 working days of receipt of a request for cooperation or exchange of information, the requested authority shall send an acknowledgement of receipt by post or electronic means to the contact point designated pursuant to Article 2, unless otherwise specified in the request. This acknowledgement of receipt shall be made by using the form set out in Annex II and shall include, where possible, the indication of an estimated date or timeframe by when a response is expected to be provided.
5. Where it is not possible to give an estimated date or timeframe for the response, the requested authority shall mention the cadence of the updates to be given to the requesting authority. Article 5 Reply to a request for cooperation or exchange of information
6. The requested authority shall reply to a request for cooperation or exchange of information in writing by post or electronic means. The reply shall be addressed to the contact point designated pursuant to Article 2, unless otherwise specified in the request. Where the requested authority has any doubt in relation to the request for cooperation or exchange of information, it shall request further clarifications in any form and as soon as possible.
7. The requested authority shall reply to the request for cooperation or exchange of information using the form set out in Annex III and shall: (a) take all reasonable steps within the scope of its powers to provide the requested information or assistance; (b) act without undue delay taking into account the complexity of the request and the necessity to involve third parties or another competent authority.
8. Where the requested authority refuses to act, in full or in part, upon a request for cooperation or exchange of information, it shall inform the requesting authority as soon as possible of its decision, in writing by post or electronic means, indicating which of the exceptions under Article 95(2) of Regulation (EU) 2023/1114 it has relied upon for its refusal.

28 Article 6 Urgent requests for cooperation or exchange of information

1. By way of derogation to Articles 4 and 5, the procedure in this Article shall apply to urgent requests for cooperation or exchange of information.
2. The requesting authority shall set forth, in a clear and demonstrable manner, the reasons for the urgency of the request using the form set out in Annex I.
3. By way of derogation from paragraph 2, if the competent authority sending the information believes that the information should be sent urgently, it may initially communicate the information orally, provided that it is subsequently transmitted within a reasonable timeframe using the form set out in Annex I, unless the competent authority receiving the information agrees otherwise.
4. Within 3 working days of receipt of an urgent request for cooperation or exchange of information, the requested authority shall send an acknowledgement of receipt in writing by post or electronic means to the contact point designated pursuant to Article 2, unless otherwise specified in the request, using the form set out in Annex II.
5. If the requested authority disagrees with the urgency of the request, together with the acknowledgement of receipt, it shall inform the requesting authority of its determinations, setting forth its reasons in a clear and demonstrable manner, using the form set out in Annex II. In such case, the request will not be treated as an urgent request for cooperation or exchange of information.
6. Where the requested authority refuses to act, in full or in part, upon an urgent request for cooperation or exchange of information, it shall inform the requesting authority as soon as possible of its decision, in writing by post or electronic means, indicating which of the exceptions under Article 95(2) of Regulation (EU) 2023/1114 it has relied upon for its refusal.
7. The requested authority shall provide the response as soon as possible in writing by post or electronic means, using the form set out in Annex III, no later than 10 working days from the receipt of the request, unless the requesting authority agrees otherwise.
8. Responses to urgent requests shall be precise and comprehensive. However, where the requested authority is unable to provide the requesting authority with a precise and comprehensive reply within 10 working days, a partial reply shall be submitted within that deadline. In that case, the requested authority shall deliver a precise and comprehensive reply within 20 working days from the date of the receipt of the original request. Where the requested authority is unable to gather all necessary information within the deadline, the requested authority shall provide to the requesting authority an explanation of such constraints in the response.

29 Article 7 Procedures for sending and processing a request for cooperation or exchange of information

1. The requesting authority and the requested authority shall communicate using the most expedient means, taking due account of confidentiality considerations, correspondence times, the volume of material to be communicated and the ease of access to the information by the requesting authority. The requesting authority shall respond promptly to any request for clarifications from the requested authority.
2. Where a response cannot be provided by the estimated date or timeframe referred to in Article 4(1), the requested authority shall give a new estimated date or timeframe to the requesting authority explaining the reasons for the delay, using the same means used to acknowledge receipt.
3. The requested authority and the requesting authority shall cooperate in order to resolve any difficulties that may arise in executing a request. Article 8 Procedure for requests for taking a statement from a person
4. Where the requesting authority includes within its request the taking of a statement of any person, the requested authority and the requesting authority shall, subject to existing legal limitations or constraints and any differences in procedural requirements, assess and take into account the following: (a) the rights of the persons from whom the statements will be taken including, where applicable, any self-incrimination issues; (b) the role and the nature of participation (observer or active participation) of the staff of the requested authority and requesting authority in the taking of the statement; (c) whether the person from whom the statement is to be taken has the right to be assisted by a legal representative and, if so, the scope of the legal representative's assistance during the taking of the statement including in relation to any records or report of the statement; (d) whether the statement is to be taken on a voluntary or compelled basis, where that distinction exists; (e) whether, based on the information available at the time of the request, the person from whom the statement is to be taken is a witness or a suspect, where that distinction exists; (f) whether, based on the information available at the time of the request, the statement could be or is intended to be used in criminal proceedings; (g) the admissibility of the statement in the requesting authority's jurisdiction; (h) the recording of the statement and the applicable procedures, including whether it will be contemporaneous or summarised in written minutes or audio or audiovisual recording;

30 (i) procedures on the certification or confirmation of the statement by the persons providing the statement, including whether that takes place after the statement is taken; and (j) the procedure for transmitting the statement by the requested authority to the requesting authority, including the format and timing. 2. The requested authority and the requesting authority shall ensure that arrangements are in place for their staff to proceed efficiently, including arrangements to enable their staff to agree on any additional information that may be necessary, including the following: (a) planning of dates; (b) the list of questions to be asked to the person from whom the statement is to be taken; (c) travelling arrangements, including ensuring that the requested authority and the requesting authority are able to meet to discuss the matter prior to the taking of the statement; (d) language arrangements. Article 9 Procedure for requests for an investigation or on-site inspection

