Source: OJ L, 2024/2902, 28.11.2024

Artikel 5 Dauer der Speicherung personenbezogener Daten durch die Emittenten

Summary What does Article 5 of the ITS on non-EU currency reporting say?

This article addresses data retention obligations for issuers in the context of personal data received from crypto-asset service providers.

It directly complements the reporting framework established in earlier articles by setting a clear limit on how long issuers may hold onto personal data on token holders that was submitted to them as part of that reporting chain.

The rule is straightforward: retention must not exceed what is necessary for the reporting obligations, and in any case cannot go beyond 5 years from the date the data was obtained.

Important points:

Ensure personal data on holders received from crypto-asset service providers is not retained beyond what is necessary to fulfil your reporting obligations under this regulation.
The maximum retention period is 5 years from the date the personal data was obtained by the issuer.
This obligation falls on issuers and is directly tied to the data submitted by crypto-asset service providers under Articles 1(2) and 3(2) of this regulation.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

Die Emittenten speichern personenbezogene Daten über Inhaber, die von den Anbietern von Kryptowerte-Dienstleistungen gemäß Artikel 1 Absatz 2 und Artikel 3 Absatz 2 der vorliegenden Verordnung übermittelt werden, nicht länger, als es zur Erfüllung der in Artikel 22 Absatz 1 der Verordnung (EU) 2023/1114 festgelegten Meldepflichten erforderlich ist. Die Speicherdauer beträgt höchstens fünf Jahre ab dem Zeitpunkt, zu dem die Emittenten die personenbezogenen Daten erhalten haben.

Table of contents

Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.