EU Cybersecurity Law developments: June 2024

Our Copyright Policy

The contents of this website www.paulfoleylaw.ie are copyright © Paul Foley Solicitor, Paul Foley Law, 22 Northumberland Road, Ballsbridge, D04ED73 – All rights reserved.

If you print off, copy, download, share or repost any part of our website in breach of these terms of use, your right to use our website will cease immediately and you must, at our option, return or destroy any copies of the materials you have made.

No text or data mining, or web scraping

You shall not conduct, facilitate, authorise or permit any text or data mining or web scraping in relation to our website or any services provided via, or in relation to, our website. This includes using (or permitting, authorising or attempting the use of):

- Any "robot", "bot", "spider", "scraper" or other automated device, program, tool, algorithm, code, process or methodology to access, obtain, copy, monitor or republish any portion of the site or any data, content, information or services accessed via the same.

- Any automated analytical technique aimed at analysing text and data in digital form to generate information which includes but is not limited to patterns, trends and correlations.

The provisions in this clause should be treated as an express reservation of our rights in this regard, including for the purposes of Article 4(3) of Digital Copyright Directive ((EU) 2019/790).

This clause shall not apply insofar as (but only to the extent that) we are unable to exclude or limit text or data mining or web scraping activity by contract under the laws which are applicable to us.

What legal services are provided by Paul Foley Law in relation to procuring, providing or deploying AI systems?

We provide legal advice and documentation in respect of AI systems as follows:

PROCUREMENT

Data: documents and data that access will be granted to: foundation model public or proprietary: sources and ownership of data: requirement for data to be cleaned, accurate and converted: is any of the data confidential or does it contain personal data: does the AI system provide for supervised or unsupervised learning; is the algorithm adaptive or reactive: training required and is training supplied in the fees.

Results: how is the output of the AI presented: will reports be generated by the AI: How will any new “know-how” be dealt with: does the AI system need to be customised: which party is responsible for governance and verifying outputs: who is responsible for regulatory compliance.

Governance: document, data and logs retention: audit rights and to whom granted: provision of support for the AI system ( bias, safety, security vulnerabilities, correction of errors): subcontracting by supplier: whether permitted and conditions under which allowed.

Intellectual Property: due diligence on supplier particularly in the context of the Copyright Directive (Directive (EU) 2019/790): warranties required from the supplier.

Buying and Licensing in: drafting and providing required licence and terms of purchase.

REGULATION

Legal advice on legal rights as against BigTech; AI system classification under the EU AI Act (Art 5 (prohibited AI systems and uses)); Art 6 and Annexes II and III (high risk AI systems); Art 28b (foundation models regulation); Arts 40 to 50 (Conformity and CE); Art 52 (AI systems which interact with natural persons: transparency) ; Art 51(registration in EU database); Art 67 (compliant AI systems which pose a risk); Art 69 (general purpose AI systems); provider and deployer obligations; contracting with distributors and others.

SECTOR-SPECIFIC REGULATION

Sector-specific regulation that can apply, for instance when using AI in financial institutions, or in medical devices or in medical services: advising on such regulation.

USING AND DEPLOYING AI SYSTEMS

Providing advice on compliance with relevant legal requirements, contract law norms and contract lifecycle issues.

Data Protection, Security and Data Protection: advising on data protection, and security legal requirements related to the AI system and components of it.

Negligence, Insurance and Product Liability: providing legal advice and drafting related to Insurance, statutory liability including on discrimination; liability under the EU proposed draft Directive on product liability; in the context of AI systems and also under the general law of tort.

- - - - - - - - - - - - - -
CONTACT US:

Use the CONTACT PAGE >
or
Email: paul@paulfoleylaw.ie

Art 14 (extracts only).

High-risk AI systems shall be designed and developed in such a way, including with appropriate human-machine interface tools, that they be effectively overseen by natural persons as proportionate to the risks associated with those systems.

Natural persons in charge of ensuring human oversight shall have sufficient level of AI literacy in accordance with Article 4b and the necessary support and authority to exercise that function, during the period in which the AI system is in use and to allow for thorough investigation after an incident (Art 14(1)).

Human oversight shall aim at preventing or minimising the risks to health, safety, fundamental rights or environment that may emerge when a high-risk AI system is used in accordance with its intended purpose or under conditions of reasonably foreseeable misuse (Art 14(2) extract)

Human oversight shall take into account the specific risks, the level of automation, and context of the AI system and shall be ensured through either one or all of the following types of measures: (a) identified and built, when technically feasible, into the high-risk AI system by the provider before it is placed on the market or put into service; (b) identified by the provider before placing the high-risk AI system on the market or putting it into service and that are appropriate to be implemented by the user (Art 14(3)).

For the purpose of implementing Art (14(1) to Art 14(3), the high-risk AI system shall be provided to the user in such a way that natural persons to whom human oversight is assigned are enabled, as appropriate and proportionate to the circumstances:

1. be aware of and sufficiently understand the relevant capacities and limitations of the high-risk AI system and be able to duly monitor its operation;
2. remain aware of the possible tendency of automatically relying or over-relying on the output produced by a high-risk AI system (‘automation bias’), in particular used to provide information or recommendations for decisions to be taken by natural persons;
3. be able to correctly interpret the high-risk AI system’s output, taking into account in particular the characteristics of the system and the interpretation tools and methods available;
4. be able to decide, in any particular situation, not to use the high-risk AI system or otherwise disregard, override or reverse the output of the high-risk AI system;
5. be able to intervene on the operation of the high-risk AI system or interrupt, the system through a “stop” button or a similar procedure that allows the system to come to a halt in a safe state, except if the human interference increases the risks or would negatively impact the performance in consideration of generally acknowledged state-of-the-art (Art 14(4)).

For high-risk AI systems referred to in point 1(a) of Annex III, the measures referred to in Art 14(3) shall be such as to ensure that, in addition, no action or decision is taken by the user on the basis of the identification resulting from the system unless this has been verified and confirmed by at least two natural persons with the necessary competence, training and authority (Art 14(5)).

