Final Report on the draft implementing technical standards on the extension of the use of the alleviated format of insider lists

21 October 2025 ESMA74-268544963-1552 Final Report on the draft implementing technical standards on the extension of the use of the alleviated format of insider lists

1 Table of Contents 1 Executive Summary ....................................................................................................3 2 Introduction .................................................................................................................5 3 Draft implementing technical standards on an alleviated format for insider lists...........6 3.1 Proposal in the CP ...............................................................................................6 3.2 Feedback to the consultation................................................................................7 3.3 ESMA’s assessment and next steps ....................................................................8 4 Annexes ......................................................................................................................9 4.1 Annex I - Summary of questions...........................................................................9 4.2 Annex II – Legal mandate to draft technical standards on the implementation of the amendments to Market Abuse Regulation in the context of the Listing Act ...................13 4.3 Annex III – Proposed implementing technical standards ....................................13

2 List of abbreviations and legal acts Amending Regulation The regulation amending MAR under the Listing Act, i.e., Regulation (EU) 2024/2809 of the European Parliament and of the Council of 23 October 2024 amending Regulations (EU) 2017/1129, (EU) No 596/2014 and (EU) No 600/2014 to make public capital markets in the Union more attractive for companies and to facilitate access to capital for small and medium-sized enterprises CIR Commission Implementing Regulation CP Consultation Paper ITS Implementing Technical Standards Listing Act or LA Package of measures reviewing the Prospectus Regulation, Market Abuse Regulation, Markets in Financial Instruments Regulation and Directive (MiFIR/MiFID II), and introducing a new Directive on multiple-vote share structures. Namely, the following regulations and directives were published in the Official Journal on 14 November 2024 (i) Regulation (EU) 2024/2809 (ii) Directive (EU) 2024/2810 and (iii) Directive (EU) 2024/2811. Market Abuse Regulation or MAR Regulation 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse and repealing Directive 2003/6/EC of the European Parliament and of the Council and Commission Directives 2003/124/EC, 2003/125/EC and 2004/72/EC NCAs National Competent Authorities NIN National Identification Number SMEs Small and Medium Enterprises SME GM SME Growth Markets

3 1 Executive Summary Reasons for publication The Listing Act, published in the Official Journal on 14 November 2024, aims at simplifying the listing requirements to promote better access to public capital markets for EU companies, in particular SMEs, by reducing the administrative burden on listed companies or companies that seek listing. In accordance with the general aim of burden reduction, the Listing Act amends MAR and mandates ESMA to review the implementing technical standards (ITS) on the format for drawing up and updating insider lists in order to extend to all issuers the alleviated format currently applicable to issuers admitted to trading on an SME Growth Market (SME GM) in those Member States that have opted out of the simplified regime. Contents This Final Report contains the feedback received to the Consultation Paper (CP) published in April 2025 as well as ESMA’s assessment and proposed way forward in relation to the draft ITS on the extension of the use of the alleviated format of insider lists for SME GM to all issuers. Section 2 of this report presents the legal background and the mandate for ESMA to produce the draft ITS. Section 3 sets out ESMA’s assessment and the final approach on the basis of the feedback received from stakeholders to the initial proposal made in the CP. Namely, ESMA proposes that the ITS include the following three different insider list templates:

• The first two templates will cover the event-based and the permanent section of the insider list for non-SME issuers and SME GM issuers in those Member States that have opted out of the simplified regime.

• The third template covers the insider list for persons having regular access to inside information which is to be used by SME GM issuers under the simplified regime. Compared to the CP, ESMA did not introduce any major changes in the insider list templates and included a recital in the draft ITS to clarify the possibility for issuers to include one contact person per external provider having access to inside information. Finally, Section 4 includes three Annexes. Annex I presents a summary of the two questions posed in the CP, Annex II includes ESMA’s legal mandate to review the existing ITS following the MAR amendments in the context of the Listing Act and Annex III contains the draft ITS, including its two annexes with the proposed templates.

4 Next Steps The draft ITS is submitted to the European Commission for adoption. In accordance with Article 15 of Regulation (EU) 1095/2010, the European Commission shall decide whether to adopt the technical standard within 3 months.

