Source: OJ L, 2024/2902, 28.11.2024

Artikel 5 Lagringstid för personuppgifter hos utgivare

Summary What does Article 5 of the ITS on non-EU currency reporting say?

This article addresses data retention obligations for issuers in the context of personal data received from crypto-asset service providers.

It directly complements the reporting framework established in earlier articles by setting a clear limit on how long issuers may hold onto personal data on token holders that was submitted to them as part of that reporting chain.

The rule is straightforward: retention must not exceed what is necessary for the reporting obligations, and in any case cannot go beyond 5 years from the date the data was obtained.

Important points:

Ensure personal data on holders received from crypto-asset service providers is not retained beyond what is necessary to fulfil your reporting obligations under this regulation.
The maximum retention period is 5 years from the date the personal data was obtained by the issuer.
This obligation falls on issuers and is directly tied to the data submitted by crypto-asset service providers under Articles 1(2) and 3(2) of this regulation.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

Utgivarna får inte lagra några personuppgifter om innehavare som lämnats in av leverantörerna av kryptotillgångstjänster i enlighet med artiklarna 1.2 och 3.2 i denna förordning längre än vad som är nödvändigt för att uppfylla de rapporteringsskyldigheter som fastställs i artikel 22.1 i förordning (EU) 2023/1114. En sådan lagringsperiod får inte överstiga fem år från den dag då utgivarna erhöll personuppgifterna.

Table of contents

Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.