Preamble Recitals

To enable competent authorities to perform effective and efficient collation, comparison and analysis of the order data, crypto-asset service providers operating platforms for crypto-assets should keep records of relevant data relating to all orders (order book records) in accordance with this Regulation. They should record the data in an electronic and machine-readable JSON format developed in accordance with the ISO 20022 methodology. An order book should be considered an organised list of buy and sell orders for a specific crypto-asset.

To properly monitor the integrity and stability of the markets in crypto-assets, competent authorities need reliable, consistent and standardised information on the crypto-assets that are traded. Such information should allow them to identify the individual crypto-asset being traded according to internationally established principles. In addition, they should be able to retrieve the main characteristics of the crypto-assets, including their technology-specific features. Crypto-asset service providers should therefore use an appropriate asset identifier to identify crypto-assets in the order and transactions records that they provide to competent authorities. In light of that objective, the use of the Digital Token Identifier (DTI) managed by the Digital Token Identifier Foundation, or alternative eligible identifiers is provided for in Commission Delegated Regulation establishing technical standards adopted pursuant to Article 68(10), first subparagraph, point (b) to identify crypto assets that are the subject of an order or transaction to be recorded by the crypto-asset service provider. In light of those considerations and to ensure a consistent supervisory approach, it is appropriate to provide for the use of asset identifiers in this Regulation under the same conditions as in Commission Delegated Regulation establishing technical standards adopted pursuant to Article 68(10), first subparagraph, point (b).

It is possible that market abuse behaviours, including market manipulation, are carried out through various means, including algorithmic trading. Therefore, to ensure effective market surveillance, where investment decisions are made by a person other than the client or by a computer algorithm, that person or algorithm should be identified in the order and transaction records using unique, robust and consistent identifiers. Where more than one person make an investment decision, the crypto-asset service provider should identify in its records the person with primary responsibility for the decision.

To ensure unique, consistent and robust identification of natural persons referred to in order records, those should be identified by a concatenation of the country of their nationality followed by identifiers assigned by the country of nationality of those persons. Where those identifiers are not available, natural persons should be identified by identifiers created from a concatenation of their date of birth and name. The identification of natural persons should be conducted following the level of prioritisation of different identifiers detailed in Annex II of Commission Delegated Regulation (EU) 2017/590(²)Commission Delegated Regulation (EU) 2017/590 of 28 July 2016 supplementing Regulation (EU) No 600/2014 of the European Parliament and of the Council with regard to regulatory technical standards for the reporting of transactions to competent authorities (OJ L 87, 31.3.2017, p. 449, ELI: http://data.europa.eu/eli/reg_del/2017/590/oj)..

It is possible that natural persons that need to be identified for record keeping are residents of a country other than the one of their nationality. Several obligations under Regulation (EU) 2023/1114 are linked to the country of residence of natural persons and collecting that information under this Regulation is therefore important to ensure effective supervision of transactions and orders by competent authorities.

It is necessary that certain personal data are recorded by crypto-asset service providers to identify their clients or other natural persons relevant for orders in crypto-assets, as these data are fundamental to ensure efficient supervision by competent authorities, including in the area of market abuse. In compliance with the principle of data minimisation set out in Regulation (EU) 2016/679 of the European Parliament and of the Council(³)Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1, ELI: http://data.europa.eu/eli/reg/2016/679/oj)., crypto-asset service providers should keep only information that is necessary and sufficient to enable the competent authority to carry out a comprehensive assessment of the crypto-asset service provider’s compliance with the requirements of Regulation (EU) 2023/1114 and to monitor the trading activity relating to crypto-assets orders. When processing personal data included in the records, crypto-asset service providers and competent authorities should comply with the relevant provisions of Regulation (EU) 2016/679.

To facilitate market surveillance and allow comparability of the records, clients that are legal entities should be identified with an identifier that is compatible with the internationally established criteria for the development of robust identification systems for the monitoring of financial markets. With a view to ensuring a consistent supervisory approach, the entity identifiers provided for in Commission Delegated Regulation establishing technical standards adopted pursuant to Article 68(10), first subparagraph, point (b), it is appropriate to provide for the use of entity identifiers in this Regulation under the same conditions as in that Regulation.

Making a choice as to which crypto-asset trading platform to execute orders on or which crypto-asset service provider to transmit orders to, or determining any other conditions related to the execution of the order can be directly relevant for establishing market abuse behaviour. Therefore, to ensure effective market surveillance, a person or computer algorithm within the crypto-asset service provider that is performing such activities should be identified in the order records. Where both a person and computer algorithm are involved, or more than one person or algorithm are involved, the crypto-asset service provider should determine, on a consistent basis following predetermined criteria, which person or algorithm is primarily responsible for those activities.

In compliance with the principle of data minimisation, the crypto-asset service provider should keep only information that is necessary and sufficient to enable the competent authority to carry out a comprehensive assessment of the crypto-asset service provider’s compliance with the relevant requirements of Regulation (EU) 2023/1114 and with that Regulation’s provisions on market abuse. When processing personal data included in the records, crypto-asset service providers and competent authorities should comply with the relevant provisions of Regulation (EU) 2016/679.

The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council(⁴)Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj). and delivered an opinion on 28 August 2024.

This Regulation is based on the draft regulatory technical standards submitted to the Commission by the European Securities and Markets Authority (‘ESMA’).

ESMA has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the advice of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council(⁵)Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84, ELI: http://data.europa.eu/eli/reg/2010/1095/oj).,