5 2 Introduction

1. In December 2022, the Commission adopted a legislative proposal to simplify the listing requirements to promote better access to public capital markets for EU companies, in particular SMEs, by reducing the administrative burden on listed companies or companies seeking listing. The package comprised a Regulation amending the Prospectus Regulation1 , MAR and MiFIR and a Directive amending MiFID II and repealing the Listing Directive. Furthermore, it introduced a new Directive on multiple vote share structures.
2. The European Parliament and Council reached a provisional agreement on the Listing Act on 1 February 2024. The compromise was approved by the Council on 14 February 2024 and voted by the European Parliament in first reading in plenary session on 24 April 2024. On 8 October 2024, the Council adopted the Listing Act. Finally, the legislative package was published in the Official Journal on 14 November 20242 .
3. Considering that those legal texts entered into force 20 days after the publication and that some provisions are applicable 18 months after such date, the bulk of the provisions of the Listing Act should enter into application in July 2026.
4. Several provisions included in the Listing Act will require the adoption of Level 2 measures for which the Commission has been mandated to adopt delegated and implementing acts within 18 months of its entry into force. In relation to MAR, the Listing Act empowered ESMA to review the existing ITS on insider list to extend the use of the alleviated format for issuers admitted to trading on SME GM (hereinafter referred to “the alleviated format”) to all insider lists.
5. In response to that mandate, ESMA published a CP on 3 April 20253 and based on the feedback received to the consultation, ESMA has adjusted some of its initial proposals. This Final Report provides details on the original proposals from the consultation, the feedback received from market participants, ESMA’s conclusions and next steps.
6. Considering that the proposed changes to the ITS on the insider lists are expected to have a limited impact on market participants, ESMA deemed it disproportionate to carry out a cost-benefit analysis. 1 Regulation (EU) 2017/1129 of the European Parliament and of the Council of 14 June 2017. 2 Regulation - EU - 2024/2809 - EN - EUR-Lex, Directive - EU - 2024/2810 - EN - EUR-Lex and Directive - EU - 2024/2811 - EN

• EUR-Lex. 3 Available at ESMA’s dedicated website on the Listing Act

6 3 Draft implementing technical standards on an alleviated format for insider lists 3.1 Proposal in the CP 7. CIR 2022/1210 4 currently in force includes five standard templates for reporting the personal details of persons with access to inside information. These templates are contained in three different Annexes: • Annex I of CIR 2022/120 contains the two templates for the insider lists required for all issuers in Article 18(1) of MAR: the event-based and the permanent sections of the insider list. • Annex II of CIR 2022/120 includes the standard template for SME GM issuers that only identifies persons having regular access to inside information. • Annex III of CIR 2022/120 contains the two templates that SME GM issuers should use in those Member States that, duly justified by national market integrity concerns, have opted out of the standard simplified regime for SME GM issuers and required them to draw up and update insider lists following the same logic of those in Annex I. However, these two templates (one for an event-based list and another for a permanent list) require fewer personal data fields. 8. Following the mandate received under Article 18(9) of MAR (see Annex II of this Final Report), in the CP ESMA proposed extending the alleviated format of insider lists envisaged in Annex III of CIR 2022/1210 to all issuers and therefore reducing the total number of templates for insider lists from five to three. 9. More precisely, the first two templates, presented in the CP under Annex I of the draft ITS, would apply to the insider lists for all issuers under Article 18(1) of MAR as well all to the insider lists for SME GM issuers in those Member States that have opted out of the simplified regime under Article 18(6), second subparagraph: a. the first template is for the event-based section of the insider lists. Compared to the template currently envisaged in CIR 2022/120, this template would no longer include the following information: (i) surname(s) at birth (if different), (ii) company name and address of the insider, (iii) personal telephone number and (iv) personal full home address. ESMA proposed that issuers should include the insider’s National Identification Number and only when this is not applicable, their date of birth (i.e. issuers are no longer required to report both); b. the second template is for the permanent section of the insider lists and, compared to the template currently in use, would no longer require some personal data: (i) 4 Commission Implementing Regulation (EU) 2022/1210 of 13 July 2022 laying down implementing technical standards for the application of Regulation (EU) No 596/2014 of the European Parliament and of the Council with regard to the format of insider lists and their updates

