EBA Revises Confidentiality Rules for Cooperation With Non-EU Supervisors

Key Takeaways

• Expanded Scope Under MiCAR: The EBA has updated its equivalence Guidelines to reflect new confidentiality and professional secrecy requirements under the Markets in Crypto Assets Regulation, extending the framework to crypto-asset supervision.
• Third-Country Equivalence Confirmed: Supervisory authorities in Australia, China, Montenegro, Peru, Serbia, and the United Kingdom are now formally recognised as having confidentiality regimes equivalent to EU standards.
• Clearer Rules for Information Sharing: Updated definitions, refreshed legal references, and additional guidance aim to harmonise how EU competent authorities share supervisory information with third countries.
• Stronger Cross-Border Cooperation: The revised framework reinforces legal certainty and trust for cross-border supervisory cooperation without weakening EU confidentiality safeguards.

Deep Dive

The European Banking Authority has quietly but meaningfully updated the rulebook that governs how EU supervisors share sensitive information with their counterparts outside the bloc. In revised Guidelines published on December 22, 2025, the EBA strengthened its framework for assessing whether third-country confidentiality and professional secrecy regimes meet EU standards, an essential precondition for effective cross-border supervisory cooperation.

At its core, the update reflects how much the supervisory landscape has changed since the original Guidelines were issued in 2022. Most notably, the revised framework now explicitly incorporates requirements under the Markets in Crypto Assets Regulation, bringing crypto-asset supervision into the same confidentiality and professional secrecy architecture that already applies across traditional banking supervision.

The update also formalizes the results of the EBA’s most recent equivalence assessments. Under the revised Guidelines, the confidentiality and professional secrecy regimes of authorities in Australia, China, Montenegro, Peru, Serbia, and the United Kingdom are recognised as equivalent to EU standards. That recognition matters in practice. It gives EU competent authorities a clearer legal footing when exchanging supervisory information and working jointly with those jurisdictions, particularly in complex or fast-moving cases.

Alongside the headline changes, the EBA has made a series of refinements aimed at reducing ambiguity for supervisors on the ground. Definitions have been tightened, legal references updated, and additional guidance provided on how authorities should apply the framework when sharing information or cooperating with third-country supervisors. The intent is harmonization and ensuring that EU authorities take a consistent approach, regardless of which non-EU counterpart they are dealing with.

The revised Guidelines sit within the EBA’s broader effort to strengthen supervisory convergence and international cooperation. Once translations are published in the EU’s official languages, competent authorities will have two months to report on their compliance with the updated framework.

The legal foundations remain unchanged. Regulation (EU) No 1093/2010 mandates the European Banking Authority to support Member States in assessing whether third-country confidentiality and professional secrecy regimes align with EU requirements. At the same time, Article 100 of the Markets in Crypto Assets Regulation reinforces that any information exchanged between competent authorities must remain confidential and protected by professional secrecy, with disclosure permitted only in narrowly defined legal circumstances.

While the update may read as technical, its implications are practical. As supervision becomes increasingly cross-border, and as crypto-asset markets pull new actors into the regulatory perimeter, the EBA is signaling that cooperation will continue to deepen, but not at the expense of confidentiality safeguards that underpin trust between supervisors.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.