ESAP launch: Mandatory LEI and format rules for reporting in Luxembourg

The European Single Access Point (“ESAP”) is a digital platform designed to facilitate EU-wide access to information that entities must disclose under sector-specific laws.

The Luxembourg Law of 27 March 2026 setting up the national framework for the European Single Access Point transposes Directive (EU) 2023/2864, implements Regulation (EU) 2023/2859 and Regulation (EU) 2023/2869, and modifies a series of financial sector laws (“ESAP Law”). This framework does not introduce new disclosure obligations for financial market participants but adds a disclosure channel, namely ESAP, designed to facilitate EU-wide access to certain disclosed information. 

Part of the relevant Directive has already been implemented through amendments to the Transparency Law¹ by the Law of 3 July 2025, applicable to listed companies as from 10 July 2026. Obligations resulting from the ESAP Law will apply as from 10 January 2028 or 10 January 2030 depending on the sectorial law.

What does ESAP mean in practice?

Entities that are required to publish certain information pursuant to their sectorial legislation will also be required to make it available on ESAP. To this effect, they will be required to submit relevant information to a national collection body, such as, for instance, the official appointed mechanism (“OAM”) operated by the Luxembourg Stock Exchange, the CSSF or the CAA. The collection body shall promptly make the information available to ESAP, making it accessible across the EU.

Who is affected?

The new ESAP framework will be implemented progressively across a broad spectrum of financial market participants, including listed companies, UCITS, UCITS management companies, AIFMs, banks and investment firms. The framework established under the Law of 3 July 2025 and ESAP Law will apply in three stages with deadlines of 10 July 2026, 10 January 2028 and 10 January 2030,  each determined by the specific obligations set out in the relevant sectoral legislation. 

For example, with respect to listed companies, the ESAP obligations under the Transparency Law will apply as from 10 July 2026, while the ESAP obligations under the law on the financial sector² as from 10 January 2030. For UCITS management companies and AIFMs, ESAP obligations will be phased in according to two deadlines depending on the information to be made available on ESAP under the relevant legislation, i.e. 10 January 2028 for information under, inter alia, the UCI Law, PRIIPs KID Regulation, SFDR, and 10 January 2030 for information under e.g. the AIFM Law and the Shareholders’ Rights Law³. 

Entities should verify their respective obligations under their sectorial legislation with respect to ESAP and check the relevant application deadlines.

Sanctions

Under the new ESAP framework, certain decisions, administrative measures and sanctions imposed for violations of provisions of financial services legislation will be transmitted to and made publicly available via ESAP. In Luxembourg, this will notably concern decisions adopted by the CSSF and the CAA. Additionally, judgments granting a standstill, appointing supervisory commissioners, or ordering the dissolution and liquidation of insurance undertakings will be forwarded to the CAA for subsequent publication on ESAP.

The ESAP framework strengthens the visibility and accessibility at EU level of enforcement decisions that are already subject to publication obligations under the sectoral legislation. This increased centralisation may contribute to reputational exposure for sanctioned entities across the EU Member States.

Mandatory metadata

The submissions to ESAP must be accompanied by mandatory metadata, such as: 

• Entity name
• Legal entity identifier (“LEI”)
• Entity size (as per the applicable classification)
• Sector of activity
• Type of concerned information 
• Whether personal data is included

Legal entity identifier 

Entities required to submit information to ESAP must use an LEI when submitting information. The LEI is a unique code that identifies legal entities participating in financial transactions, ensuring clarity and traceability in disclosures. 

Entities without a valid LEI will be required to obtain one. In group structures, the LEI of the parent company may be used for its subsidiaries if they do not have their own.

New format requirements

To submit documents to ESAP, the format must be, as appropriate:

• machine-readable (a file format structured so that software applications can easily identify, recognise and extract specific data, including individual statements of fact, and their internal structure) or 
• allowing data extraction (any open format, which is a file format that is platform-independent and made available to the public without any restriction that impedes the re-use of documents).

Technical standards remain to be defined by the European Supervisory Authorities (ESAs). PDF and similar formats may no longer be sufficient.

Preparing for ESAP

• Entities should determine whether they or their group companies fall within the scope of ESAP. 
• If a valid LEI is not already in place, entities must apply for one.
• Internal reporting and publication processes should be reviewed to ensure that submissions are compliant with the new format requirements.
• Entities need to keep abreast of future technical standards issued by the ESAs as well as local guidance from the CSSF and CAA, where applicable.