7 surname(s) at birth (if different), (ii) personal telephone number and (iii) personal full home address. As in the previous point, it was proposed not to require both the National Identification Number and the date of birth of the insider. 10. The third and last template, presented in the CP in Annex II of the draft ITS is to be used by SME GM issuers (in those Member States that have not opted out of the simplified regime, i.e. insider lists required under Article 18(6) first subparagraph of MAR) and includes persons having regular access to inside information. According to the CP proposal, also this template would be streamlined compared to the template currently in use and no longer requires some of the insider’s personal data: (i) surname(s) at birth (if different), (ii) personal telephone number and (iii) personal full home address. As in the previous templates, the National Identification Number and the date of birth of the insider would no longer be both required. 3.2 Feedback to the consultation 11. ESMA received 19 responses to the CP from a wide range of market participants including trading venues, issuers as well as trade associations. In the CP, ESMA invited respondents to provide input on two questions: i) whether they would agree with the proposed approach and ii) whether they would consider the permanent section of the insider list useful. 12. On the first point, the majority of respondents supported ESMA’s proposed approach, welcoming its simplification and burden reduction objective. 13. As for the specific content of the templates, stakeholders provided limited feedback in relation to the proposed data fields. As part of the input received, respondents expressed views in relation to the fields of NIN, date of birth as well as company name and address. 14. First, a few respondents highlighted divergences in the availability and use of the NIN across Member States. Given the difficulties and errors that may arise from making this field mandatory, it was suggested either (a) not to subject the use of the date of birth to the absence of NIN or (b) to just mandate the reporting of the date of birth in the templates. On the contrary, another respondent advocated for making both data points mandatory to ensure enduring traceability of individuals and completeness of the information. 15. Second, a few respondents advocated for reintroducing the fields of company name and address in template 1 of Annex I (event-based section). It was argued that not doing so would pose difficulties in the identification of external service providers with access to certain pieces of inside information. On the contrary, a few respondents advocated for a completely opposite approach, suggesting eliminating these data fields from the templates where it is still required arguing that this information is publicly available to NCAs. 16. As to the usefulness of the permanent section of the insider lists, the majority of respondents considered it to be very useful as it allows for a quick identification of key individuals with ongoing access to all inside information, helps authorities in conducting swift investigations and minimizes the risk of data duplication.

8 17. Separately, ESMA was invited to provide a clarification regarding the possibility for issuers to include one contact person per external provider having access to inside information. 18. Finally, some stakeholders made comments on the approach adopted by EU co￾legislators on Article 18 of MAR and made suggestions for a future review of this provision. 19. More detailed feedback received to the CP is presented in Annex I to this Final Report. 3.3 ESMA’s assessment and next steps 20. ESMA acknowledges the broad support for the approach presented in the CP. 21. ESMA also takes note of the comments received in relation to the content of the templates and sees merits in a minor amendment to its initial proposal. 22. Namely, ESMA agrees that the company details represent important information, especially for the identification of external providers or consultants with access to inside information. Therefore, for third party service providers, ESMA sees merit in including the company details in the information to be provided within the field “Function and reason for being insider”, in all the insider lists. ESMA believes this solution would enable balancing the objective of burden reduction with the need of assisting NCAs in the conduct of market abuse investigations. 23. On the contrary, while ESMA acknowledges that there may be divergent supervisory practices across Member States in relation to the availability and use of the NIN, ESMA maintains the view that all issuers should report the NIN of insiders whenever applicable, and only if not present in that Member state, their date of birth. This approach follows the mandate under Article 18(9) of MAR which empowers ESMA to simply extend the alleviated format currently envisaged in CIR 2022/1210 for SME GM issuers to all issuers. 24. To summarise, considering the above, ESMA maintains the approach and the structure of the insider lists proposed in the draft ITS presented in CP, with the clarification that the company details of any third-party service provider should be reported in the field “Function and reason for being insider”. 25. In parallel, while not directly addressed in the CP, ESMA acknowledges that it might be beneficial to clarify how issuers should include third-party providers in the insider list. In this context, ESMA recalls that a Q&A5 was forwarded to the European Commission but it was then agreed to address this issue in the revision of this ITS. 26. It might be useful to recall that under Article 18 of MAR, the issuer has to draw up a list of all persons who have access to inside information, including advisors, accountants and Credit Rating Agencies (third parties) and that, in addition, also all persons acting on behalf or on account of the issuer (including advisors) should draw up their own insider list of 5 Q&A 777 available at ESMA_QA_777