1. When a request to carry out an investigation or an on-site inspection is made pursuant to Article 95(4) of Regulation (EU) 2023/1114, the requesting authority and the requested authority shall consult each other on the best way to give useful effect to the request, taking into account Article 95(4), second subparagraph, points (a) to (d), of Regulation (EU) 2023/1114, including on the merits of conducting a joint investigation or a joint on-site inspection.
2. The requested authority shall keep the requesting authority informed of the progress of the investigation or on-site inspection and will transmit its findings promptly to the requesting authority.
3. In deciding on whether to initiate a joint investigation or a joint on-site inspection, the requesting authority and the requested authority shall take into account at least the following: (a) the contents of any requests for assistance received from the requesting authority including any suggestion on the appropriateness to carry out an investigation or an on-site inspection jointly; (b) whether they are separately conducting their own inquiries into a matter with cross-border implications and whether that matter would be more suitable for joint collaboration; (c) the legal and regulatory framework in each of their jurisdictions, ensuring that both authorities have a good understanding of the potential constraints and legal limitations on the conduct of any joint investigation or joint on-site inspection and on any proceedings that may follow, including any issues relating to the principle of ne bis in idem; (d) the management and direction needed for the investigation or on-site inspection; (e) the likely prospects that they will agree on steps for a joint fact-finding; (f) the allocation of resources and appointment of staff in charge of carrying out investigations or on-site inspections;

31 (g) the possibility to establish a joint action plan and the timing of work by each authority; (h) the determination of actions to be taken, jointly or individually, by each authority; (i) mutual sharing of information gathered and reporting on the outcomes of the individual actions taken; (j) other case specific issues. 4. Where the requesting authority and the requested authority decide to carry out a joint investigation or a joint on-site inspection, they shall: (a) agree on procedures for its conduct and conclusion; (b) engage in an ongoing dialogue to coordinate the information gathering process and the finding of facts; (c) work closely and cooperate with each other on the conduct of the joint investigation or the joint on-site inspection; (d) provide mutual assistance on subsequent enforcement proceedings to the extent legally permitted, including coordinating any proceedings or other enforcement action related to the outcome (whether administrative, civil or criminal) of the joint investigation or the joint on￾site inspection or, where appropriate, the prospects of a settlement; (e) identify the specific legal provisions which govern the subject matter of the joint investigation or of the joint on-site inspection; (f) where relevant, consider at least the following: (i) the drawing up of a joint action plan specifying, among others, the substance, nature and timing of the actions to be taken, and including milestones and the allocation of responsibilities in delivering the outcome of the work and taking into account each authority's respective priorities; (ii) the identification and assessment of any legal limitations or constraints and any differences in procedures with respect to investigative or enforcement action or any other proceedings, including the rights of any person subject to investigation; (iii) the identification and assessment of specific legal professional privileges that may have an impact on the investigation proceedings as well as the enforcement proceedings, including self-incrimination; (iv) the public and press strategy; (v) the intended use of information exchanged. Article 10 Unsolicited exchange of information

1. Where a competent authority has information that it is required by Regulation (EU) No 2023/1114 to provide to another competent authority, or where it has information that it believes would assist another competent authority for the purposes of carrying out its duties under Regulation (EU) 2023/1114, it shall, without prejudice to Article [XX] of Commission Delegated Regulation (EU) 2024/[XXX] [to be adopted pursuant to Article 92(2) of Regulation

32 (EU) 2023/1114], transmit that information to the other competent authority without undue delay, in writing by post or electronic means to the contact point of the other competent authority pursuant to Article 2. 2. The competent authority providing the information shall do so using the form set out in Annex IV, alongside any documents to be provided, and specifying the legal basis for the provision of the information. Article 11 Restrictions and permissible uses of information

1. The requesting authority and the requested authority shall include an appropriate confidentiality warning in any request for assistance, reply to a request for assistance or transmission of unsolicited information in accordance with the forms set out in the Annexes.
2. Where, in order to execute the request, the requested authority is required to disclose the fact that the requesting authority has made a request, the requested authority shall disclose it after having discussed the nature and extent of the disclosure required with the requesting authority and after having obtained its consent to such disclosure. Where the requesting authority does not provide its consent to the disclosure, the requested authority shall not act upon the request, and the requesting authority may withdraw or suspend its request until it is able to provide such consent to disclosure.
3. Information received in accordance with Article 10 shall solely be used for the purposes of securing compliance with or enforcement of the provisions of Regulation (EU) No 2023/1114, including, but not limited to, initiating, conducting or assisting in criminal, administrative, civil or disciplinary proceedings resulting from a breach of the provisions of that Regulation. Article 12 Entry into force and application This Regulation shall enter into force on the [twentieth] day following that of its publication in the Official Journal of the European Union. This Regulation shall be binding in its entirety and directly applicable in all Member States. Done at Brussels, For the Commission The President [For the Commission On behalf of the President [Position]

33 ANNEX I Request for cooperation or exchange of information Request for cooperation or exchange of information Reference number: Date: General Information FROM: Member State: Requesting Authority: Address: (Contact details of the contact point) Name: Telephone: Email: TO: Member State: Requested Authority: Address: (Contact details of the contact point) Name: Telephone: Email:

34 5 Please insert relevant Article of Regulation (EU) 2023/1114 (MiCA). Dear [insert appropriate name] In accordance with Article 3 of Commission Implementing Regulation (EU) 2024/[XXX] your input is sought in relation to the matter(s) set out in further detail below. I would be grateful to receive a response to the above request within [provide timeframe based on the type of request] from the receipt of this request. Type of Request Please tick the appropriate box(es) Supervisory activities (provision of information, taking of a statement) Investigation On-site inspection Urgency of Request Please tick the appropriate box Non-urgent request Urgent request Other □ □ U r g e nt r e q u e st

35 The [requesting authority] requests the [requested authority] to consider this request as urgent for the following reasons: ………………………………………………………………………………………………………… ………………………………………………………………………………………………………… …………………………………………… [please provide, in a clear and demonstrable manner, the reasons underlying the urgency of the request, including if the request was initially made verbally] Reasons for the Request ………………………………………………………………………………………………………… ………………………………………………………………………………………………………… …………………………………………… [insert provision(s) of the sectoral legislation i) under which the requesting authority is competent to deal with the matter and ii) those which may potentially be infringed.] The request concerns cooperation or exchange of information on ………………………………………………………………………………………………………… ………………………………………………………………………………………………………… ………………………………………………………………………………………………………… [insert the description of the subject matter of the request, the purpose for which the cooperation or exchange of information is sought, facts underlying the investigation which form the basis of the request and explanation for its helpfulness for fulfilling its duties] Further to ………………………………………………………………………………………………………… ………………………………………………………………………………………………………… …………………………………………………………………………………………… [if applicable, insert details of the previous request in order to enable it to be identified]