The six Principles in Article 5(1) GDPR governing personal data processing are that personal data must be: (the following is a paraphrased summary only):

1. processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);

 


2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’);

 


3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

 


4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

 


5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);

 


6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’) (Article 5(1) GDPR)

Article 19a of Directive 2013/34 (contents of the management report)

Article 19 of Directive 2013/34 (contents of the management report)

Regulation (EU) 2016/1011 on indices used as benchmarks in financial instruments and financial contracts or to measure the performance of investment funds and amending Directives 2008/48/EC and 2014/17/EU and Regulation (EU) No 596/2014.

sustainable investment means an investment in an economic activity that contributes to an environmental objective, as measured, for example, by key resource efficiency indicators on the use of energy, renewable energy, raw materials, water and land, on the production of waste, and greenhouse gas emissions, or on its impact on biodiversity and the circular economy, or an investment in an economic activity that contributes to a social objective, in particular an investment that contributes to tackling inequality or that fosters social cohesion, social integration and labour relations, or an investment in human capital or economically or socially disadvantaged communities, provided that such investments do not significantly harm any of those objectives and that the investee companies follow good governance practices, in particular with respect to sound management structures, employee relations, remuneration of staff and tax compliance (Article 2(17)SFDR).

‘sustainability factors’ mean environmental, social and employee matters, respect for human rights, anti‐corruption and anti‐bribery matters.

See Article 4(2) for details on what must be included in the Article 4(1)(a) information. Not reproduced here.

‘financial product’ means:

• (a) a portfolio managed in accordance with point (6) of this Article;
• (b) an alternative investment fund (AIF);
• (c) an IBIP;
• (d) a pension product;
• (e) a pension scheme;
• (f) a UCITS; or
• (g) a PEPP (Article 2(12) of the SFDR).

sustainability risk means an environmental, social or governance event or condition that, if it occurs, could cause an actual or a potential material negative impact on the value of the investment (Article 2(22) of the SFDR).

A financial adviser means

• (a) an insurance intermediary which provides insurance advice with regard to IBIPs;
• (b) an insurance undertaking which provides insurance advice with regard to IBIPs;
• (c) a credit institution which provides investment advice;
• (d) an investment firm which provides investment advice;
• (e) an AIFM which provides investment advice in accordance with point (b)(i) of Article 6(4) of Directive 2011/61/EU; or
• (f) a UCITS management company which provides investment advice in accordance with point (b)(i) of Article 6(3) of Directive 2009/65/EC (Article 2(11) SFDR)).

financial market participant means:

• (a) an insurance undertaking which makes available an insurance‐based investment product (IBIP);
• (b) an investment firm which provides portfolio management;
• (c) an institution for occupational retirement provision (IORP);
• (d) a manufacturer of a pension product;
• (e) an alternative investment fund manager (AIFM);
• (f) a pan‐European personal pension product (PEPP) provider;
• (g) a manager of a qualifying venture capital fund registered in accordance with Article 14 of Regulation (EU) No 345/2013;
• (h) a manager of a qualifying social entrepreneurship fund registered in accordance with Article 15 of Regulation (EU) No 346/2013;
• (i) a management company of an undertaking for collective investment in transferable securities (UCITS management company); or
• (j) a credit institution which provides portfolio management (Article 2(1) SFDR)).

SFDR Regulation means: Regulation (EU) 2019/2088 on sustainability‐related disclosures in the financial services sector as supplemented by Commission Delegated Regulation (EU) 2022/1288 with regard to regulatory technical standards.

A POSE would include Google Search, Seznam.cz, Yahoo!, DuckDuckGo, Bing etc. irrespective of whether they have a contractual relationship with the corporate website user.

A POIS would include Amazon Marketplace, eBay, Fnac Marketplace), App Stores (e.g. Google Play, Apple Apps Store, Microsoft Store etc.), and Social Media for business (e.g. Facebook pages, Instagram used by makers/artists etc).

Art 12(3)”….. prospective crowdfunding service providers must provide proof of the following:

(a) absence of a criminal record in respect of infringements of national rules in the fields of commercial law, insolvency law, financial services law, anti-money laundering law, fraud law or professional liability obligations for all the natural persons involved in the management of the prospective crowdfunding service provider and for shareholders who hold 20% or more of the share capital or voting rights;

(b) proof that the natural persons involved in the management of the prospective crowdfunding service provider collectively possess sufficient knowledge, skills and experience to manage the prospective crowdfunding service provider and that those natural persons are required to commit sufficient time to the performance of their duties.”

Commission Delegated Regulation (C(2022) 4835 final) of 12th of July 2022 under Article 48(3) of the Regulation. It is important to note that there are still a number of procedural steps to be taken before the extended transitional period enters into force.

When issuing a standardisation request to European standardisation organisations in accordance with Article 10 of Regulation (EU) 1025/2012, the Commission must specify that standards are coherent, easy to implement and drafted in such a way that they aim to fulfil in particular the following objectives:

The Commission must issue standardisation requests covering all essential requirements of the Regulation in accordance with Article 10 of Regulation (EU) No 1025/2012 no later than 6 months after the date of entry into force of the Regulation.

Directive (EU) 2016/680 on the protection of natural persons regarding processing of personal data connected with criminal offences or the execution of criminal penalties, and on the free movement of such data.

Art (13(1) High-risk AI systems shall be designed and developed in such a way to ensure that their operation is sufficiently transparent to enable users to interpret the system’s output and use it appropriately. An appropriate type and degree of transparency shall be ensured, with a view to achieving compliance with the relevant obligations of the user and of the provider set out in Chapter 3 of this Title.

Art 51: Before placing on the market or putting into service a high-risk AI system referred to in Article 6(2), the provider or, where applicable, the authorised representative must register that system in the EU database referred to in Article 60.

For certain high-risk AI systems, no action or decision must be taken by the user on the basis of the identification resulting from the system unless this has been verified and confirmed by at least two natural persons. (Article (14(5))

Annex III high-risk AI systems pursuant to Article 6(2) are the AI systems listed in any of the following areas:

1. Biometric identification and categorisation of natural persons:
(a) AI systems intended to be used for the ‘real-time’ and ‘post’ remote biometric identification of natural persons;

2. Management and operation of critical infrastructure:
(a) AI systems intended to be used as safety components in the management and operation of road traffic and the supply of water, gas, heating and electricity.

3. Education and vocational training

4. Employment, workers management and access to self-employment

5. Access to and enjoyment of essential private services and public services and benefits

7. Migration, asylum and border control management

8. Administration of justice and democratic processes.

Union Legislation (not reproduced here) on Large Scale IT Systems in the area of freedom, security and justice.

1. Schengen Information System
2. Visa Information System
3. Eurodac
4. Entry/Exit System
5. European Travel Information and Authorisation System
6. European Criminal Records Information System on third-country nationals and stateless persons
7. Interoperability

Fines of up the higher of 30,000,000 EUR or, if the offender is company, up to 6% of its total worldwide annual turnover for (a) non-compliance with the prohibition of the artificial intelligence practices referred to in Art 5 and; (b) non-compliance of the AI system with the requirements laid down in Art 10 (Data and data governance) (Art 71(3)).

