What are you looking for?

Newsfeed
June 15, 2026

New ITS on Insider Lists

On 12 June 2026, the European Commission adopted Commission Implementing Regulation (EU) 2026/1291 (“New ITS”), introducing a revised set of implementing technical standards under article 18 of the Market Abuse Regulation (“MAR”) on insider lists. This New ITS repeal and replace Commission Implementing Regulation (EU) 2022/1210 (“Old ITS”), marking a further step in the broader reform agenda under the EU Listing Act.

We had previously considered ESMA’s technical advice on the New ITS in October 2025.

Similar to the Old ITS, the main purpose of the New ITS is to set out the applicable insider list templates to be used by issuers in terms of article 18 MAR.

Alignment with EU Listing Act Objectives

A central feature of the New ITS is the extension of the so-called “alleviated” format (previously reserved for issuers admitted to trading on SME growth markets) to all insider lists drawn up under Article 18(1) of MAR, irrespective of the trading venue. In effect, the New ITS removes the distinction between SME growth market issuers and other issuers for the purposes of insider list formatting, establishing a harmonised approach across the board.

This change is intended to ensure that the preparation and maintenance of insider lists impose only a limited administrative burden, while still enabling competent authorities to identify relevant persons and reconstruct access to inside information where necessary.

In practical terms, this reflects a move away from the more detailed and data-heavy requirements under the previous ITS towards a more streamlined dataset, consistent with the broader simplification objectives of the EU Listing Act.

Structure of Insider Lists & Key Changes

The insider lists templates under the New ITS largely preserve the underlying architecture of insider lists as established under the previous framework. In this regard, insider lists continue to be (1) organised by reference to specific pieces of inside information, with separate sections for each such piece of information (Temporary Insider Lists); and (2) capable of including a permanent insiders’ section for individuals who, by virtue of their role, have access to all inside information at all times (Permanent Insider Lists).

That said, the New ITS have introduced a few notable changes, particularly in relation to the (a) reduction in the number of data fields required, (b) codification of third-party contact person approach, and (c) treatment of permanent insiders over time.

A. Reduction of data fields

One of the most notable changes compared with the Old ITS is the reduction in the amount of personal data required to be recorded in both temporary and permanent insider lists. In fact, the New ITS have removed the requirement to include birth surnames, personal telephone numbers and personal home addresses. This is a welcome development, particularly given that issuers often faced push-back from insiders who were reluctant to provide this level of personal information.

A detailed comparison of the insider lists under the New and Old ITS is set out below.

B. Codification of third-party contact person approach

Another notable development is the express recognition and codification of the approach whereby, in the case of third-party service providers, it is sufficient to include in the insider list the details of a single natural person designated as a contact person. While this approach had already been accepted in practice by the Malta Financial Services Authority – and was even expressly endorsed in its March 2020 circular – its codification at EU level is a welcome development, as it enhances legal certainty and promotes greater harmonisation across Member States.

C. Treatment of permanent insiders over time

A more substantive development concerns the treatment of permanent insiders over time.

Under the Old ITS, the permanent insiders’ section contained a single “included” field, capturing the date and time at which an individual was added to that section. The New ITS replaces this with two separate fields:

  • Obtained” – indicating when the individual obtained access to all inside information; and
  • Ceased” – indicating when that access ended.

This change has an important practical implication. While under the previous framework it was possible to remove individuals from the permanent insiders’ section once they no longer qualified as permanent insiders, the introduction of a “ceased” field suggests that individuals should instead remain on the list, with the ‘ceased’ field being completed accordingly.

No other significant changes

Beyond the changes described above, the core operational requirements of the Old ITS have largely been retained. In particular, issuers remain subject to the obligation to ensure that insider lists are maintained in a manner that

  1. restricts access to clearly identified persons who require such access due to the nature of their function or position;
  2. ensures that the information included is accurate and kept up to date; and
  3. preserves previous versions of the insider list so as to enable competent authorities to reconstruct access to inside information over time.

Key Takeaways for Issuers

In light of the New ITS, issuers should consider taking the following steps to ensure continued compliance:

  1. Revise internal policies and procedures: Update internal documentation (including market abuse policies and insider dealing procedures) to reflect the new format requirements and data fields. Ensure that references to legacy templates (including those based the Old ITS) are removed.
  2. Review treatment of permanent insiders: Update internal procedures to reflect the revised approach to permanent insiders, in particular individuals should no longer be removed from the permanent insiders’ section when their status changes; instead, their access should be marked as having “ceased”, with the relevant record retained and a new version of the insider list saved.
  3. Reassess insider list governance processes: Ensure controls are in place to capture both “obtained” and “ceased” timestamps consistently across all sections of the insider list. Verify that processes support maintaining a clear historical audit trail of access to inside information.
  4. Monitor regulatory developments and templates: We expect ESMA and the MFSA to publish updated standardised Excel templates reflecting the new ITS in due course. Issuers should monitor these developments and transition to such templates once available.
  5. Training and awareness: Provide targeted training to relevant personnel (including compliance, legal, and operational teams) on the revised requirements, with particular focus on the new treatment of permanent insiders and the streamlined data fields.

Entry into Force

The New ITS will enter into force on 5 July 2026.

***

Comparison of data fields required under old ITS and new

Temporary Insider List

 

Permanent insider list

Share

Go Back

Author

Beppe Degiorgio

Senior Associate (Malta)
View Profile

Related Articles

More Insights
Newsfeed image
Events
June 17, 2026

Stephanie Zarb Adami to speak at IBA’s 13th Balkan Legal Forum
Newsfeed image
Events
June 16, 2026

Stuart Firman to deliver webinar on Foreign Direct Investment in Malta
Newsfeed image
Publication
June 16, 2026

Artificial Intelligence in Malta 2026
01
image

How can we assist?

Contact us