36 Supervisory Activities (provision of information, taking of a statement) Provision of information Please provide a detailed description of the specific information sought with reasons why that information will be of assistance and, if known, a list of the persons considered possessing the information sought or the places where such information may be obtained. ………………………………………………………………………………………………… ………………………………………………………………………………………………… ………………………………………………………………………………………………… If the request concerns information relating to a transaction or order in a specific crypto-asset, please provide the following information. Product ID: ………………………………………………………………………………………………… [insert precise description of the crypto-asset, including the DTI code as under Commission Implementing Regulation (EU) 2024/[XXX] [RTS on record-keeping] Person ID: ………………………………………………………………………………………………… [insert the identity of any person connected with the transaction or order, including a person dealing in the crypto-asset or on whose behalf the dealing is considered to have taken place. Where available, include any applicable identification code, such as an LEI code or client Id as under Regulation (EU) No 600/2014 of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Regulation (EU) No 648/2012] Dates: ………………………………………………………………………………………………… [insert the dates between which transactions or orders in those crypto-assets took place including in the case of a significant period of time, reasons why the entirety of the time period is beneficial]

37 If the request concerns information relating to the business or activities of a person, please provide information as precise as possible to enable that person to be identified. ………………………………………………………………………………………………… ………………………………………………………………………………………………… ………………………………………………………………………………………………… If there are special considerations on the sensitivity of the information sought, please provide an indication of the sensitivity of the information contained in the request and any special precautions that have to be taken in collecting the information due to investigatory considerations. Please also specify whether the requested authority may reveal the identity of the requesting authority. ………………………………………………………………………………………………… ………………………………………………………………………………………………… ………………………………………………………………………………………………… ………………………………………………………………………………………………… Please provide any additional information. ………………………………………………………………………………………………… ………………………………………………………………………………………………… ………………………………………………………………………………………………… [Whether the requesting authority has been or will be in contact with any other authority or law enforcement agency in our Member State in relation to the subject matter of the request or any other authority which the requesting authority is aware that has an active interest in the subject matter of the request]

38 Taking of a statement Please indicate: a) Statement under: i. oath □ ii. affirmation □ iii. in writing □ b) Basis of the statement: i. voluntary □ ii. compelled □ c) Need and purpose of the taking of a statement and, where applicable, for requiring a statement under oath or affirmation: ………………………………………………………………………………………………… ………………………………………………………………………………………………… ………………………………………………………………………………………………… ………………………………………………………………………………………………… d) Name of person(s) from whom the statement is to be obtained: ………………………………………………………………………………………………… ………………………………………………………………………………………………… ………………………………………………………………………………………………… [insert details of the persons from which the statement will be taken to enable the requested authority to begin summoning process where applicable] e) Detailed description of the information sought, including a preliminary list of questions (if available at the time of the request). ………………………………………………………………………………………………… ………………………………………………………………………………………………… …………………………………………………………………………………………………

39 f) Any additional information which may be useful: ………………………………………………………………………………………………… ………………………………………………………………………………………………… ………………………………………………………………………………………………… [Whether the requesting authority’s staff is requesting participation in the taking of the statement, details of the participating officials of the requesting authority, where appropriate, description of any legal and procedural requirements that must be complied with to ensure the admissibility of statements made in the interview in the jurisdiction of the requesting authority]

40 The opening of an investigation If the request concerns the opening of an investigation on behalf of the requesting authority, please provide information to enable the requested authority to assess whether it may have an interest in entering into a joint investigation, including the requesting authority’s proposal for the investigation, its reasoning and the perceived benefits to the requested authority. ………………………………………………………………………………………………………… ………………………………………………………………………………………………………… ………………………………………………………………………………………………………… [including all relevant information required by the requested authority to enable the latter to provide the necessary assistance by opening an investigation or a joint investigation, as appropriate] The opening of an on-site inspection If the request concerns the opening of an on-site inspection on behalf of the requesting authority, please provide information to enable the requested authority to assess whether it may have an interest in entering into a joint on-site inspection, including the requesting authority’s proposal for the inspection, its reasoning and the perceived benefits to the requested authority. ………………………………………………………………………………………………………… ………………………………………………………………………………………………………… ………………………………………………………………………………………………………… [including all relevant information required by the requested authority to enable the latter to provide the necessary assistance by opening an investigation or a joint investigation, as appropriate] Other ………………………………………………………………………………………………………… ………………………………………………………………………………………………………… …………………………………………………………………………………………………………

41 The information included in this request shall be kept confidential in accordance with Article 11 of Commission Implementing Regulation (EU) XXXX/XXX and Article 100 of Regulation (EU) 2023/1114. The requirements of Article 101 of Regulation (EU) 2023/1114 shall be observed with respect to any personal data included in this request. In particular, the relevant competent authorities shall ensure that all relevant information on the processing of personal data is provided to data subjects in accordance with Section 2 ‘Information and access to personal data’ of CHAPTER III ‘Rights of the data subject’ of Regulation (EU) 2016/679. Yours sincerely, [signature]

42 ANNEX II Form for the acknowledgement of receipt Acknowledgement of receipt Reference number: Date: FROM: Member State: Requested Authority: Address: (Contact details of the contact point) Name: Telephone: Email: TO: Member State: Requesting Authority: Address:

43 (Contact details of the contact point) Name: Telephone: Email: Dear [insert appropriate name] Following your request [insert reference to request] we hereby acknowledge receipt of your request for cooperation or request for information on [insert date]. □ The [requested authority] will not be capable of responding within the deadline indicated in the request for the following reasons [please specify which exception(s) is/are applicable in your situation]: ………………………………………………………………………………………………………… ………………………………………………………………………………………………………… ………………………………………………………………………………………………………… [In case the requested authority is not capable of responding within the deadline indicated in the request, please provide reasons and the estimated date of response] □ The [requested authority] considers that the request received by the [requesting authority] on [insert date] is not urgent for the following reasons: ………………………………………………………………………………………………………… ………………………………………………………………………………………………………… ………………………………………………………………………………………………………… ………………………………………………………………………………………………