9 persons working for them that have had access to inside information relating to the issuer. 27. On that basis, ESMA considers that in case of external service providers who have access to inside information, the issuer should include in its insider list only one natural contact person per external service provider. The issuer may not be aware of how the inside information circulates among the staff of such third parties, and therefore any obligation to include them in the issuer’s insider list is likely to be incomplete. Additionally, the obligation for the third party to draw up its own insider list better fills that gap and would make any duplication of efforts by the issuer redundant. Finally, this approach would allow NCAs to reconstruct the list of all the persons who obtained access to inside information by requesting both the issuer’s and the third party’s insider lists. 28. To clarify this point, ESMA proposes to amend the draft ITS by including a new recital (Recital 12). 29. Finally, in relation to the usefulness of the permanent section of insider lists, ESMA acknowledges the broad support from market participants and therefore maintains its initial proposal. In this context, ESMA notes that the permanent section of the insider list should not be read as cumulative to the event-based section. In other words, issuers are not obliged to draw up the event-based list for the persons in the permanent section of the insider list, that is those persons having access to all inside information at all times (i.e. permanent insiders). This is reflected in the drafting of the ITS presented in Annex III. 30. Separately, in terms of interactions with the existing legal framework, the changes introduced in MAR by the Listing Act have effectively removed the two empowerments that allowed the European Commission to adopt CIR 2022/1210, rendering this legal act obsolete. Therefore, as also explained in the CP, considering the empowerment under Article 18(9) of MAR, the new CIR to be adopted by the Commission on the basis of ESMA’s ITS should repeal and replace the current CIR 2022/1210 in order to have all the formats of all insider lists under one single legal act. 4 Annexes 4.1 Annex I - Summary of questions Q1: Do you agree with the proposed approach? Please explain. The majority of respondents agreed with the approach, welcoming its simplification and burden reduction objective. Some of these respondents raised the following points: • One respondent highlighted that significant personal data processing can be very complex and costly for issuers and that there is a need to protect the safety of individuals whose data appear on those lists. • One respondent considered that the proposed amendments represent a step towards necessary deregulation for issuers.

10 • One respondent welcomed that no new requirement was introduced. Additionally, some respondents welcomed the initiative under consultation while making the following remarks: • The amendments were considered to be quite marginal and with no material impact by few respondents. • Some stakeholders advocated for the deletion of the insider lists as a real burden reduction measure. A few considered that NCAs have other tools, means and powers to detect market abuses (e.g., Article 23 of MAR). Moreover, a few advocated for reassessing this issue in the context of a potential future review of the Level 1 text. Finally, one respondent signalled that the deletion of the insider list from MAR would not prevent in any case keeping insider lists on a voluntary basis. • As a second-best option to the deletion of the lists, one respondent advocated for deleting the event-based lists as suggested by the EC in its Listing Act proposal of December 2022. • One respondent disagreed with the simplified insider list regime applying to SMEs that allows SMEs not to keep an event-based list. On the contrary: • One respondent disagreed with the introduction of an alleviated format for insider lists. • One respondent cautioned that the proposed alleviation for all companies might undermine the main rationale for insider lists. Namely, that respondent argues that limiting insider lists to “regular insiders” (i) reduces the traceability of temporary insiders and (ii) increases the risk of abuse as the deterrent effect of MAR is weakened if fewer names and less details are recorded. The respondent argued that while for SMEs, the simplified regime is about survival and efficiency, for large companies, it could become a means of weakening market oversight at the very top end of the market, where robust controls are most necessary. As an alternative, this respondent believes that simplification should be pursued through greater standardisation by:

• mandating an EU-wide electronic format for insider lists and establishing a centralised submission platform managed by ESMA: streamlined communications with NCAs, enhanced supervisory cooperation, and no inefficiencies stemming from fragmented bilateral exchanges;

• the introduction of an automated, supervisory-access-only unique identifier assigned to each individual appearing on insider lists implemented through a digital ESMA-managed platform. In relation to the data fields of the templates, the following views were expressed: • National identification Number (NIN) and/or date of birth: first, a few respondents have highlighted divergencies in the availability and use of the NIN across Member States and the subsequent difficulties and errors that this may give rise to. Consequently, one respondent argued that the use of the date of birth should not be subject to the absence of NIN and suggested redrafting this data field in Annex I and Annex II as follows: “National Identification Number or in the absence thereof, the date