The non-compliance of the AI system with any requirements or obligations under the AI Act, other than in Arts 5 and 10, will be subject to fines of up to 20,000,000 EUR or, if the offender is a company, up to 4% of its total worldwide annual turnover for the preceding financial year, whichever is higher (Art 71(4)).

Finally the supply of incorrect, incomplete or misleading information to notified bodies and national competent authorities in reply to a request, will be subject to administrative fines of up to 10,000,000 EUR or, if the offender is a company, up to 2% of its total worldwide annual turnover for the preceding financial year, whichever is higher (Art 71(5)).

Latest Commission definition of an ‘artificial intelligence system’ (AI system) is software that is developed with one or more of the techniques and approaches listed in Annex I and can, for a given set of human-defined objectives, generate outputs such as content, predictions, recommendations, or decisions influencing the environments they interact with.

Article 20(1) of the EU Crowdfunding Regulation

Article 25(5) of the EU Crowdfunding Regulation

Article 25(4) of the EU Crowdfunding Regulation

Where prospective non-sophisticated investors do not provide the information required pursuant to paragraph 2, or where crowdfunding service providers consider, on the basis of the information received under that paragraph, that the prospective non-sophisticated investors have insufficient knowledge, skills or experience, crowdfunding service providers shall inform those prospective non-sophisticated investors that the services offered on their crowdfunding platforms may be inappropriate for them and issue them a risk warning.

That risk warning shall clearly state the risk of losing the entirety of the money invested. Prospective non-sophisticated investors shall expressly acknowledge that they have received and understood the warning issued by the crowdfunding service provider.

Article 19(2)

Crowdfunding service providers shall inform their clients that their crowdfunding services are not covered by the deposit guarantee scheme established in accordance with Directive 2014/49/EU and that transferable securities or admitted instruments for crowdfunding purposes acquired through their crowdfunding platform are not covered by the investor compensation scheme established in accordance with Directive 97/9/EC.

Article 23(6)

The key investment information sheet referred to in Article 23(2) must contain all of the information in Article 23(6).

Article 22(2)

The crowdfunding service provider must provide for a pre-contractual reflection period, during which the prospective non-sophisticated investor may, at any time, revoke his or her offer to invest or expression of interest in the crowdfunding offer without giving a reason and without incurring a penalty.

The reflection period referred to in paragraph 2 shall start at the moment of the offer to invest or the expression of interest by the prospective non-sophisticated investor, and shall expire after four calendar days. (Article 22(3).

Article 21(7)

Each time before a prospective non-sophisticated investor or non-sophisticated investor accepts an individual crowdfunding offer thereby investing an amount that exceeds the higher of either €1,000 or 5% of that investor’s net worth as calculated in accordance with paragraph 5, the crowdfunding service provider must ensure that such investor:

1. receives a risk warning;
2. provides explicit consent to the crowdfunding service provider; and
3. proves to the crowdfunding service provider that the investor understands the investment and its risks.

For the purposes of point (c) of the first subparagraph of this paragraph, the assessment referred to in Article 21(1) may be used as proof that the prospective non-sophisticated investor or non-sophisticated investor understands the investment and its risks.

Article 10(5)

Where a crowdfunding service provider does not provide payment services in relation to the crowdfunding services, either itself or through a third party, such a crowdfunding service provider shall put in place and maintain arrangements to ensure that project owners accept funding of crowdfunding projects, or any other payment, only by means of a payment service provider in accordance with Directive (EU) 2015/2366 (PSD2).

Article 8(2)

Crowdfunding service providers must not accept as project owners in relation to the crowdfunding services offered on their crowdfunding platform any of the following:

(a) their shareholders holding 20 %, or more, of share capital or voting rights;

(b) their managers or employees;

(c) any natural or legal person linked to those shareholders, managers or employees by control as defined in point (35)(b) of Article 4(1) of Directive 2014/65/EU (MiFID II).

Crowdfunding service providers that accept as investors in the crowdfunding projects offered on their crowdfunding platform any of the persons referred to in points (a), (b) and (c) of the first subparagraph shall fully disclose on their website the fact that they accept such persons as investors, including information on the specific crowdfunding projects invested in, and shall ensure that such investments are made under the same conditions as those of other investors and that those persons do not enjoy any preferential treatment or privileged access to information.

Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No 648/2012.

ANNEX I (MIFID II) LISTS OF SERVICES AND ACTIVITIES AND FINANCIAL INSTRUMENTS SECTION

A Investment services and activities

(1) Reception and transmission of orders in relation to one or more financial instruments;

(7) Placing of financial instruments without a firm commitment basis.

Facilitation of granting of loans includes services such as presenting crowdfunding offers to clients and pricing or assessing the credit risk of crowdfunding projects or project owners.

Lending-based crowdfunding platforms just facilitate the conclusion by investors and project owner of loan agreements without the crowdfunding service provider at any moment acting as a creditor of the project owner.

The intention is to accommodate different business models enabling a loan agreement between one or more investors and one or more project owners to be concluded through a crowdfunding platform.

The ESMA final Report on the draft Regulatory Technical Standards (RTS) was published on the 10 November 2021 (reference ESMA35-42-1183). This Report now been submitted to the European Commission, which will start the endorsement process.   

Article 25(3): Products subject to Union law that are to be placed under the customs procedure ‘release for free circulation’ shall be subject to controls performed by the authorities designated under Article 25(1). They shall perform those controls on the basis of risk analysis in accordance with Articles 46 and 47 of Regulation (EU) No 952/2013 and, where relevant, on the basis of risk-based approach as referred to in the second subparagraph of Article 11(3) of the MSR.

Article 20(2) of the MSR

Article 20 (1) of the MSR

Article 18 (1) and 18 (2) of the MSR

Article 18 (1) of the MSR

Article 17 of the MSR

Article 19(1) of the MSR

Article 29 of the MSR establishes the Network.

Article 10(5)

Article 10(4) of the MSR

Article 10(3) of the MSR

Article 10(2) of the MSR

Article 10 (1) of the MSR

Article 6 of the MSR

Article 5(3) of the MSR

Article 5(2) of the MSR

Article 4(3) of the MSR is reproduced above “The requirement to have an economic operator established in the EU (Article 4)”.