44 ………………………………………………………………………………………………………… …………………………………………………………………………………………….. [In case the requested authority disagrees with the urgency of the request, please provide reasons within the deadline set forth in Article 6(3)] Any personal data provided shall be processed by the relevant competent authorities in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council. In particular, the relevant competent authorities shall ensure that all relevant information on the processing of personal data is provided to data subjects in accordance with Section 2 ‘Information and access to personal data’ of Chapter III ‘Rights of the data subject’ of that Regulation. Yours sincerely, [signature]

45 ANNEX III Form for the reply to a request for cooperation or exchange of information Reply to request for cooperation or exchange for Information Reference number: Date: FROM: Member State: Requested Authority: Address: (Contact details of the contact point) Name: Telephone: Email: TO: Member State: Requesting Authority: Address: (Contact details of the contact point) Name: Telephone: Email:

46 Dear [insert appropriate name] In accordance with Article 5[6] of Commission Implementing Regulation (EU) 2024/[XXX], your request dated [dd.mm.yyyy] with reference number [insert reference number] has been processed by us. Information gathered ………………………………………………………………………………………………………… ………………………………………………………………………………………………………… ………………………………………………………………………………………………………… [If the information has been gathered, please set out the information here or provide an explanation of how it will be provided] The information provided is confidential and is disclosed to [Insert name of the requesting authority] pursuant to the [Insert provision of the applicable sectoral legislation] and on the basis that the information shall remain confidential the accordance with Article 11 of Commission Implementing Regulation (EU) 20XX/XXX and Article 100 of Regulation (EU) 2023/1114. The [Insert name of the requesting authority] shall observe the requirements of Article 11 of Commission Implementing Regulation (EU) 20XX/XXX with respect to the permissible uses of that information, and of Article 101 of Regulation (EU) 2023/1114 with respect to personal data processing and transfer. In particular, the relevant competent authorities shall ensure that all relevant information on the processing of personal data is provided to data subjects in accordance with Section 2 ‘Information and access to personal data’ of Chapter III ‘Rights of the data subject’ of Regulation (EU) 2016/679. Where the [Insert name of the requesting authority] intends to use or disclose information provided in this reply for a purpose different than the one stated in the request but falling under the scope of Regulation (EU) 2023/1114, [Insert name of the requesting authority] shall notify [Insert name of the requested authority] which has 10 working days to object to such use or disclosure, or where necessary to indicate a precise time limit by which they will be able to provide such feedback. Where the [Insert name of the requesting authority] intends to use or disclose information provided in this reply for any purpose outside the scope of Regulation (EU) 2023/1114it shall notify [Insert name of the requested authority] and, unless the exception referred to in Article 100(2) of Regulation (EU) 2023/1114 applies, shall obtain the prior consent of [Insert name of the requested authority]. Where [Insert name of the requested authority] consents to such use or disclosure of the information, it may subject it to certain conditions. Yours sincerely, [signature]

47 ANNEX IV Form for the provision of unsolicited exchange of information Unsolicited exchange of information Reference number: Date: FROM: Member State: Requested Authority: Address: (Contact details of the contact point) Name: Telephone: TO: Member State: Requesting Authority: Address: (Contact details of the contact point) Name: Telephone: Email:

48 Dear [insert appropriate name] In accordance with Article 10 of Implementing Regulation (EU) XXXX/XXX, we are providing the following information we believe may be of assistance in carrying out your duties. Information provided ………………………………………………………………………………………………………… ………………………………………………………………………………………………………… ………………………………………………………………………………………………………… [Please set out the details of the information here, including if relevant a description of any supporting documents or material attached] The information provided is confidential and is disclosed to [Insert name of the competent authority receiving the information] pursuant to Article 95 of Regulation (EU) No 2023/1114 and on the basis that the information shall remain confidential in accordance with Article 11 of Commission Implementing Regulation (EU) XXXX/XXX and Articles 100 of Regulation (EU) 2023/1114. The [Insert name of the competent authority receiving the information] shall observe the requirements of the Article 11 of Commission Implementing Regulation (EU) XXXX/XXXX with respect to the permissible uses of that information, and of Article 101 of Regulation (EU) 2023/1114 with respect to personal data processing and transfer. In particular, the relevant competent authorities shall ensure that all relevant information on the processing of personal data is provided to data subjects in accordance with Section 2 ‘Information and access to personal data’ of Chapter III ‘Rights of the data subject’ of Regulation (EU) 2016/679. Where the [Insert name of the requesting authority] intends to use or disclose information provided in this reply for purposes different than those stated in Article 11(3) of Commission Implementing Regulation (EU) 20XX/XXX, it shall notify [Insert name of the requested authority] and, unless the exception referred to in Article 100(2) of Regulation (EU) 2023/1114 applies, shall obtain the prior consent of [Insert name of the requested authority]. Where [Insert name of the requested authority] consents to such use or disclosure of the information, it may subject it to certain conditions. Yours sincerely, [signature]

49 6.5 Annex V: Draft implementing technical standards on forms for information exchange between competent authorities and ESMA/EBA, pursuant to Article 96(3) of MiCA COMMISSION IMPLEMENTING REGULATION (EU) 2024/XXXX of XXXX 2024 laying down implementing technical standards for the application of Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to standard forms, templates and procedures for the cooperation and exchange of information between competent authorities and EBA and ESMA (Text with EEA relevance) THE EUROPEAN COMMISSION, Having regard to the Treaty on the Functioning of the European Union, Having regard to Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets and amending Regulation (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/193717, and in particular Article 96(3), third subparagraph, thereof, Whereas: (1) Article 96(1) of Regulation (EU) 2023/1114 requires competent authorities to cooperate closely with the European Securities and Markets Authority (ESMA), established by Regulation (EU) No 1095/2010 of the European Parliament and of the Council18, and with the European Banking Authority (EBA), established by Regulation (EU) 1093/2010 of the European Parliament and of the Council 19 . (2) Article 96(2) of Regulation (EU) 2023/1114 requires competent authorities to provide ESMA and EBA with all necessary information to carry out their duties, in accordance with Article 35 of Regulation (EU) 1095/2010 of the European Parliament and of the Council and with Article 35 of Regulation (EU) 1093/2010 respectively. (3) Information should normally be exchanged in writing. However, oral communications should be possible in appropriate cases, including in particular before a written request for cooperation or exchange of information is sent, to provide information about that upcoming 17 OJ L 150, 9.6.2023, p. 40. 18 Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84). 19 Regulation (EU) No 1093/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Banking Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/78/EC (OJ L 331, 15.12.2010, p. 12).

