(fra kommisjonsforordningen)

(1) In accordance with Article 83(1) of Regulation (EU) 2023/1114, a proposed acquirer of a qualifying holding in a crypto-asset service provider is to submit to the competent authority the detailed information that is necessary for the prudential assessment of the proposed acquisition, at the time of the notification of the proposed acquisition or increase of the qualifying holding. 

(2) The information contained in the notification submitted by the proposed acquirer should be true, accurate, complete and up-to-date from the moment of submission of the notification until the completion of the assessment by the competent authority. For that purpose, the proposed acquirer should inform the competent authority of any changes to the information provided in the notification. 

(3) The notification should contain data about the proposed acquirer, including the members of its management body, the indirect shareholders and the ultimate beneficial owner, and of the members of the management body of the target entity where the proposed acquirer intends to appoint any. That information would include personal data. In line with the principle of data minimisation enshrined in Article 5(1), point (c), of Regulation (EU) 2016/679 of the European Parliament and of the Council, only personal data that is necessary and sufficient to enable the competent authority to thoroughly assess the criteria laid down in Article 84(1), points (a) to (e) of Regulation (EU) 2023/1114 should be provided to the competent authority. When assessing the notification of the proposed acquisition and processing the personal data included therein, competent authorities should comply with Regulation (EU) 2016/679. Furthermore, in line with the principles relating to processing of personal data laid down in Article 5 of Regulation (EU) 2016/679, competent authorities should keep such personal data for no longer than it is necessary to the performance of their supervisory tasks. 

(4) Where the proposed acquirer is a legal person, information on the identity of the ultimate beneficial owners and on the reputation and experience, over the last 10 years, of the persons who effectively direct the business of the proposed acquirer is also necessary to perform the prudential assessment. Therefore, the proposed acquirer should submit that information to competent authorities. 

(5) Where the proposed acquirer is or is intended to be a trust structure, it is necessary for the competent authority of the target entity to obtain information on both the identity of the trustees who will manage the assets of the trust, and on the identity of the settlor and of the beneficial owners of those assets to be able to assess the reputation and experience of those persons. 

(6) Where the proposed acquirer is an alternative investment fund (AIF), as defined in Article 4(1), point (a), of Directive 2011/61/EU of the European Parliament and of the Council, or an undertaking for collective investment in transferable securities (UCITS), authorised in accordance with Article 5 of Directive 2009/65/EC of the European Parliament and of the Council, its alternative investment fund manager (AIFM) or the AIF in the case of an internally-managed AIF, or its UCITS management company or the UCITS investment company in the case of a selfmanaged UCITS, should provide the competent authority of the target entity with the identity of the individuals in charge of making the investment decisions for the fund and the information necessary for the assessment of their reputation. 

(7) Where the proposed acquirer is a sovereign wealth fund, that proposed acquirer should provide the competent authority with comprehensive information relevant to the assessment of reputation, including information on the identity and reputation of the persons holding high level positions in the ministry, government department or other public body in charge of making the investment decisions for the fund. 

(8) Where the proposed acquirer is a natural person, it is necessary to obtain information both in relation to the proposed acquirer and in relation to any undertaking formally directed or controlled by the proposed acquirer over the last 10 years to provide the competent authority of the target entity with full information relevant to the assessment of reputation. 

(9) Where the proposed acquirer is a legal person, it is necessary to obtain information in relation to any undertaking under the proposed acquirer's control, and any shareholder with a qualifying holding in the proposed acquirer, to provide the competent authority of the target entity with full information relevant to the assessment of reputation. 

(10) The information relevant to the assessment of reputation should include the information on the absence of criminal convictions and criminal proceedings, historical or ongoing, as well as information on civil or administrative cases. Similarly, information should be provided in relation to all open investigations and proceedings, sanctions or other enforcement decisions against the proposed acquirer, and any other relevant information including refusal of registration or dismissal from employment or from a position of trust that is deemed relevant for the assessment of the reputation of the proposed acquirer. 

(11) To ensure that the outcome of investigations run by other authorities are duly considered by the competent authority of the target entity when conducting its own assessment of the proposed acquirer, the proposed acquirer should provide information on whether an assessment as acquirer, or as a person that directs the business of any relevant entity has already been conducted by another competent authority or other authority, and, if so, the outcome of such assessment should be provided by the proposed acquirer. 

(12) To facilitate the retrieval of previous assessments in supervisory databases and facilitate cooperation among competent authorities, the proposed acquirer should submit an entity identifier with the information included in the notification to the competent authority. The identifiers that may be used for this purpose should be those that may be used to identify legal entities in accordance with Article 14 of the Commission Delegated Regulation establishing technical standards adopted pursuant to Article 68(10), first subparagraph, point (b), of Regulation (EU) 2023/1114, as these identifiers have characteristics that make them appropriate for supervisory purposes. 