Article 4(3) of the MSR

Article 4(5). This Article only applies in relation to products that are subject to Regulations (EU) No 305/2011 , (EU) 2016/425 and (EU) 2016/426, and Directives 2000/14/EC , 2006/42/EC, 2009/48/EC, 2009/125/EC, 2011/65/EU, 2013/29/EU, 2013/53/EU, 2014/29/EU, 2014/30/EU, 2014/31/EU, 2014/32/EU, 2014/34/EU, 2014/35/EU, 2014/53/EU and 2014/68/EU of the European Parliament and of the Council.

Article 4(2)(d) of the Market Surveillance Regulation

Article 4(2)(c) of the Market Surveillance Regulation

Article 4(3) of the MSR is reproduced under the paragraph titled “The requirement to have an economic operator established in the EU (Article 4)”.

Article 4(2)(b) of the Market Surveillance Regulation

Article 4(2)(a) of the Market Surveillance Regulation

Regulation (EC) No 765/2008 of the European Parliament and of the Council of 9 July 2008 setting out the requirements for accreditation and market surveillance relating to the marketing of products and repealing Regulation (EEC) No 339/93.

Directive 2004/42/CE on the limitation of emissions of volatile organic compounds due to the use of organic solvents in certain paints and varnishes and vehicle refinishing products and amending Directive 1999/13/EC (Article 38 of the Market Surveillance Regulation) Article 6 (monitoring) and Article 7 (reporting).

Requirements for accreditation and market surveillance (to ensure compliance) relating to the marketing of products in the EU are currently found in Regulation (EC) 765/2008, Decision 768/2008/EC and Directive 2019/95 (the General Product Safety Directive (which contains surveillance provisions for non-harmonised consumer products))

Article 44 MSR. However that Article also provides that Articles 29, 30, 31, 32, 33 and 36 shall apply from 1 January 2021.

Controls on products entering the Union market (Article 25), Suspension of release for free circulation (Article 26), Release for free circulation (Article 27), Refusal to release for free circulation (Article 28)

Article 4(4) of the MSR

Article 4(3) of the MSR is reproduced under “The requirement to have an economic operator established in the EU (Article 4)”.

economic operator is defined in Article 3 (13) of the MSR as “the manufacturer, the authorised representative, the importer, the distributor, the fulfilment service provider or any other natural or legal person who is subject to obligations in relation to the manufacture of products, making them available on the market or putting them into service in accordance with the relevant Union harmonisation legislation” and in more detail in Article 4(2).

Article 4(5). This Article only applies in relation to products that are subject to Regulations (EU) No 305/2011 , (EU) 2016/425 and (EU) 2016/426, and Directives 2000/14/EC , 2006/42/EC, 2009/48/EC, 2009/125/EC, 2011/65/EU, 2013/29/EU, 2013/53/EU, 2014/29/EU, 2014/30/EU, 2014/31/EU, 2014/32/EU, 2014/34/EU, 2014/35/EU, 2014/53/EU and 2014/68/EU of the European Parliament and of the Council.

The provisions on market surveillance of the Market Surveillance Regulation, cover products that are subject to the Union harmonisation legislation listed in Annex I concerning manufactured products other than food, feed, medicinal products for human and veterinary use, living plants and animals, products of human origin and products of plants and animals relating directly to their future reproduction.

This will ensure a uniform framework for market surveillance of those products at Union level and will help to increase the confidence of consumers and other end users in products placed on the Union market. If new Union harmonisation legislation is adopted in the future, it will be for that legislation to specify whether this MSR is also to apply to that legislation (Recital (6) of the MSR). But note Article 4(5) applies a narrower set of Regulations and Directives to economic operators.

New Article 73(2) of MiFID II

Article 2(3) ancillary services

Regulation (EU) No 600/2014 of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Regulation (EU) No 648/2012.

New Article 73(2) of MiFID II inserted by the Covid MiFID Recovery Directive

New Article 58(2) of MiFID II

New Article 58(1) of MiFID II

Annex C of MiFID II Point (10) “Options, futures, swaps, forward rate agreements and any other derivative contracts relating to climatic variables, freight rates or inflation rates or other official economic statistics that must be settled in cash or may be settled in cash at the option of one of the parties other than by reason of default or other termination event, as well as any other derivative contracts relating to assets, rights, obligations, indices and measures not otherwise mentioned in this Section, which have the characteristics of other derivative financial instruments, having regard to whether, inter alia, they are traded on a regulated market, OTF, or an MTF” (new Article 58(1) of MIFID II).

“(44) ‘transferable securities’ means those classes of securities which are negotiable on the capital market, with the exception of instruments of payment, such as: (c) any other securities giving the right to acquire or sell any such transferable securities or giving rise to a cash settlement determined by reference to transferable securities, currencies, interest rates or yields, commodities or other indices or measures.”

New Article 57(6) of MiFID II inserted by the Covid MiFID Recovery Directive

New Article 57(4) of MiFID II inserted by the Covid MiFID Recovery Directive

Article 57(2) MiFID II

New Article 57(8) of MiFID II (part thereof)

New Article 57(7) in MiFID II

New Article 47(6) (part of) inserted by the Covid MiFID Recovery Directive

New Article 57(3) of MiFID II inserted by the Covid MiFID Recovery Directive.

Annex C.10 of Annex I of MiFID II “Options, futures, swaps, forward rate agreements and any other derivative contracts relating to climatic variables, freight rates or inflation rates or other official economic statistics that must be settled in cash or may be settled in cash at the option of one of the parties other than by reason of default or other termination event, as well as any other derivative contracts relating to assets, rights, obligations, indices and measures not otherwise mentioned in this Section, which have the characteristics of other derivative financial instruments, having regard to whether, inter alia, they are traded on a regulated market, OTF, or an MTF” (new Article 58(1) of MIFID II).

New Article 57(1) to MiFID II inserted by the Covid MiFID Recovery Directive (extract).

New Article 57(1) to MiFID II inserted by the Covid MiFID Recovery Directive

commodity derivatives shall be considered to be critical or significant where the sum of all net positions of end position holders constitutes the size of their open interest and is at a minimum of 300 000 lots on average over a one-year period.

“agricultural commodity derivatives” means derivative contracts relating to products listed in Article 1 of, and Annex I, Parts I to XX and XXIV/1, to, Regulation (EU) No 1308/2013 of the European Parliament and of the Council as well as to products listed in Annex I to Regulation (EU) No 1379/2013 of the European Parliament and of the Council.”