50 request for cooperation or to discuss any issues that might make it difficult to carry out that request. In urgent cases, it should also be possible for a request for cooperation to be communicated orally, provided such urgency is not simply due to a delay on the part of the requesting party. (4) A request should contain sufficient information about the subject matter of the cooperation, including the reasons for the request and its context, to enable the receiving body to process the request easily and efficiently. Indicating the facts giving rise to suspicion should not be considered as a precondition for a submitting body to receive assistance where that requested information is necessary for that body to fulfil its duties. (5) The forms, templates and procedure for the exchange of information and the provision of cooperation should ensure that any information exchanged or transmitted is kept confidential, and that rules with regard to the processing of personal data and the free movement of personal data are complied with. (6) This Regulation is based on the draft implementing technical standards developed by ESMA in close cooperation with EBA and submitted to the Commission. (7) ESMA did not conduct open public consultations on the draft implementing technical standards on which this Regulation is based, nor did it analyse the potential related costs and benefits of introducing the procedures and forms to be used by the authorities and entities to which this Regulation applies as this would have been disproportionate in relation to the scope and impact of those draft implementing technical standards, taking into account that this Regulation would only affect those authorities and entities and would not affect market participants. (8) ESMA has requested the advice of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010, HAS ADOPTED THIS REGULATION: Article 1 Definitions For the purposes of this Regulation: (a) ‘electronic means’ are means of electronic equipment for the processing (including digital compression), storage and transmission of data, employing wires, radio, optical technologies, or any other electromagnetic means; (b) ‘submitting body’ means the body submitting a notification, a request for information or cooperation, or providing unsolicited information; (c) ‘receiving body’ means the body receiving a notification, a request for information or cooperation, or unsolicited information.

51 Article 2 Contact points

1. Competent authorities shall designate a contact point for the purposes of cooperating and exchanging information pursuant to Article 96 of Regulation (EU) 2023/1114.
2. Competent authorities shall communicate the details of their contact points to ESMA and EBA within [date - 30 working days from the entry into force of this Regulation] and inform EBA and ESMA of any changes to those details.
3. ESMA and EBA shall maintain a list of the contact points designated by competent authorities pursuant to paragraph 1 and update that list as necessary for the use of the competent authorities. Article 3 Means of communication
4. Except where otherwise stated in this Regulation, any communications to be made for the purposes of cooperation or exchanges of information between competent authorities, ESMA and EBA shall be submitted in writing by post or electronic means.
5. When determining the most appropriate means of communication in any particular case, due account shall be taken of confidentiality considerations, the time necessary for correspondence, the volume of material to be communicated and the ease of access to the information.
6. The used means of communication shall ensure the completeness, integrity and confidentiality of the information during the transmission. Article 4 Notifications and requests for information or cooperation
7. Notifications and requests for information or cooperation shall be submitted in writing by post or electronic means, using the form set out in Annex I. The submitting body shall address the notification or request to the contact point designated pursuant to Article 2.
8. In the case of a request for information or cooperation, the submitting body: (a) may attach to the request any document or supporting material deemed necessary to support that request; (b) may, in urgent cases, make the request orally, but that oral request shall subsequently be confirmed in writing without undue delay. Article 5

52 Acknowledgement of receipt

1. The receiving body shall acknowledge receipt to the submitting body as soon as possible and in any case within 5 working days of receipt. The acknowledgement of receipt shall be made using the form set out in Annex II and, where possible, shall include an indication of the estimated date for response.
2. Whenever it is not possible to give an estimated date for the response, the receiving body may mention the periodicity of the updates to be given to the submitting body. Article 6 Procedures for sending, processing and replying to a request for cooperation or exchange of information
3. The submitting body and the receiving body shall swiftly cooperate and ensure that a request for assistance is dealt with as soon as possible and shall cooperate to resolve any difficulties that may arise in executing a request.
4. Where the submitting body attaches to the request for cooperation or exchange of information any document or supporting material in accordance with Article 4(2)(a) and where such document or supporting material is not in any of the official languages of the Member State of the receiving body, the submitting body shall also provide a translation of such document or supporting material, or a summary of such document or supporting material in a language customary in the sphere of international finance.
5. If the receiving body requests any clarification about a notification or request submitted in accordance with Article 4, it shall seek that clarification from the submitting body without undue delay, either orally or in writing, by electronic means or post.
6. The submitting body shall respond promptly to any request for clarifications from the receiving body.
7. When replying to a request made in accordance with Article 4, the receiving body shall: (a) use the form set out in Annex III; and (b) take all reasonable steps to provide the requested information or assistance without delay and in a manner which ensures that any necessary regulatory action can proceed expediently taking into account the complexity of the request concerned and whether it is necessary to involve third parties.
8. Where appropriate, the receiving body shall provide the submitting body with regular updates on the progress of a pending request, including revised estimates of the targeted date of reply.
9. Where the receiving body becomes aware of circumstances that may lead to its estimated date or a timeframe of reply to be deferred by more than 10 working days, it shall inform the submitting body without undue delay.

53 8. Where the request justifies closer cooperation between the submitting and the receiving body or where the request has been marked as urgent, the bodies shall agree on the frequency and means of the closer cooperation. Article 7 Unsolicited cooperation or exchange of information For the purposes of any cooperation or exchange of information under this Regulation that is not the subject of a specific request, including any subsequent communications relating to it, the form set out in Annex IV shall be used. Article 8 Cooperation procedures

1. Where ESMA or EBA are requested under Article 95(5) of Regulation (EU) 2023/1114 to coordinate an investigation or inspection with cross-border effect, ESMA or EBA may establish a temporary group on an ad hoc basis to include the competent authorities of the Member States affected by that investigation or inspection.
2. For the purposes of ensuring consistent supervisory practices and uniform procedures for the application of relevant rules under Regulations (EU) 2023/1114, ESMA and EBA shall consult each other regularly. Article 9 Referral to ESMA or to EBA A competent authority’s referral to ESMA pursuant to Article 95(6) of Regulation (EU) 2023/1114 or to EBA pursuant to Article 95(7) of the same Regulation of a rejection or absence of action within a reasonable timeframe shall be made in writing using the form set out in Annex I and shall include: (a) a copy of the request for cooperation or exchange of information and any reply received; (b) the reasons for referring to ESMA or to EBA the rejection or absence of action. Article 10 Restrictions and permissible uses of information
3. When using the forms in the Annexes, competent authorities, ESMA and EBA shall include an appropriate confidentiality warning in accordance with the relevant form.
4. The receiving body shall not disclose the existence and content of a request for cooperation or exchange of information falling within the scope of this Regulation unless the submitting body has given its express consent to such disclosure. Where such consent is not given and where it is not reasonably practicable to comply with the request without disclosing its existence or content, the submitting body shall withdraw or suspend its request until the submitting body is