11 of birth”. On the contrary, a couple of respondents suggested to delete the requirement to provide the NIN and to maintain only the Date of Birth in the template. Second, another respondent advocated for making both data points mandatory to ensure completeness of the information and enduring traceability of individuals. • Professional telephone number: while one respondent suggested eliminating this data field from the templates, two respondents advocated for replacing this data point with the professional email address. Would the latter proposal not be followed by ESMA, one respondent stressed the importance of retaining the professional telephone number as proposed in the CP. • Address of the company: one respondent advocated for reintroducing this information in template 1 of Annex I (events-based section). The respondent argued that not doing so would pose difficulties in the identification of external service providers with access to certain pieces of inside information. On the contrary, a few respondents suggested eliminating this data field from the temples where it is still required (i.e., template 2 of Annex 1 and the template in Annex 2) as this data is publicly available to the NCA. • Company name: a few respondents advocated for reintroducing this requirement in template 1 of Annex I (events-based section). They argued that not doing so would pose difficulties in market abuse investigations and the identification of external service providers with access to certain pieces of inside information. On the contrary, a few respondents suggested eliminating this data field from the temples where it is still required (i.e., template 2 of Annex 1 and the template in Annex 2) as this data is publicly available to the NCA. • Personal contact number: one respondent advocated for reintroducing this information in the templates in order to facilitate market abuse investigations. • Surname at birth: one respondent advocated for reintroducing this information in the templates in order to facilitate market abuse investigations. • Time at which the insider obtained/lost access to the inside information: one respondent argued that this information should be displayed using the local time of the country where the issuer’s head office is located or “UTC” in Template 1 of Annex I. • Time at which the insider was included/removed from the permanent section: one respondent argued that this information should be displayed using the local time of the country where the issuer’s head office is located or “UTC” in Template 2 of Annex I.

12 Moreover, in relation to advisers assisting issuers, a respondent suggested introducing a “single-contact-person” model to (i) streamline the issuers’ information-gathering processes by imposing clear duties of accountability and responsibility on the advisers and (ii) facilitate the relationship with advisers while still ensuring the traceability of the transmission of inside information to a party external to the corporate organisation of the issuer. Additionally, one respondent suggested introducing a clarification in Article 18 MAR to address and specify the issue of drawing up insiders lists and their disclosure by banks and other financial institutions. Finally, two respondents took the opportunity to make comments in relation to Article 19 MAR requirements. Q2: Do you consider the permanent section of the insider list for all issuers (and SMEs GM issuers in those MS that have opted out of the simplified regime) contained in Annex I useful? The majority of respondents considered the permanent section of the insider list to be very useful as it allows for a quick identification of key individuals with ongoing access to all inside information, it helps authorities in carrying out swift investigations and minimizes the risk of data duplication. However, some of these respondents raised the following points: • One respondent invited ESMA to consider expanding the definition of the term “permanent insider” to include a more relevant group of people as the current definition in Article 2 paragraph 1 of the Regulation is very narrow and only covers a very limited group of people. Instead of asking that the person should “have access to all inside information at all times” the definition should cover persons who, for example, have regular access to most/much inside information. • Another respondent expressed a concern on how the overly broad use of this list, where many issuers include individuals who do not meet the threshold of having continuous access to all inside information at all times. Therefore, it invited ESMA to continue providing clear and firm guidance to ensure the list is only used in appropriate cases. • One respondent suggested removing altogether the obligation to maintain insider lists from MAR.

13 On the contrary, a few respondents did not consider the permanent section of the insider list to be useful as in their view this creates significant challenges for issuers and regulators, including overlapping records as well as unnecessary administrative burdens and potential inconsistencies in record-keeping and information dissemination. On that basis, it was suggested to consider the potential abolition of the separate permanent insider list (or to make it voluntary) in favour of a single event-based insider list. One respondent argued that the requirement for SME growth market issuers (for Member States that have not opted out of the simplified regime) is considered more demanding compared to all issuers/SMEs from Member States that have opted out, as it requires listing “persons having regular access to inside information” as opposed to “persons having access to all inside information at all time”. On a separate note, two respondents invited ESMA to provide a clarification regarding the possibility to include one contact person per external provider having access to inside information. 4.2 Annex II – Legal mandate to draft technical standards on the implementation of the amendments to Market Abuse Regulation in the context of the Listing Act Legal mandate as introduced by the Listing Act in Article 18(9) of MAR: ESMA shall review the implementing technical standards on the alleviated format of the insider lists for issuers admitted to trading on SME growth markets to extend the use of such a format to all insider lists referred to in paragraph 1 and in paragraph 6, first and second subparagraphs. ESMA shall submit those draft implementing technical standards to the Commission by 5 September 2025. Power is conferred on the Commission to adopt the implementing technical standards referred to in the first subparagraph in accordance with Article 15 of Regulation (EU) No 1095/2010. 4.3 Annex III – Proposed implementing technical standards COMMISSION IMPLEMENTING REGULATION (EU) …/... of XXX laying down implementing technical standards for the application of Regulation (EU) No 596/2014 of the European Parliament and of the Council with regard to the application of an alleviated format of insider lists and their updates and repealing Commission Implementing