(new par (59) inserted in Article 4 of MiFID II)

recital 17 of the Covid MiFID Recovery Directive paraphrased

recital 17 of the Covid MiFID Recovery Directive paraphrased

recital 15 of the Covid MiFID Recovery Directive paraphrased

recital 14 of the Covid MiFID Recovery Directive paraphrased

recital 13 of the Covid MiFID Recovery Directive paraphrased

“predominantly commercial group” means any group of which the main business is not the provision of investment services within the meaning of this Directive, or the performance of any activity listed in Annex I to Directive 2013/36/EU, or acting as a market maker in relation to commodity derivatives.”

(Article 4(1) (65) added into MiFID II by the Covid MiFID Recovery Directive).

recital 12 of the Covid MiFID Recovery Directive paraphrased

recital 12 of the Covid MiFID Recovery Directive paraphrased

recital 12 of the Covid MiFID Recovery Directive

Excluded Elements. The elements referred to in the second subparagraph of this paragraph shall exclude:

(a) intragroup transactions as referred to in Article 3 of Regulation (EU) No 648/2012 that serve group-wide liquidity or risk management purposes;

(b) transactions in commodity derivatives or emission allowances or derivatives thereof that are objectively measurable as reducing risks directly relating to the commercial activity or treasury financing activity;

(c) transactions in commodity derivatives or emission allowances or derivatives thereof entered into to fulfil obligations to provide liquidity on a trading venue, where such obligations are required by regulatory authorities in accordance with Union law or with national laws, regulations and administrative provisions, or by trading venues”. (New Article 2(4) of MiFID II (part of))

New Article 2(4) of MiFID II inserted by the Covid MiFID Recovery Directive “By 31 July 2021, the Commission shall adopt a delegated act to supplement this Directive by specifying, for the purpose of point (j) of paragraph 1 of this Article, the criteria for establishing when an activity is to be considered to be ancillary to the main business at group level.

“Those criteria shall take into account the following elements:
(a) whether the net outstanding notional exposure in commodity derivatives or emission allowances or derivatives thereof for cash settlement traded in the Union, excluding commodity derivatives or emission allowances or derivatives thereof traded on a trading venue, is below an annual threshold of EUR 3 billion; or
(b) whether the capital employed by the group to which the person belongs is predominantly allocated to the main business of the group; or
(c) whether or not the size of the activities referred to in point (j) of paragraph 1 exceeds the total size of the other trading activities at group level. The activities referred to in this paragraph shall be considered at group level.”

New Article 2(1)(j) of the MiFID II Directive inserted by the Covid MiFID Recovery Directive

Recital (11) of the Covid MiFID Recovery Directive (Extract)

New Article 30(1) inserted into MiFID II in place of the existing MiFID II Article 30(1), by the Covid MiFID Recovery Directive.

Article 28(1) Member States shall require that investment firms authorised to execute orders on behalf of clients implement procedures and arrangements which provide for the prompt, fair and expeditious execution of client orders, relative to other client orders or the trading interests of the investment firm.

Those procedures or arrangements shall allow for the execute on of otherwise comparable client orders in accordance with the time of their reception by the investment firm (Article 28(1) MiFID II).

Article 27 (Obligation to execute orders on terms most favourable to the client)

Article 25 (Assessment of suitability and appropriateness and reporting to clients)

New Article 5a “Investment firms must provide all information required to be provided by this Directive to clients or potential clients in electronic format, except where the client or potential client is a retail client or potential retail client who has requested receiving the information on paper, in which case that information shall be provided on paper, free of charge. Investment firms shall inform retail clients or potential retail clients that they have the option of receiving the information on paper.

“Investment firms shall inform existing retail clients that receive the information required to be provided by this Directive on paper of the fact that they will receive that information in electronic format at least eight weeks before sending that information in electronic format. Investment firms shall inform those existing retail clients that they have the choice either to continue receiving information on paper or to switch to information in electronic format.

“Investment firms shall also inform existing retail clients that an automatic switch to the electronic format will occur if they do not request the continuation of the provision of the information on paper within that eight week period. Existing retail clients who already receive the information required to be provided by this Directive in electronic format, do not need to be informed.”

(New Article 5a inserted into MIFID II by the Covid MIFID Recovery Directive).

Article 24 (general principles and information to clients)

New paragraph added to Article 27(3) MIFID II by the Covid MiFID Recovery Directive

Recital 9 of the Covid MiFID Recovery Directive

MiFID II Article 27(3) “Member States must require that for financial instruments subject to the trading obligation in Articles 23 and 28 Regulation (EU) No 600/2014, each trading venue and systematic internaliser and for other financial instruments each execution venue makes available to the public, without any charges, data relating to the quality of execution of transactions on that venue on at least an annual basis and that following execution of a transaction on behalf of a client the investment firm shall inform the client where the order was executed. Periodic reports shall include details about price, costs, speed and likelihood of execution for individual financial instrument.”

Article 29a(2) of MiFID II inserted by the Covid MiFID Recovery Directive

Article 25(6). “The investment firm shall provide the client with adequate reports on the service provided in a durable medium. Those reports shall include periodic communications to clients, taking into account the type and the complexity of financial instruments involved and the nature of the service provided to the client and shall include, where applicable, the costs associated with the transactions and services undertaken on behalf of the client”.

Article 25(2) (par 3). “When providing either investment advice or portfolio management that involves the switching of financial instruments, investment firms shall obtain the necessary information on the client’s investment and shall analyse the costs and benefits of the switching of financial instruments. When providing investment advice, investment firms shall inform the client whether or not the benefits of the switching of financial instruments are greater than the costs involved in such switching”.

(this par is incorporated into MiFID II by the Covid MiFID Recovery Directive).

Recital (6) of the Covid MiFID Recovery Directive

“switching of financial instruments” means selling a financial instrument and buying another financial instrument or exercising a right to make a change with regard to an existing financial instrument. Article 4(8a) inserted into MiFID II by the Covid MiFID Recovery Directive.

Recital (10) of the Covid MiFID Recovery Directive.

Article 29a(1) under Services provided to professional clients inserted into MiFID II by the Covid MiFID Recovery Directive

“The information provided to clients or potential clients shall include the following: (c) the information on all costs and associated charges must include information relating to both investment and ancillary services, including the cost of advice, where relevant, the cost of the financial instrument recommended or marketed to the client and how the client may pay for it, also encompassing any third-party payments.