(13) With regard to the proposed acquisition of indirect qualifying holdings in the target entity, it is necessary to calibrate in a proportionate way the content of the information request. For that purpose, two cases should be differentiated. The first one is the case where the natural or legal person indirectly acquiring or increasing a qualifying holding in the target entity intends to acquire the control of an existing holder of qualifying holding in the target entity or holds control in the proposed direct acquirer of a qualifying holding in the target entity. The second one is the case where the existence of a qualifying holding is determined by multiplying the qualifying holding held in the target entity by the percentages of the qualifying holdings held indirectly along the holding chain. In the second case, having regard to the more limited influence that such an indirect shareholder or member with qualifying holdings may exercise on the target entity, the proposed acquirer should submit a reduced information. 

(14) Proposed acquirers might envisage the appointment of one or more members of the management body of the target entity. To enable the competent authority of the target entity to assess new members of the management body of that target entity, the proposed acquirer should provide the same information that is required from members of management bodies of crypto-asset service providers at the moment of authorisation. 

(15) To assess the financial soundness of that proposed acquirer, financial information concerning that proposed acquirer, including a description of the current business activities of the proposed acquirer, should be provided to the competent authority of the target entity.

(16) It is important for the competent authority of the target entity to assess whether the existence of any potential conflict of interests could affect the financial soundness of the proposed acquirer and the sound and prudent management of the target entity. Therefore, proposed acquirers should provide information on the financial and nonfinancial interests or relationships of the proposed acquirer with any shareholders or directors or members of the management body of the target entity or person entitled to exercise voting rights in the target entity, or with the target entity itself or its group. 

(17) The submission of additional information is necessary where the proposed acquirer is a legal person. That additional information should allow the competent authority of the target entity to complete the assessment of the proposed acquisition, including in cases where the legal and group structures involved may be complex and may necessitate detailed review in relation to reputation, potential action in concert with other parties, and the ability of the competent authority of the target entity to continue effective supervision of the target entity. 

(18) Where the proposed acquirer is an entity established in a third country or is part of a group whose direct or ultimate parent undertaking is established outside the Union, additional information should be provided so that the competent authority of the target entity can assess that the legal regime of the third country does not provide obstacles to the ability of the target entity to comply with the prudential requirements, and is able to ascertain the proposed acquirer’s reputation in that third country. 

(19) To enable an assessment as to whether the proposed acquisition will impact the ability of the competent authority of the target entity to carry out effective supervision of that target entity, the proposed acquirer should submit specific information. For legal persons, the competent authority of the target entity should assess the impact of the proposed acquisition on the consolidated supervision of the target entity and of the group that entity would belong to after the acquisition. 

(20) To enable the assessment of the proposed acquisition, the proposed acquirer should provide information identifying the target entity, details on the proposed acquirer’s intention and strategic investment, and information on the shares owned or intended to be owned by the proposed acquirer. That information should include details of any action undertaken by the proposed acquirer in concert with other parties for the purposes of the proposed acquisition and the information about the price of the proposed acquisition. 

(21) Furthermore, the proposed acquirer should provide information on the financing of the proposed acquisition, including information concerning all means and sources of financing. The proposed acquirer should also be able to present evidence about the origin and legitimacy of the source of all such funds and assets, including any cryptoasset or other digital asset, in order for the competent authority of the target entity to assess their certainty, sufficiency and legitimate origin, including whether there is a risk of money laundering or terrorist financing. 

(22) To ensure a comprehensive assessment of the proposed acquisition, proposed acquirers intending to acquire a qualifying holding of more than 20% and up to 50% in the target entity should provide information on their strategy to the competent authority of the target entity. Similarly, proposed acquirers intending to acquire a qualifying holding of up to 20 % in the target entity but exercising an equivalent significant influence over that entity through other means, including the relationships between the proposed acquirer and the existing shareholders, the existence of shareholders' agreements, the distribution of shares, participating interests and voting rights across shareholders or the proposed acquirer's position within the group structure of the target entity, should also provide that information to ensure a high degree of homogeneity in assessing proposed acquisitions. 

(23) Where there is a proposed change in control of the target entity, the proposed acquirer should, as a general rule, submit a full business plan. However, where there is no proposed change in the control of the target entity, certain information on the entity's future strategy and the proposed acquirer's intentions for the target entity should be sufficient to assess whether the proposed acquisition will affect the financial soundness of the proposed acquirer. 

(24) Having regard to the principle of proportionality, in certain cases, the proposed acquirer should submit reduced information. In particular, where the proposed acquirer has been assessed for acquisition or increase in qualifying holdings by the same competent authority as that of the target entity within the previous 2 years, that proposed acquirer should be required to submit only the information that has changed since the previous assessment. Similarly, where the proposed acquirer is an authorised undertaking and subject to the prudential supervision of the same competent authority as that of the target entity, that proposed acquirer should be exempted from submitting certain information that is already in the possession of such competent authority. In both cases, the proposed acquirer should only submit information specific to the proposed acquisition together with a signed declaration certifying that the rest of the information that has not been submitted because already in possession of the competent authority is true, accurate and up-to-date. 

(25) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council and delivered an opinion on 21 June 2024. 

(26) This Regulation is based on the draft regulatory technical standards, developed in close cooperation with the European Banking Authority, submitted to the Commission by the European Securities and Markets Authority. 

(27) The European Securities and Markets Authority has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the advice of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council,