Article 9 | Delegated Regulation 2025/2180

Updated 03/01/2026

Metadata

Coming into force on 19/01/2026

Initial Legal Act

Amendments

Article 9 - Delegated Regulation 2025/2180

Article 9

Criteria for ensuring that outsourcing assessment activities does not materially impair ESMA’s ability to supervise compliance of external reviewers

When ensuring that outsourcing does not materially impair ESMA’s ability to supervise external reviewers’ compliance with Regulation (EU) 2023/2631, external reviewers shall ensure that the following criteria are fulfilled:

(a)	an appropriate level of documentation and recordkeeping of all the names and positions of the persons responsible for approving and monitoring the outsourcing is maintained;

(b)	the third-party service provider is capable of providing the external reviewer with all the necessary information concerning outsourced assessment activities required by the external reviewer to demonstrate the external reviewer’s compliance with Regulation (EU) 2023/2631;

(c)

where assessment activities are outsourced to a third-country third-party service provider, the external reviewer and the third-party service provider have in place procedures ensuring the management of risks arising from the following:

(i)	diverging regulatory requirements or legal systems;

(ii)	absence or untimely execution of exit strategies in the event of service interruptions or failures;

(iii)

information and data security incidents;

(iv)	breach of confidential information;

(v)	lack of prompt access for ESMA and the external reviewer to the third-party records, including where those records are maintained in third-country jurisdictions.

Recitals Article 1 - Criteria to determine sufficiently good repute of senior management and the members of the board of an applicant external reviewer Article 2 - Criteria to determine sufficient skill, professional qualifications and relevant experience of senior management and the members of the board of the applicant external reviewer Article 3 - Criteria to determine the sufficient number of analysts, employees and other persons directly involved in assessment activities Article 4 - Criteria to determine the sufficient level of knowledge, experience and training of analysts, employees and other persons directly involved in assessment activities Article 5 - Criteria for assessing sound and prudent management by external reviewers Article 6 - Criteria for assessing the management of conflicts of interest Article 7 - Criteria for assessing the ability and capacity of third-party service providers to perform assessment activities Article 8 - Criteria for ensuring that outsourcing assessment activities does not materially impair the quality of the internal control of the external reviewer Article 9 - Criteria for ensuring that outsourcing assessment activities does not materially impair ESMA’s ability to supervise compliance of external reviewers Article 10 - Evaluation of criteria of outsourcing of assessment activities Article 11 - Entry into force

Metadata

Related documents

Article 9 - Delegated Regulation 2025/2180

Table of contents