14 Regulation (EU) 2022/1210 (Text with EEA relevance) THE EUROPEAN COMMISSION, Having regard to the Treaty on the Functioning of the European Union, Having regard to Regulation (EU) 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse (‘Regulation (EU) 596/2014 or ‘MAR’), amended by Regulation (EU) 2024/2809 to make public capital markets in the Union more attractive for companies and to facilitate access to capital for SMEs, and repealing Directive 2003/6/EC of the European Parliament and of the Council and Commission Directives 2003/124/EC6 , 2003/125/EC and 2004/72/EC (1), and in particular the third subparagraph of Article 18(9) thereof Whereas: (1) Pursuant to Article 18 of Regulation (EU) No 596/2014, issuers, emission allowance market participants, auction platforms, auctioneers and auction monitor, or any other persons acting on their behalf or on their account are required to draw up insider lists and keep them up to date in accordance with a precise format. (2) The establishment of a precise format, including the use of standard templates, should facilitate the uniform application of the requirement to draw up and update insider lists laid down in Regulation (EU) No 596/2014. It should also ensure that competent authorities are provided with the information necessary to fulfil the task of protecting the integrity of the financial markets and investigate possible market abuse. (3) Since a variety of inside information can exist within an entity at the same time, insider lists should precisely identify the specific inside information to which persons working for the entity have had access. Therefore, the insider lists should specify which is the specific inside information (which may include information relating to a deal, a project, an event – including corporate or financial ones –, a publication of financial statements). To that end, the insider lists should be divided into sections with separate entries for each piece of specific inside information. Each section should list all persons having access to the same specific inside information. (4) To reduce the burden for issuers and avoid multiple entries in the insider list with respect to those people that have access to all inside information at all times, it should be possible to list those persons in a separate section of the 6 OJ L 173, 12.6.2014, p. 1.

15 insider list, referred to as the permanent insiders section, which is not related to specific inside information. The permanent insiders section should only include those persons who, due to the nature of their function or position, have access to all inside information within the entity at all times and once such persons are included in the permanent section the issuer would not be obliged to draw up the event-based section of the insider list with separate entries for each piece of specific inside information for those persons. (5) Regulation (EU) No 596/2014 was amended by Regulation (EU) 2019/2115 of the European Parliament and of the Council7 , which introduced less stringent requirements for issuers whose financial instruments are admitted to trading on an SME growth market (SME growth market issuers), by limiting the persons listed in the insider list to those who, due to the nature of their function or position within the issuer, have regular access to inside information. The insider list for those persons should not include separate entries for each piece of specific inside information those persons had access to but should mention when they gained and ceased to have regular access to inside information. (6) By way of derogation from that provision, Member States may require SME growth market issuers to include in their insider lists all persons referred to in Article 18(1)(a) of Regulation (EU) No 596/2014. Yet, considering the generally smaller human and financial resources of SMEs, it was considered proportionate for them to use a format which represents a lighter administrative burden compared to the format of the insider lists established pursuant to Article 18(1)(a) of Regulation (EU) No 596/2014, and to limit the content of the lists to what is strictly necessary for the identification of the relevant individuals. Not requiring issuers to keep in their lists personal contact details of their insiders aims at granting issuers a relief from collecting and updating data from insiders while not depriving national competent authorities of a tool to identify persons handling the inside information and reach them at their professional contact address/phone number. Those issuers should also have the possibility to list those persons who, due to the nature of their function or position, have access to all inside information at all times in a permanent insiders’ section of the insider list which is not related to specific inside information. Once such persons are included in the permanent section of the insider list, those issuers would not be obliged to draw up the event-based section of the insider list with separate entries for each piece of specific inside information for those persons. The content of such permanent insider sections should also be limited to what is strictly necessary for the identification of the relevant individuals. (7) Regulation (EU) No 596/2014 was further amended by Regulation (EU) 2024/2809 of the European Parliament and of the Council8 , which simplifies the administrative burden on listed companies or companies that seek a listing, by extending to all issuers the use of the alleviated format of the insider lists 7 Regulation (EU) 2019/2115 of the European Parliament and of the Council of 27 November 2019 amending Directive 2014/65/EU and Regulations (EU) No 596/2014 and (EU) No 2017/1129 as regards the promotion of the use of SME growth markets (OJ L 320, 11.12.2019, p. 1). 8 Regulation (EU) 2024/2809 of the European Parliament and of the Council of 23 October 2024 amending Regulations (EU) 2017/1129, (EU) No 596/2014 and (EU) No 600/2014 to make public capital markets in the Union more attractive for companies and to facilitate access to capital for small and medium-sized enterprises (OJ L, 2024/2809, 14.11.2024, p.1)