“The information about all costs and charges, including costs and charges in connection with the investment service and the financial instrument, which are not caused by the occurrence of underlying market risk, shall be aggregated to allow the client to understand the overall cost as well as the cumulative effect on return of the investment, and where the client so requests, an itemised breakdown shall be provided. Where applicable, such information shall be provided to the client on a regular basis, at least annually, during the life of the investment”.

(Article 24(4)© MiFID II)

Recital (5) MiFID Covid Recovery Directive

Article 9a inserted into MiFID II by the Covid MiFID Recovery Directive

Member States shall require that, when providing investment services or, where appropriate, ancillary services to clients, an investment firm acts honestly, fairly and professionally in accordance with the best interests of its clients and comply, in particular, with the principles set out in this Article and in Article 25 (Article 24 (1) of MiFID II)

Recital (8) of the MiFID Recovery Directive

Commission document titled: Public consultation on the review of the MiFID II/MiFIR regulatory framework at page 55.

“For the purpose of this Article, research shall be understood as covering research material or services concerning one or several financial instruments or other assets, or the issuers or potential issuers of financial instruments, or as covering research material or services closely related to a specific industry or market such that it informs views on financial instruments, assets or issuers within that industry or market.

“Research will also comprise material or services that explicitly or implicitly recommend or suggest an investment strategy and provide a substantiated opinion as to the present or future value or price of financial instruments or assets, or otherwise contain analysis and original insights and reach conclusions based on new or existing information that could be used to inform an investment strategy and be relevant and capable of adding value to the investment firm’s decisions on behalf of clients being charged for that research.”

(Article 9a (last two paragraphs thereof) of MiFID II inserted by the Covid MiFID Recovery Directive).

Source: Articles 23, 24 and 25 of Directive (EU) 2014/65 (MiFID II), Articles 12 and 13 of Commission Delegated Directive 2017/593 and page 55 of EU Commission document titled: Public consultation on the review of the MiFID II/MiFIR regulatory framework.

new subparagraph added by the Covid MiFID Recovery Directive to Article 24 (4) of MiFID II

Page 50 of the EU Commission document titled: Public consultation on the review of the MiFID II/MiFIR regulatory framework.

Article 16a inserted into MiFID II by the Covid MiFID Recovery Directive

“Investment firms which manufacture financial instruments for sale to clients shall ensure that those financial instruments are designed to meet the needs of an identified target market of end clients within the relevant category of clients, the strategy for distribution of the financial instruments is compatible with the identified target market, and the investment firm takes reasonable steps to ensure that the financial instrument is distributed to the identified target market.

“An investment firm shall understand the financial instruments they offer or recommend, assess the compatibility of the financial instruments with the needs of the clients to whom it provides investment services, also taking account of the identified target market of end clients as referred to in Article 16(3), and ensure that financial instruments are offered or recommended only when this is in the interest of the client”. (Article 24(2) of MiFID II)

“An investment firm which manufactures financial instruments for sale to clients shall maintain, operate and review a process for the approval of each financial instrument and significant adaptations of existing financial instruments before it is marketed or distributed to clients” (par 2).

“The product approval process shall specify an identified target market of end clients within the relevant category of clients for each financial instrument and shall ensure that all relevant risks to such identified target market are assessed and that the intended distribution strategy is consistent with the identified target market (par 3).

“An investment firm shall also regularly review financial instruments it offers or markets, taking into account any event that could materially affect the potential risk to the identified target market, to assess at least whether the financial instrument remains consistent with the needs of the identified target market and whether the intended distribution strategy remains appropriate (par 4).

“An investment firm which manufactures financial instruments shall make available to any distributor all appropriate information on the financial instrument and the product approval process, including the identified target market of the financial instrument”

(par 5). (Article 16(3) paragraphs 2 to 5 of MiFID II)

Recital (4) of the Covid MiFID Recovery Directive.

MiFID II defines eligible counterparties in Article 30(2). Article 30(3) and Article (30)(4) of MiFID II are relevant also when determining who is to be entitled or treated as eligible counterparties.

a make-whole clause means a clause that aims to protect the investor by ensuring that, in the event of early redemption of a bond, the issuer is required to pay to the investor holding the bond an amount equal to the sum of the net present value of the remaining coupon payments expected until maturity and the principal amount of the bond to be redeemed. (Par 44a inserted into Article 4(1)(44) of MiFID II by the Covid MiFID Recovery Directive)

Directive (EU) 2021/338 of 16 February 2021 amending Directive 2014/65/EU as regards information requirements, product governance and position limits, and Directives 2013/36/EU and (EU) 2019/878 as regards their application to investment firms, to help the recovery from the COVID-19 crisis.

The MiFID II Regime for the purposes of this report, comprises Directive (EU) 2014/65 (MiFID II) and the Markets in Financial Instruments Regulation (600/2014) (MiFIR), being the foundation regulations for the MiFID II regime and Commission Delegated Directive EU 2017/593 (MiFID II Delegated Directive).

The Covid MiFID Recovery Directive also amends Directives 2013/36/EU on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, and Directive (EU) 2019/878 amending Directive 2013/36/EU as regards exempted entities, financial holding companies, mixed financial holding companies, remuneration, supervisory measures and powers and capital conservation measures. Other Covid -19 recovery legislative changes include amendments to the Capital Requirements Regulation (575/2013) (CRR) as well as changes to the Prospectus Regulation (2017/1129) and the Securitisation Regulation ((EU) 2017/2402).

SI No. 6 of 2018 as amended.

Key Stages of Application Process are accessible here >

See EBA/GL/2017/08 07/07/2017 Final Report Guidelines on the criteria on how to stipulate the minimum monetary amount of the professional indemnity insurance or other comparable guarantee under Article 5(4) of Directive (EU) 2015/2366 (PSD2)

The foundation for these requirements is article 5 of PSD2. Article 5 (1) of PSD2 requires the submission by an application of:

“(m) the identity of persons holding in the applicant, directly or indirectly, qualifying holdings within the meaning of point (36) of Article 4(1) of Regulation (EU) No 575/2013, the size of their holdings and evidence of their suitability taking into account the need to ensure the sound and prudent management of a payment institution;

(n) the identity of directors and persons responsible for the management of the payment institution and where relevant, persons responsible for the management of the payment services activities of the payment institution, as well as evidence that they are of good repute and possess appropriate knowledge and experience to perform payment services as determined by the home Member State of the payment institution”.

The legal requirement is set out at section 5(1)(m) of PSD2.