54 able to provide such consent to disclosure. 3. Information received in accordance with Article 7 shall be used by the submitting body solely for the performance of its duties and the exercise of its functions or for the purposes of securing compliance with or enforcement of Regulation (EU) 2023/1114, including but not limited to initiating, conducting, or assisting in, criminal, administrative, civil or disciplinary proceedings resulting from a breach of that Regulation. Article 11 Entry into force This Regulation shall enter into force on the [twentieth] day following that of its publication in the Official Journal of the European Union. This Regulation shall be binding in its entirety and directly applicable in all Member States. Done at Brussels, xxxxx For the Commission The President [For the Commission On behalf of the President [Position]

55 ANNEX I Form for a request for cooperation or exchange for information Request for cooperation or exchange of information Reference number: Date: General Information FROM: Member State: Submitting Body: Address: (Contact details of the contact point) Name: Telephone: Email: TO: Member State: Receiving Body: Address: (Contact details of the contact point) Name: Telephone: Email: Dear [insert appropriate name]

56 In accordance with Article 4 of Regulation (EU) XXX/XXXX [laying down implementing technical standards for the application of Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to standard forms, templates and procedures for the cooperation and exchange of information between competent authorities and EBA and ESMA], your assistance is sought in relation to the matter(s) specified below. Type of Request or Notification Please tick the appropriate box(es)  notification to ESMA and EBA about requests of assistance between NCAs with regard to on-site inspections or investigations pursuant to Article 95(4) of Regulation (EU) 2023/1114;  request to ESMA and EBA to coordinate the investigation or inspection pursuant to Article 95(5) of Regulation (EU) 2023/1114;  communication to ESMA of situations of rejected or not acted upon requests for cooperation or exchange of information, pursuant to Article 95(6) of Regulation (EU) 2023/1114;  communication to EBA of situations of rejected or not acted upon requests for cooperation or exchange of information, pursuant to Article 95(7) of Regulation (EU) 2023/1114;  notification to ESMA or to EBA of precautionary measures pursuant to Article 102 of Regulation (EU) 2023/1114;  notification to ESMA of product intervention measures under pursuant to 105(3) and 105(4) of Regulation (EU) 2023/1114, for crypto-asset;  notification to EBA of product intervention measures under pursuant to 105(3) of Regulation (EU) 2023/1114, for asset-referenced tokens and e-money tokens;  communication to ESMA and EBA of information on the complaints-handling procedures pursuant to Article 108(2) of Regulation (EU) 2023/1114;  communication to ESMA of data and information to compile the Register of crypto-asset white papers, of issuers of asset-referenced tokens and e-money tokens, and of crypto￾asset service providers, pursuant to Article 109(1) of Regulation (EU) 2023/1114;  notifications to ESMA of the measures listed in Article 94(1), point (b), (c), (f), (l), (m), (n), (o) or (t) and of any public precautionary measures taken pursuant to Article 102, pursuant to Article 109(6) of MICA;  communication to ESMA for the establishment of the ESMA Register on non-compliant entities providing crypto asset services, pursuant to Article 110 of MICA;  reporting of administrative penalties and other administrative measures by competent authorities to ESMA and EBA, pursuant to Article 115 of MICA.  Any other notification, provision of information or request for information relevant in accordance with Article 96 of Regulation (EU) 2023/1114.

57 Information on the notification or reasons for the request The notification / request concerns [choose “notification” or “request” according to the selection made above] …………………………………………………………………………………………………… …………………………………………………………………………………………………… ……………………………………………………………………………………………………. [insert the description of the subject matter of the notification or request, the purpose for which the cooperation or exchange of information is sought or facts underlying the request for coordinating an investigation and explanation for its helpfulness] Further to …………………………………………………………………………………………………… …………………………………………………………………………………………………… …………………………………………………………………………………………………… [if applicable, insert details of the previous notification or request in order to enable it to be identified] The information included in this notification / request [choose the correct option] shall be kept confidential in accordance with Article 11 of Commission Implementing Regulation (EU) 20XX/XXX and Article 100 of Regulation (EU) 2023/1114. Any personal data provided shall be processed by ESMA or EBA in accordance with Regulation (EU) 2018/1725 of the European Parliament and of the Council and by the relevant competent authorities in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council. In particular, both ESMA and the relevant competent authorities shall ensure that all relevant information on the processing of personal data is provided to data subjects in accordance with Section 2 ‘Information and access to personal data’ of Chapter III ‘Rights of the data subject’ of these Regulations. Yours sincerely, [signature]

58 ANNEX II Form for the acknowledgement of receipt of a notification or request for cooperation or exchange of information Acknowledgement of receipt of a notification or request for cooperation or exchange of information Reference number: Date: FROM: Receiving Body: Address: (Contact details of the contact point) Name: Telephone: Email: TO: Member State: Submitting Body: Address: (Contact details of the contact point) Name: Telephone: Email:

59 Dear [insert appropriate name], Following your request [insert reference to request] we hereby acknowledge receipt of your notification / request for cooperation / request for information [choose the right option] on [insert date] □ The [receiving body] intends to respond within [insert estimated date or timeframe by when a response is expected to be provided] □ The [receiving body] intends to provide updates on the pending request [insert periodicity of the updates to be given] [In case it is not possible for the requested body to give an estimated date or timeframe for the response, please provide the periodicity of the updates to be given to the submitting body] □ The [receiving body] will not be capable of responding within the deadlines set forth by the [submitting body] for the following reasons [please, specify which exception/s is/are applicable in your situation]: …………………………………………………………………………………………………… …………………………………………………………………………………………………… …………………………………………………………………………………………………… [In case the receiving body is not capable of responding within the deadlines set forth in Articles 7(1) of Commission Implementing Regulation (EU) XXX/XXXX, please provide reasons and the estimated date of response] Any personal data provided shall be processed by ESMA or EBA in accordance with Regulation (EU) 2018/1725 of the European Parliament and of the Council and by the relevant competent authorities in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council. In particular, both ESMA and the relevant competent authorities shall ensure that all relevant information on the processing of personal data is provided to data subjects in accordance with Section 2 ‘Information and access to personal data’ of Chapter III ‘Rights of the data subject’ of these Regulations. Yours sincerely, [signature]

