Preamble Recitals

Article 107(1) of Regulation (EU) 2023/1114 requires the competent authoritiesmeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens; of Member States to conclude, where necessary, cooperation arrangements with supervisory authorities of third countries concerning the exchange of information and the enforcement of obligations arising under that Regulation in third countries.

In concluding new cooperation arrangements and updating existing cooperation arrangements with third-country authorities, the competent authoritiesmeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens; should, where possible, use the template document set out in this Regulation.

Any transfer of personal datameans personal data as defined in Article 4, point (1), of Regulation (EU) 2016/679; to supervisory authorities of third countries should be undertaken in full compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council(²)Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ L 119, 4.5.2016, p. 1, ELI: http://data.europa.eu/eli/reg/2016/679/oj).. Appropriate safeguards for the exchange of personal datameans personal data as defined in Article 4, point (1), of Regulation (EU) 2016/679; between competent authoritiesmeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens; of Member States and supervisory authorities of third countries may be provided for, among other things, by administrative arrangements referred to in Article 46(3), point (b), of Regulation (EU) 2016/679, which include enforceable and effective data subject rights.

This Regulation is based on the draft regulatory technical standards developed by the European Securities and Markets Authority (ESMA), in close cooperation with the European Banking Authority and submitted to the Commission.

ESMA has not conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, nor has it analysed the potential related costs and benefits of introducing such standards, as to have done so would have been disproportionate in relation to the scope and impact of those standards, taking into account the fact that the addressees of the standards would only be the competent authoritiesmeans one or more authorities:designated by each Member State in accordance with Article 93 concerning offerors, persons seeking admission to trading of crypto-assets other than asset-referenced tokens and e-money tokens, issuers of asset-referenced tokens, or crypto-asset service providers;designated by each Member State for the application of Directive 2009/110/EC concerning issuers of e-money tokens; of the Member States and not market participants.

ESMA has requested the advice of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council(³)Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84, ELI: http://data.europa.eu/eli/reg/2010/1095/oj)..

The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council(⁴)Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj). and delivered an opinion on 27 May 2024,