The legal requirement is set out at section 5(1)(k) of PSD2 of the Guidance Note >

see EBA/GL/2019/04 29 November 2019 FINAL REPORT EBA Guidelines on ICT and security risk management

This requirement is in article 5(1)(j) of PSD2.

See guideline 13 of the CBOI Application Form and see EBA/GL/2019/04 29 November 2019 FINAL REPORT EBA Guidelines on ICT and security risk management.

EBA/GL/2018/05 (consolidated version) 18 July 2018 Final Report Guidelines on fraud reporting under the Payment Services Directive 2 (PSD2) Application date ØO 01.01.2019 Amended by EBA/GL/2020/01 01.07.2021.

See page 15 of the CBOI application form and EBA/GL/2018/05 (consolidated version) 18 July 2018 Final Report Guidelines on fraud reporting under the Payment Services Directive 2 (PSD2) Application date 01.01.2019 Amended by EBA/GL/2020/01 01.07.2021.

See pages 14 and 15 of the CBOI application form and see also section 3.7 of EBA/GL/2019/04 29 November 2019 FINAL REPORT EBA Guidelines on ICT and security risk management.

Commission Delegated Regulation 2018/389

Commission Delegated Regulation 2018/389

see EBA-Op-2018-04 13 June 2018 Opinion of the European Banking Authority on the implementation of the RTS on SCA and CSC.

EBA/GL/2019/04 29 November 2019 FINAL REPORT: EBA Guidelines on ICT and security risk management and EDPD Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPR

Currently accessible at page 13 of this link >

personalised security credentials means personalised features provided by the payment service provider to a payment service user for the purposes of authentication (Article 4(31) of PSD2).

See CBOI Application form guideline 9 on page 13; also CBOI Guidance Note (page 26) and EBA/GL/2017/10 27/07/2017 Final Report: Guidelines on major incident reporting under Directive (EU) 2015/2366 (PSD2).

governance arrangements and internal control mechanisms. See CBOI Application form guideline 8 on page 12; also the CBOI Guidance Note from pages 24 to 26 which specifies amongst things that the board has to have at least one independent director.

Safeguarding User’s Funds is in regulation 17(2) “A payment institution that provides payment services referred to in paragraphs 1 to 6 of the Schedule shall safeguard user’s funds in either of the following ways:

(a) user’s funds (i) shall not be mixed at any time with the funds of any person other than the payment service user on whose behalf the funds are held, and (ii) where the funds are still held by the payment institution and not yet delivered to the payee or transferred to another payment service provider by the end of the business day after the day of receipt, shall be deposited in a separate account in a credit institution or invested in assets designated or approved by the Bank for the purpose of these Regulations as secure, liquid and low risk assets;

(b) user’s funds shall be covered by an insurance policy.”

See the CBOI Application Form guideline 4, page 9; and the CBOI Guidance Note on the Business Plan is on pages 17 to 21 of the CBOI Guidance Note >

‘framework contract’ means a payment service contract which governs the future execution of individual and successive payment transactions and which may contain the obligation and conditions for setting up a payment account.

Program of operations. See section/guideline 3 on page 8 of the CBOI Application Form; and from pages 15 to 16 of the CBOI Guidance Note >

Follow these links to access:

Application Form >

CBOI Guidance Code >

European Communities (Electronic Money) Regulations 2011 as emended by the PSRs.

See pages 19 to 21 of the CBOI Guidance Note

The Minimum Competency Code 2017 (MCC 2017) and the Central Bank (Supervision and Enforcement) Act 2013 (Section 48 (1)) Minimum Competency Regulations 2017 (MCR 2017) came into effect on 3 January 2018.

PCF means Pre-Approval Controlled Functions.

Qualifying Holding means a legal or natural person with a direct or indirect holding of shares or other interest in the applicant which represents 10 per cent or more of the capital or of the voting rights, or any direct or indirect holding of less than 10 per cent of the capital or of the voting rights but which makes it possible to control or exercise a significant influence over the management of the applicant in which a holding subsists.

This document is accessible if one inputs this title into one’s search box.

Guidance Note currently accessible at this link >

Application form currently accessible at this link >

Regulation 21: “Where a payment institution has its registered office in the State, it shall have its head office in the State and shall carry out at least part of its payment service business in the State.”

Ireland. The Central Bank will expect decision-making at Board and Committee level to take place within the State. In addition, to ensure the central management is located within the ”head office”, its functions must include (where applicable):
(i) Financial Control;
(ii) Legal and Compliance; and
(iii) Risk Management.

It follows that there should be a significant senior management presence (within the applicant) in the State to ensure that full authority and effective control of the applicant rests within the “head office”.

EMI is an electronic money institution being a legal person that has been granted authorisation under Title II of Directive 2009/110 to issue electronic money; ‘electronic money’ means electronically, including magnetically, stored monetary value as represented by a claim on the issuer which is issued on receipt of funds for the purpose of making payment transactions as defined in point 5 of Article 4 of Directive 2007/64/EC, and which is accepted by a natural or legal person other than the electronic money issuer.

PI is a Payment Institution. A payment services provider where it is a Payment Institution as defined, requires a payment services authorisation.

Article 9 “Member States shall prohibit persons or undertakings that are not credit institutions from carrying out the business of taking deposits or other repayable funds from the public.
“Paragraph 1 shall not apply to the taking of deposits or other funds repayable by a Member State, or by a Member State's regional or local authorities, by public international bodies of which one or more Member States are members, or to cases expressly covered by national or Union law, provided that those activities are subject to regulations and controls intended to protect depositors and investors.”

Schedule par 4 Execution of payment transactions where the funds are covered by a credit line for a payment service user: (a) execution of direct debits, including one-off direct debits; (b) execution of payment transactions through a payment card or a similar device; (c) execution of credit transfers, including standing orders. Schedule par 5 Issuing of payment instruments and/or acquiring of payment transactions.

ancillary activities are:

(a) the provision of operational and closely related ancillary services such as ensuring the execution of payment transactions, foreign exchange services, safekeeping activities, and the storage and processing of data;

(b) without prejudice to Regulation 43 (Access to payment systems), the operation of payment systems;

(c) business activities other than the provision of payment services, subject to any law of the State or of the Union applicable to such activities.

CBOI is the Central Bank of Ireland.

account information services means a payment service where funds are received from a payer, without any payment accounts being created in the name of the payer or the payee, for the sole purpose of transferring a corresponding amount to a payee or to another payment service provider acting on behalf of the payee, and/or where such funds are received on behalf of and made available to the payee.

payment initiation service means a service to initiate a payment order at the request of the payment service user with respect to a payment account held at another payment service provider.

