1.   Operators of DLT market infrastructures shall establish clear and detailed business plans describing how they intend to carry out their services and activities, which shall include a description of their critical staff, the technical aspects and use of the distributed ledger technology, and the information required under paragraph 3.

Operators of DLT market infrastructures shall also make publicly available up-to-date, clear and detailed written documentation that defines the rules under which the DLT market infrastructures and their operators are to operate, including the legal terms defining the rights, obligations, responsibilities and liabilities of operators of DLT market infrastructures, as well as those of the members, participants, issuers and clients using their DLT market infrastructure. Such legal terms shall specify the governing law, any pre-litigation dispute settlement mechanisms, any insolvency protection measures under Directive 98/26/EC and the jurisdictions in which legal action may be brought. Operators of DLT market infrastructures may make their written documentation available by electronic means.

2.   Operators of DLT market infrastructures shall establish or document, as appropriate, rules on the functioning of the distributed ledger technology they use, including rules on accessing the distributed ledger, on the participation of the validating nodes, on addressing potential conflicts of interests, and on risk management including any mitigation measures to ensure investor protection, market integrity and financial stability.

3.   Operators of DLT market infrastructures shall provide their members, participants, issuers and clients with clear and unambiguous information on their website regarding how the operators carry out their functions, services and activities and how their performance of those functions, services and activities deviates from those performed by a multilateral trading facility or securities settlement system that is not based on distributed ledger technology. That information shall include the type of distributed ledger technology used.

4.   Operators of DLT market infrastructures shall ensure that the overall IT and cyber arrangements related to the use of their distributed ledger technology are proportionate to the nature, scale and complexity of their businesses. Those arrangements shall ensure the continuity and continued transparency, availability, reliability and security of their services and activities, including the reliability of smart contracts used on the DLT market infrastructure. Those arrangements shall also ensure the integrity, security and confidentiality of any data stored by those operators, and shall ensure that those data are available and accessible.

Operators of DLT market infrastructures shall have in place specific operational risk management procedures for the risks posed by the use of distributed ledger technology and crypto-assets and for how to address those risks if they materialise.

To assess the reliability of the overall IT and cyber arrangements of a DLT market infrastructure, the competent authority may require an audit of those arrangements. If the competent authority requires an audit, it shall appoint an independent auditor to carry it out. The DLT market infrastructure shall bear the costs of the audit.

5.   Where an operator of a DLT market infrastructure ensures the safekeeping of members’, participants’, issuers’ or clients’ funds, collateral or DLT financial instruments and ensures the means of access to such assets, including in the form of cryptographic keys, that operator shall have adequate arrangements in place to prevent the use of those assets on the operator’s own account without the prior express written consent of the member, participant, issuer, or client concerned, which may be made through electronic means.

Operators of DLT market infrastructure shall maintain safe, accurate, reliable and retrievable records of the funds, collateral and DLT financial instruments held by their DLT market infrastructure for their members, participants, issuers or clients, as well as of the means of access to those funds, collateral and DLT financial instruments.

Operators of DLT market infrastructure shall segregate the funds, collateral and DLT financial instruments of the members, participants, issuers or clients using the DLT market infrastructure, and the means of access to such assets, from those of the operator as well as from those of other members, participants, issuers and clients.

The overall IT and cyber arrangements referred to in paragraph 4 shall ensure that those funds, collateral and DLT financial instruments held by a DLT market infrastructure for its members, participants, issuers or clients, as well as the means of access to them, are protected from the risks of unauthorised access, hacking, degradation, loss, cyber-attack, theft, fraud, negligence and other serious operational malfunctions.

6.   In the event of a loss of funds, a loss of collateral or a loss of a DLT financial instrument, the operator of a DLT market infrastructure that lost the funds, collateral or DLT financial instrument shall be liable for the loss, up to the market value of the asset lost. The operator of the DLT market infrastructure shall not be liable for the loss where it proves that the loss arose as a result of an external event beyond its reasonable control, the consequences of which were unavoidable despite all reasonable efforts to the contrary.

Operators of DLT market infrastructure shall establish transparent and adequate arrangements to ensure investor protection, and shall establish mechanisms for handling client complaints and procedures for compensation or redress in cases of investor loss as a result of any of the circumstances referred to in the first subparagraph of this paragraph or as a result of the cessation of the business due to any of the circumstances referred to in Articles 8(13), 9(11) and 10(10).

A competent authority may decide, on a case-by-case basis, to require additional prudential safeguards from the operator of a DLT market infrastructure in the form of own funds or an insurance policy if the competent authority determines that potential liabilities for damages to clients of the operator of the DLT market infrastructure as a result of any of the circumstances referred to in the first subparagraph of this paragraph are not adequately covered by the prudential requirements provided for in Regulation (EU) No 909/2014, Regulation (EU) 2019/2033 of the European Parliament and of the Council (18), Directive 2014/65/EU or Directive (EU) 2019/2034 of the European Parliament and of the Council (19), in order to ensure investor protection.

7.   An operator of a DLT market infrastructure shall establish and make publicly available a clear and detailed strategy for reducing the activity of a particular DLT market infrastructure or for transitioning out of, or ceasing to operate, a particular DLT market infrastructure (‘transition strategy’), including the transition or reversion of its distributed ledger technology operations to traditional market infrastructures, in the event:

The transition strategy shall be ready to be deployed in a timely manner.

The transition strategy shall set out how members, participants, issuers and clients are to be treated in the event of a withdrawal or discontinuation of a specific permission or the cessation of the business as referred to in the first subparagraph of this paragraph. The transition strategy shall set out how clients, in particular retail investors, are to be protected from any disproportionate impact from the withdrawal or discontinuation of a specific permission or the cessation of the business. The transition strategy shall be updated on an ongoing basis subject to the prior approval of the competent authority.

The transition strategy shall specify what is to be done in the event that the threshold referred to in Article 3(3) is exceeded.

8.   Investment firms or market operators that are only permitted to operate a DLT MTF under Article 8(2) of this Regulation and that do not indicate in their transition strategies that they intend to obtain an authorisation to operate a multilateral trading facility under Directive 2014/65/EU, as well as CSDs operating a DLT TSS, shall use best efforts to conclude arrangements with investment firms or market operators operating a multilateral trading facility under Directive 2014/65/EU to take over their operations, and shall specify those arrangements in their transition strategies.

9.   CSDs operating a DLT SS that are only permitted to operate a DLT SS under Article 9(2) of this Regulation and that do not indicate in their transition strategies that they intend to obtain an authorisation to operate a securities settlement system under Regulation (EU) No 909/2014, and investment firms or market operators operating a DLT TSS, shall use best efforts to conclude arrangements with CSDs operating a securities settlement system to take over their operations, and shall specify those arrangements in their transition strategies.

CSDs operating a securities settlement system that receive a request to conclude the arrangements referred to in the first subparagraph of this paragraph shall respond within three months of the date of receipt of the request. The CSD operating the securities settlement system shall conclude the arrangements in a non-discriminatory manner and may charge a reasonable commercial fee based on actual costs. It shall deny such a request only where it considers that the arrangements would affect the smooth and orderly functioning of the financial markets or would pose a systemic risk. It shall not deny a request on the grounds of loss of market share. If it denies a request, it shall inform the operator of the DLT market infrastructure that made the request of its reasons in writing.

10.   The arrangements referred to in paragraphs 8 and 9 shall be in place no later than five years from the date of granting of the specific permission, or shall be in place at an earlier date if required by the competent authority in order to address any risk of early termination of the specific permission.