60 ANNEX III Form for the reply to a request for cooperation or exchange of information Reply to a request for cooperation or exchange of information Reference number: Date: FROM: Member State: Receiving body: Address: (Contact details of the contact point) Name: Telephone: Email: TO: Member State: Requesting Body: Address: (Contact details of the contact point) Name: Telephone: Email:

61 Dear [insert appropriate name] Following your request [insert reference to request] we hereby acknowledge receipt of your request for cooperation or request for information on [insert date]. Information gathered ………………………………………………………………………………………………… ………………………………………………………………………………………………… ………………………………………………………………………………………………… [If the information has been gathered, please set out the information here or provide an explanation of how it will be provided] The information provided is confidential and is disclosed to [Insert name of the submitting body] pursuant to the [Insert provision of the applicable sectoral legislation] and on the basis that the information shall remain confidential in accordance with Article 10 of Commission Implementing Regulation (EU) 20XX/XXX and Article 100 of Regulation (EU) 2023/1114. The [Insert name of the submitting body] shall observe the requirements of Article 10 of Commission Implementing Regulation (EU) 20XX/XXX with respect to the permissible uses of that information. Where the [Insert name of the submitting body] intends to use or disclose information provided in this reply for a purpose different than the one stated in the request but relating to the body’s tasks in accordance with Regulation (EU) 2023/1114, [Insert name of the submitting body] shall notify [Insert name of the receiving body] which has 10 working days to object to such use or disclosure, or where necessary to indicate a precise time limit by which they will be able to provide such feedback. Where the [Insert name of the submitting body] intends to use or disclose information provided in this reply for purposes outside the scope of Regulation 2023/1114, it shall notify [Insert name of the receiving body] and unless the exception referred to in Article 100(2) of Regulation (EU) 2023/1114 applies, shall obtain the prior consent of [Insert name of the receiving body]. Where [Insert name of the receiving body] consents to such use or disclosure of the information, it may subject it to certain conditions. Any personal data provided shall be processed by ESMA and EBA in accordance with Regulation (EU) 2018/1725 of the European Parliament and of the Council and by the relevant competent authorities in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council. In particular, both ESMA and the relevant competent authorities shall ensure that all relevant information on the processing of personal data is provided to data subjects in accordance with Section 2 ‘Information and access to personal data’ of Chapter III ‘Rights of the data subject’ of these Regulations. Yours sincerely, [signature]

62 ANNEX IV Form for provision of unsolicited exchange of information Unsolicited exchange of information Reference number: Date: FROM: Submitting Body: Address: (Contact details of the contact point) Name: Telephone: Email: TO: Member State: Receiving Body: Address: (Contact details of the contact point) Name: Telephone: Email:

63 Dear [insert appropriate name] In accordance with Article 9 of Implementing Regulation (EU) XXXX/XXX, we are providing the following information we believe may be of assistance in carrying out your duties. Information provided ………………………………………………………………………………………………… ………………………………………………………………………………………………… ………………………………………………………………………………………………… [Please set out the details of the information provided, including if relevant a description of any supporting documents or material attached.] The information provided is confidential and is disclosed to [Insert name of the submitting body] pursuant to the [Insert provision of the applicable sectoral legislation] and on the basis that the information shall remain confidential the accordance with Article 11 of Commission Implementing Regulation (EU) 20XX/XXX and Article 100 of Regulation (EU) 2023/1114. The [Insert name of the receiving body] shall observe the requirements of Article 10 of Commission Implementing Regulation (EU) 20XX/XXX with respect to the permissible uses of that information, and of Article 101 of Regulation (EU) 2023/1114 (MiCA) with respect to personal data processing and transfer. Where the [Insert name of the submitting body] intends to use or disclose the information received for purposes other than those stated in Article 10(3) of Implementing Regulation (EU) 20XX/XXX, it shall notify [Insert name of the receiving body] and shall obtain the prior consent of [Insert name of the receiving body]. Where [Insert name of the receiving body] consents to such use or disclosure of the information, it may subject it to certain conditions. Yours sincerely, [signature]

64 6.6 Annex VI: Draft regulatory technical standards on the cooperation template with third countries, pursuant to Article 107(3) of MiCA COMMISSION DELEGATED REGULATION (EU) 202X/XXXX of XXX supplementing Regulation (EU) 2023/1114 of the European Parliament and of the Council with regard to regulatory technical standards establishing a template document for cooperation arrangements between competent authorities and supervisory authorities of third countries (Text with EEA relevance) THE EUROPEAN COMMISSION, Having regard to the Treaty on the Functioning of the European Union, Having regard to Regulation (EU) 2023/1114 of the European Parliament and of the Council of 31 May 2023 on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/193720, and in particular the third subparagraph of Article 107(3) thereof, Whereas: (1) Article 107(1) of Regulation (EU) 2023/1114 requires the competent authorities of Member States to conclude where necessary cooperation arrangements with supervisory authorities of third countries concerning the exchange of information and the enforcement of obligations arising under that Regulation in third countries. Cooperation arrangements on exchange of information can only be concluded if the information to be disclosed under them is subject to guarantees of professional secrecy at least equivalent to those set out in Article 100 of that Regulation, and such exchanges must be intended for the performance of the tasks of the competent authorities in question. (2) In concluding new cooperation arrangements and updating existing cooperation arrangements with third-country authorities, the competent authorities where possible are to use the template document adopted pursuant to Article 107 of Regulation (EU) No 2023/1114. (3) Any transfer of personal data to supervisory authorities of third countries should be undertaken in full compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council21. One of the transfer tools that may be used to exchange personal 20 OJ L 150, 9.6.2023, p. 40. 21 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ L 119, 04.5.2016, p. 1).