1. Services enabling cash to be placed on a payment account as well as all the operations required for operating a payment account.
2. Services enabling cash withdrawals from a payment account as well as all the operations required for operating a payment account.
3. Execution of payment transactions, including transfers of funds on a payment account with the user’s payment service provider or with another payment service provider: (a) execution of direct debits, including one-off direct debits; (b) execution of payment transactions through a payment card or a similar device; (c) execution of credit transfers, including standing orders.
4. Execution of payment transactions where the funds are covered by a credit line for a payment service user: (a) execution of direct debits, including one-off direct debits; (b) execution of payment transactions through a payment card or a similar device; (c) execution of credit transfers, including standing orders.
5. Issuing of payment instruments and/or acquiring of payment transactions.
6. Money remittance.
7. Payment initiation services.
8. Account information services. These definitions need to checked against the definitions in the PSRs. For example what constitutes a payment account can be more widely in some jurisdictions.

'relevant proxy advisor' means a proxy advisor: (a) that provides services to shareholders with respect to shares that are admitted to trading on a regulated market in any Member State, and (b) in respect of which the competent Member State, within the meaning of Article 1(2)(b) of the Shareholders' Rights Directive, is the State (s1110K(7) of the SRD2 Regulations).

S1110D(5) (a) Subject to paragraph (b), an intermediary (in this subsection referred to as a ‘relevant intermediary’) who is provided with a confirmation under subsection (2) or (3) (in this subsection referred to as the ‘relevant confirmation’), shall, as soon as practicable, transmit the relevant confirmation to the shareholder to whom it relates. (b) Where: (i) it is not possible for the relevant intermediary to transmit the relevant confirmation directly to the shareholder to whom it relates, and (ii) the relevant intermediary is part of a chain of intermediaries, the relevant intermediary shall, as soon as practicable, transmit the relevant confirmation to each other intermediary in the chain of intermediaries known to the relevant intermediary as being part of the chain. (c) An intermediary to whom a relevant confirmation is transmitted under paragraph (b) and who can transmit the relevant confirmation directly to the shareholder to whom it relates shall, as soon as practicable, transmit the relevant confirmation directly to that shareholder.

Section 1110(4) Where a related party transaction entered into, or to be entered into, by a traded PLC involves a shareholder of the traded PLC, that shareholder shall not take part in the approval referred to in subsection s1110O(3).

‘related party’ has the same meaning as in the international accounting standards adopted in accordance with Regulation (EC) No 1606/2002 of the European Parliament and of the Council (The IAS Regulation) 

‘material transaction’ means a transaction in which any percentage ratio, calculated in accordance with one or more class tests, is 5% or more; ‘percentage ratio’ means, in relation to a transaction, a figure, expressed as a percentage, that results from applying a calculation under a class test to the transaction.

Section 1110(O)(5)( (a) Subsections (1) to (3) shall not apply to: (i) a transaction entered into in the ordinary course of business and concluded on normal market terms, (ii) transactions entered into between a traded PLC and its subsidiary, or a number of its subsidiaries, provided that (I) the subsidiary or subsidiaries are wholly owned by the traded PLC, or (II) no related party of the traded PLC has an interest in the subsidiary or subsidiaries, as the case may be, (iii) transactions regarding remuneration of directors, or certain elements of remuneration of directors, awarded or due in accordance with section 1110M, or (iv) transactions offered to all shareholders on the same terms where equal treatment of all shareholders and protection of the interests of the traded PLC are ensured. (b) In subparagraph (iii) of paragraph (a), ‘director’ has the same meaning as it has in section 1110M.

It is important to note how director is defined in s1110N(11).

A traded PLC may temporarily derogate from its remuneration policy where (a) doing so is necessary in exceptional circumstances, to serve the long-term interests and sustainability of the traded PLC as a whole or to assure its viability, and (b) the derogation is in accordance with the procedural conditions and other provisions on derogation set out in the remuneration policy.(s1110M(8) of the SRD2 Regulations).

The Remuneration Policy and what it must contain are set out in 13 paragraphs in s1110M(6)

relevant proxy advisor means a proxy advisor: (a) that provides services to shareholders with respect to shares that are admitted to trading on a regulated market in any Member State, and (b) in respect of which the competent Member State, within the meaning of Article 1(2)(b) of the Shareholders' Rights Directive (means SRD1, SRD II and Directive 2014/59 establishing a framework for the recovery and resolution of credit institutions and investment firms), is the State.

relevant asset manager means an asset manager:
(a) that invests in shares traded on a regulated market on behalf of investors, and
(b) in respect of which the competent Member State, within the meaning of Article 1(2)(a) of the Shareholders' Rights Directive, (means SRD1, SRD II and Directive 2014/59 establishing a framework for the recovery and resolution of credit institutions and investment firm) is the State

relevant institutional investor means an institutional investor: (a) that invests, whether directly or through an asset manager, in shares traded on a regulated market, and (b) in respect of which the competent Member State, within the meaning of Article 1(2)(a) of the Shareholders' Rights Directive (means SRD1, SRD II and Directive 2014/59 establishing a framework for the recovery and resolution of credit institutions and investment firms) is the State.

‘intermediary’ means a person, whether situated in a Member State or elsewhere, that provides services, in relation to a traded PLC, of safekeeping of shares, administration of shares or maintenance of securities accounts on behalf of shareholders or other persons, and includes -
(a) an investment firm as defined in Regulation 3 of the European Union (Markets in Financial Instruments) Regulations 2017 (S.I. No. 375 of 2017),
(b) a credit institution as defined in point (1) of Article 4(1) of Regulation (EU) No. 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No. 648/20128, and
(c) a central securities depository as defined in point (1) of Article 2(1) of Regulation (EU) No. 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No.236/2012.

traded PLC means a PLC: (a) whose shares are admitted to trading on a regulated market in any Member State, and (b) that is neither:(i) an undertaking for collective investment in transferrable securities within the meaning of Article 1(2) of Directive 2009/65/EC (UCITS)5, nor (ii) a collective investment undertaking within the meaning of point (a) of Article 4(1) of Directive 2011/61/EU on Alternative Investment Fund Managers and amending Directives 2003/41/EC and 2009/65/EC and Regulations (EC) No. 1060/2009 and (EU) No. 1095/2010 (section 1109(4) of the Act).

Recital (46) of the Platforms Regulation

Article 15 of the Platforms Regulation