With reference to the above-mentioned subject, we would like to bring to your attention the recent publication by the Cyprus Securities and Exchange Commission (CySEC) regarding the enactment of Law 12(I)/2026 (“Law”), which establishes the procedures for reporting actual or potential infringements of the Market Abuse Regulation (EU) No 596/2014 (“Market Abuse Regulation”, “MAR”) to CySEC.

The purpose of this Law is to implement a structured framework for the submission, receipt and handling of reports relating to suspected market abuse violations, including insider dealing, unlawful disclosure of inside information and market manipulation. In this respect, CySEC has established dedicated and secure communication channels to facilitate the reporting process and ensure the confidentiality and protection of the reporting persons.

The introduction of this Law aims to enhance transparency and strengthen the mechanisms available for reporting potential infringements of the Market Abuse Regulation directly to CySEC.

Part A – Overview of the Law

This new Law outlines the procedures for the reporting of actual or potential infringements of the MAR to the CySEC. In particular, the Law sets out:

• the establishment of secure and dedicated communication channels for reporting suspected infringements;
• the procedures for submission, receipt and handling of reports by CySEC;
• the appointment of specially trained CySEC personnel responsible for receiving and assessing such reports;
• the safeguards ensuring confidentiality and protection of the identity of reporting persons;
• the requirements for record keeping and documentation of reports received;
• the procedures for the processing and protection of personal data collected during the reporting process.

 

Part B –Key Provisions

1. Reporting Channels -pending to be announced

Reports of actual or potential infringements may be submitted, even anonymously, through the following channels:

• written reports (including electronic submissions);
• oral reports via telephone lines, with or without recording;
• personal meetings with designated CySEC personnel; or
• other means than the specific channels referred above, (in this case it shall be forwarded immediately, without modification, to the specialized members of the CySEC’s staff using the dedicated communication channels)

 

1. Handling of Reports

• CySEC is required to ensure that all reports are handled through secure systems that guarantee the confidentiality and integrity of the information received.
• CySEC may require the reporting person to clarify the information disclosed or to provide additional information available to them;
• CySEC is required to set the type, content and timeframe of the response after submitting the report;
• Specially designated and trained staff members are responsible for receiving, following up and communicating with reporting persons where necessary.

Protection of Reporting Persons

• Appropriate safeguards are provided to protect individuals who report infringements or are accused of infringements, against retaliation, discrimination or other types of unfair treatment at a minimum.

Data Protection and Record Keeping

• CySEC must maintain records of only Market Abuse related data received and ensure that personal data collected is processed in accordance with applicable data protection legislation.
• The personal data collected in the context of receiving reports of infringements shall be deleted within three (3) months from the date of completion of the procedure. However, in the event that judicial or disciplinary proceedings have been initiated against the reported person or the reporting person, the personal data shall be retained for the duration of such proceedings, until their full completion.

For further information or assistance, please do not hesitate to contact us.