16 for issuers admitted to trading on SME growth markets. As a result, drawing up and maintaining the insider lists for all issuers should also represent a lighter administrative burden and should be limited to what is strictly necessary for the identification of the relevant individuals. (8) The insider lists should contain the personal data that is necessary in order to identify the insiders. Any processing of personal data for the purposes of establishing and keeping insider listings referred to in Article 18 of Regulation (EU) No 596/2014 should comply with Regulation (EU) 2016/679 of the European Parliament and of the Council9 . (9) The insider lists should also contain data that may assist the competent authorities in the conduct of investigations and help them to rapidly analyse the trading behaviour of insiders, to establish connections between insiders and persons involved in suspicious trading, and to identify contacts between them at critical times. In this respect, telephone numbers are essential as they permit the competent authority to act swiftly and to request data traffic records, if necessary. Moreover, such data should be provided at the outset, so that the integrity of the investigation is not compromised by the competent authority having to revert in the course of an investigation to the issuer, the emission allowance market participant, the auction platform, the auctioneer, the auction monitor or the insider with further requests for information. (10) To ensure that the insider lists can be made available to the competent authority as soon as possible upon request and that they can be always updated without delay, the insider list should be kept in an electronic form. The electronic form should ensure that the information included in the insider list is kept confidential. In order to avoid a disproportionate administrative burden on SME growth market issuers, such issuers should not be required to keep the insider list in an electronic form provided that the completeness, confidentiality and integrity of the information is ensured. (11) To reduce the administrative burden for the submission of the insider lists, the specific electronic means for the transmission should be determined by the competent authorities themselves, on condition that those electronic means allow for the lists to be kept confidential. (12) In the event that third party providers have access to inside information of the issuer, to avoid any duplication of data while ensuring completeness of the information reported to the competent authorities, issuers should only include the details of one natural person acting as a contact person of the external provider. This is without prejudice to the obligation under Article 18(1) for third-party providers to draw up their own insider lists including those persons working for them that have had access to insider information relating to the issuer. (13) For reasons of clarity, transparency and legal certainty, the formats of all insider lists referred to in Regulation (EU) No 596/2014 should be determined under one single legal act. Therefore, this Regulation should contain both the 9 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).

17 format for the insider lists referred to in Article 18(1)(a) of Regulation (EU) No 596/2014 and the insider lists referred to in Article 18(6) of that Regulation. Considering that the two original empowerments to determine the format of the insider lists under Regulation (EU) No 596/2014 no longer exist, Commission Implementing Regulation (EU) 2022/1210 should be repealed. (14) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council and delivered an opinion on x Month 202x. (15) This Regulation is based on the draft implementing technical standards submitted to the Commission by the European Securities and Markets Authority (ESMA). (16) ESMA has conducted open public consultations on the draft implementing technical standards on which this Regulation is based, requested the advice of the Securities Markets Stakeholder Group established by Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council. ESMA did not analyse the potential related costs and benefits as this would have been disproportionate in relation to the nature of the amendments which are expected to have a very limited impact on market participants. HAS ADOPTED THIS REGULATION: Article 1 Insider lists required by Article 18(1) of Regulation (EU) No 596/2014

1. The insider lists required by Article 18(1) of Regulation (EU) No 596/2014 shall contain a section specific to each piece of inside information and shall be drawn up using the format set out in Template 1 in Annex I to this Regulation.

2. By way of derogation to paragraph 1, those persons who, due to the nature of their function or position, have access to all inside information at all times may be listed separately in a permanent insiders section of the insiders list. That section shall be drawn up using the format set out in Template 2 in Annex I to this Regulation. Where a permanent insiders list section is drawn up, the permanent insiders shall not need to be included in the specific section of the insider list referred to in paragraph 1.

3. The insider lists shall be kept in an electronic form that, at all times, ensures that: (a) access to the insider lists is restricted to clearly identified persons that need that access due to the nature of their function or position; (b) the information included is accurate; (c) previous versions of the insider list are accessible.