65 data between competent authorities and supervisory authorities of third countries is through administrative arrangements ensuring appropriate safeguards pursuant to Article 46(3)(b) of Regulation (EU) 2016/679, which include enforceable and effective data subject rights. (4) This Regulation is based on the draft regulatory technical standards submitted by the European Securities and Markets Authority (ESMA), in close cooperation with the European Banking Authority, to the European Commission. (5) ESMA did not conduct open public consultations on the draft regulatory technical standards on which this Regulation is based, nor did it analyse the potential related costs and benefits of introducing such standards, as to have done so would have been disproportionate in relation to the scope and impact of those standards, taking into account the fact that the addressees of the standards would only be the competent authorities of the Member States and not market participants. (6) ESMA has requested the advice of the Securities and Markets Stakeholder Group established by Article 15 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council22 , HAS ADOPTED THIS REGULATION: Article 1 Cooperation arrangements The template document to be used by competent authorities of Member States where possible for cooperation arrangements pursuant to Article 107(1) of Regulation (EU) 2023/1114 is set out in the Annex to this Regulation. Article 2 Transfers of personal data Where competent authorities rely on an administrative arrangement pursuant to Article 46(3) of Regulation (EU) 2016/679 for the transfer of personal data to supervisory authorities of third countries, that arrangement shall be annexed to and constitute a part of the cooperation arrangement entered into in accordance with Article 107 of Regulation (EU) 2023/1114. Article 3 Entry into force This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union. 22 Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84).

66 This Regulation shall be binding in its entirety and directly applicable in all Member States. Done at Brussels, For the Commission The President [For the Commission On behalf of the President [Position] ANNEX Template document for cooperation arrangements concerning the exchange of information between competent authorities of Member States and supervisory authorities in third countries and the enforcement of obligations arising under Regulation (EU) 2023/1114 in third countries

1. Introduction Description of each signatory authority’s legal basis for the exchange of information in order for them to carry out their duties as regards to their laws and regulations relating to markets in crypto-assets. Declaration that pursuant to the laws and regulations that constitute the legal basis for exchange of information and to the cooperation arrangements, the signatory authorities can provide each other with mutual assistance on a reciprocal basis. Declaration that the provisions of the cooperation arrangements are not intended to create legally binding obligations or supersede domestic or Union law.
2. Definitions An appropriate list of definitions covering the terms used in the arrangements.
3. General provisions – denial of assistance List the cases in which cooperation requests may be denied such as: (a) the request is not made in compliance with the arrangements; (b) the request would require the signatory authority receiving the request to act in a manner that would violate domestic or Union law; (c) communication of the relevant information could adversely affect the security of the jurisdiction addressed, in particular the fight against terrorism or other serious crimes;

67 (d) complying with the request is likely to adversely affect the receiving authority’s own investigation, enforcement activities or, where applicable, a criminal investigation; (e) judicial proceedings have already been initiated in respect of the same actions and against the same persons before the relevant authorities of the jurisdiction addressed; (f) a final judgment has already been delivered in relation to the same persons for the same actions in the jurisdiction addressed, unless the requesting authority can demonstrate that the relief or sanctions sought in any proceedings initiated by the requesting authority would not be of the same nature or duplicative of any relief or sanctions obtained in the jurisdiction of the requested authority. Assistance will not be denied based on the fact that the type of conduct under investigation would not be a violation of the laws and regulations relating to markets in crypto-assets of the authority receiving the request. 4. Content of the assistance to be provided Description of the type of assistance to be provided in line with Article 94 of Regulation (EU) 2023/1114 such as: (a) obtaining information held in the files of the signatory authority receiving the request; (b) obtaining statements or information from any person; (c) obtaining documents from persons or entities including through the performance of on￾site inspections; (d) obtaining data traffic records, insofar as permitted by national law and, where applicable, with the assistance of the appropriate judicial authority depending on the implementation of Article 94(3), point (e), of Regulation (EU) 2023/1114 or any equivalent power under the laws of the relevant third country; (e) obtaining or assisting in obtaining the freezing or sequestration of assets in line with Article 94(3), point (f), of Regulation (EU) 2023/1114 or any equivalent power under the laws of the relevant third country; (f) obtaining or assisting in obtaining the temporary cessation of any practice or conduct that considered contrary to the laws and regulations relating to market abuse in line with Article 94(1), point (v), of Regulation (EU) 2023/1114 or any equivalent power under the laws of the relevant third country. 5. Sending and processing requests for assistance Description of the procedure for sending and processing requests for assistance. 6. Permissible uses of information Description of the rules on the permissible use of the information in line with Article 107(5) of Regulation (EU) 2023/1114 and namely that the information provided must be intended for the performance of the tasks of the signatory authorities to ensure compliance with and enforce

68 the laws and regulations relating to markets in crypto-assets. The information exchanged shall be used solely for the purposes set forth in the request for assistance. If a signatory authority making the request intends to use information furnished under the arrangement for any purpose other than those stated in this section, it must obtain the prior consent of the signatory authority receiving the request. 7. Processing of personal data Indication that the processing of personal data shall be undertaken in full compliance with Regulation (EU) 2016/679. 8. Confidentiality restrictions Description of the rules on confidentiality of any information disclosed, received, exchanged or transmitted. The description must include the following: (a) all information exchanged between the signatories under the arrangements that concerns business or operational conditions or other economic or personal affairs must be considered to be confidential and must be subject to the requirements of professional secrecy, except where the authority providing the information states at the time of communication that the information may be disclosed or such disclosure is necessary for legal proceedings or cases covered by national taxation or criminal law; (b) the obligation of professional secrecy applies to all natural and legal persons who work or who have worked for the signatories. Information covered by professional secrecy may not be disclosed to any other natural or legal person or authority except by virtue of provisions laid down by Union or national legislative acts, or by virtue of provisions laid down in the laws of the relevant third country at least equivalent to such provisions. The information exchanged must not be disclosed to any other authority or entity except with the prior agreement of the signatory who originally provided it. 9. General provisions – identification of a contact point To facilitate cooperation under the arrangements, designation of contact points by the signatory authorities. 10. General provisions – revision clause Periodical review by the signatory authorities of the functioning and effectiveness of the cooperation arrangements with a view to expanding or altering the scope or operation of the arrangements, should that be judged necessary. 11. Other provisions – Miscellaneous