18 4. The competent authority shall specify on its website the electronic means by which the insider lists are to be transmitted to the competent authority. Those electronic means shall ensure that the completeness, integrity and confidentiality of the information are maintained during the transmission. Article 2 Insider lists referred to in Article 18(6) of Regulation (EU) No 596/2014

1. The insider list referred to in the first subparagraph of Article 18(6) of Regulation (EU) No 596/2014 may include only the persons having regular access to inside information. That list shall mention when those persons gained and ceased to have regular access to inside information and shall be drawn up using the format set out in Annex II.

2. Insider lists required by the Member States pursuant to the second subparagraph of Article 18(6) of Regulation (EU) No 596/2014 shall contain a section specific to each piece of inside information and shall be drawn up using the format set out in Template 1 in Annex I to this Regulation. By way of derogation to the first subparagraph of this paragraph, those persons who, due to the nature of their function or position, have access to all inside information at all times may be listed separately in a permanent insiders section of the insiders list. That section shall be drawn up using the format set out in Template 2 in Annex I to this Regulation. Where a permanent insiders list section is drawn up, the permanent insiders shall not need to be included in the specific section of the insider list referred to in the first subparagraph of this paragraph.

3. The insider lists referred to in paragraphs 1 and 2 shall be kept in any form that ensures that the completeness, integrity and confidentiality of the information included in those lists are maintained at all times during the transmission to the competent authority. Article 3 Repeal of Implementing Regulation (EU) 2022/1210 Implementing Regulation (EU) 2022/1210 is repealed. References to the repealed Regulation shall be construed as references to this Regulation. Article 4 Entry into force This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

19 This Regulation shall be binding in its entirety and directly applicable in all Member States. Done at Brussels, The President

20 ANNEX I TEMPLATE 1 Format for the insider lists referred to in Article 1(1) and Article 2(2), first subparagraph Description of the source of the specific inside information: Date and time of creation of this section (i.e. when the specific inside information was identified): [yyyy-mm-dd, hh:mm UTC (Coordinated Universal Time)] Date and time (last update): [yyyy-mm-dd, hh:mm UTC (Coordinated Universal Time)] Date of transmission to the competent authority: [yyyy-mm-dd] First name(s) of the insider Surname(s) of the insider Professional telephone number(s) (work direct telephone line and work mobile numbers) Function and reason for being insider (including company details in case of third-party service providers) Obtained (the date and time at which the insider obtained access to the inside information) Ceased (the date and time at which the insider ceased to have access to the inside information) National Identification Number (if applicable) or otherwise Date of Birth

21 [Text] [Text] [Numbers (no space)] [Text describing role, function and reason for being on this list] [yyyy-mm-dd, hh:mm UTC] [yyyy-mm-dd, hh:mm UTC] [Number and/or text or yyyy-mm-dd for the date of birth]

22 TEMPLATE 2 Format for the permanent insiders section of insider lists referred to in Article 1(2) and Article 2(2), second subparagraph Date and time of creation of this section: [yyyy mm-dd, hh:mm UTC (Coordinated Universal Time)] Date and time (last update): [yyyy-mm-dd, hh:mm UTC (Coordinated Universal Time)] Date of transmission to the competent authority: [yyyy-mm-dd] First name(s) of the insider Surname(s) of the insider Professional telephone number(s) (work direct telephone line and work mobile numbers) Function and reason for being insider (including company details in case of third-party service providers) Included (the date and time at which the insider was included in the permanent insider section) National Identification Number (if applicable) or otherwise Date of Birth [Text] [Text] [Numbers (no space)] [Text describing role, function and reason for being on this list] [yyyy-mm-dd, hh:mm UTC] [Number and/or textor yyyy-mm-dd for the date of birth]

23 ANNEX II Format for the list of the personal data of persons having regular access to inside information referred to in Article 2(1) Date and time of creation of this insider list: [yyyy-mm-dd, hh:mm UTC (Coordinated Universal Time)] Date and time (last update): [yyyy-mm-dd, hh:mm UTC (Coordinated Universal Time)] Date of transmission to the competent authority: [yyyy-mm-dd] First name(s) of the insider Surname(s) of the insider Professional telephone number(s) (work direct telephone line and work mobile numbers) Function and reason for being insider (including company details in case of third￾party service providers) Obtained (the date and time at which the insider obtained regular access to the inside information) Ceased (the date and time at which the insider ceased to have regular access to the inside information) National Identification Number (if applicable) or otherwise Date of Birth [Text] [Text] [Numbers (no space)] [Text describing role, function and reason for being on this list] [yyyy-mm-dd, hh:mm UTC] [yyyy-mm-dd, hh:mm UTC] [Number and/or text oryyyy-mm-dd for the date of birth]