The European Single Access Point (Esap) project is based on a desire to radically modernise the financial markets. According to the European authorities, it is not simply a new technical constraint, but a “flagship action” of the Capital Markets Union. EU Regulation 2023/2859 provides the framework for this transition which, while not creating any new information to be published, radically changes the way it is transmitted and formatted so that it is genuinely useful at European level.
At national level, transposition is progressing with the tabling of Bill n°8567 on 20 December 2024. The bill aims to adapt the Luxembourg legal framework, in particular the law of 11 January 2008 on transparency, to officially designate the Luxembourg Stock Exchange (LuxSE) as the collecting body (OAM). According to Bonn Steichen & Partners’ analysis, this text is not limited to traditional finance, but also incorporates Regulation (EU) 2024/3005 on the integrity of ESG rating activities, placing rating providers under the direct supervision of Esma. The firm points out that this law defines the technical procedures for transmission and the scope of entities affected by the first deadlines of 2026, including companies whose securities are admitted to trading on a regulated market.
The Conseil d’État, in its opinion issued on this draft law, nevertheless made several legal observations. In particular, the high administrative court pointed to a lack of clarity due to systematic references to European regulations, which could make the law less readable for local issuers. The Conseil d’État also stressed the need to guarantee the protection of personal data when centralising reports on the single portal and to clarify the division of responsibilities between the CSSF and the Luxembourg Stock Exchange. These remarks underline the importance of not creating legal uncertainty through overly evasive transposition.
Beware of errors and associated litigation risks
In response to these reservations, amendments were tabled on 9 February. These amendments specify the supervisory powers of the CSSF, which will have to validate not only the substance but also the conformity of the metadata before it is sent to Esap. These amendments secure the legal framework for filings by precisely defining the criteria for the admissibility of documents by the OAM, confirming that implementation in Luxembourg requires careful coordination to remove any legal uncertainty before July 2026. The penalties provided for in the event of failure to format or late transmission are also clarified to encourage issuers to prepare rigorously.
Centralising data on a single European portal increases issuers’ legal exposure. According to a Clifford Chance study on the digitisation of markets, companies’ civil liability could increase: Member States must ensure that companies are held liable for damages caused by intentional or negligent breaches of reporting obligations. The Luxembourg draft law emphasises that the issuer bears ultimate responsibility for the accuracy of the data, even if the technical ‘marking’ of iXBRL is delegated to third parties. Clifford Chance points out that the Esap does not change the substantive obligations, but that the immediate accessibility of errors by investor algorithms multiplies the risk of litigation.
The anticipation of this text is explained by the scale of the technological project linked to the iXBRL (Inline eXtensible Business Reporting Language) format. According to the Luxembourg Stock Exchange (LuxSE), this tool integrates standardised IT tags into a human-readable document. To support issuers, LuxSE has scheduled technical webinars to test the First tool. First automatically scans files to identify ISIN codes and check the integrity of metadata before final storage in the OAM. LuxSE insists that information must be “usable” and no longer just “readable”, implying a profound restructuring of accounting information systems.
Costs and cybersecurity
In terms of costs, Esma predicts that while access to the portal is free to the public, issuers will need to invest in digital reporting software and training. KPMG’s report on corporate governance adds value by emphasising that these costs are an investment in “sustainable prosperity”. KPMG explains that certifying the conformity of non-financial statements enables companies to be accountable not just for their financial results, but for their real impact. This standardisation reduces the cost of capital for the most virtuous companies by making their environmental performance immediately verifiable by international investors.
IT security is another major aspect of the project. Given the strategic value of the data hosted, Esma has developed strict cybersecurity protocols to guarantee the integrity of the portal. According to European technical specifications, Esap must implement mechanisms to detect intrusions and protect against cyber attacks aimed at altering published financial reports. This architecture is designed to prevent any risk of data manipulation that could mislead the markets. For Luxembourg issuers, this security is ensured by a double verification: that of the national OAM (Luxembourg Stock Exchange) when the information is collected and that of Esma when it is put online, thus guaranteeing that the information consulted by the investor is identical to that certified by the company.
The four pillars of this new step
The Esap project is based on four fundamental pillars. The first aims to put an end to the fragmentation of information. Today, data is scattered across numerous national registers, making comparison difficult and costly. Centralising 150,000 entities on a single portal should act as a "funnel" to harmonise markets.
The second pillar concerns sustainable finance: for financial flows to support climate neutrality by 2050, investors need immediate access to sustainability reporting (CSRD).
The third objective is to reduce information asymmetry for SMEs. SMEs are often ‘under the radar’ of international investors because their data is difficult to locate. Esap offers them a free showcase, enabling them to diversify their sources of funding beyond bank loans. Many financial giants are stressing that the private markets market is set to grow in the short term.
Finally, the fourth pillar is the move to “all digital” (Digital Finance Strategy). The requirement for machine-readable and extractable formats allows analysts to use artificial intelligence tools to process massive volumes of information without typing errors, while also benefiting from automatic translation services.
The roll-out timetable is divided into three distinct phases. The first phase, in July 2026, will concern the Transparency Directive and the Prospectus Regulation. It is on this date that the Esap will have to be operational to receive the first flows. The second phase, in January 2028, will incorporate the sustainability reports linked to the CSRD. Finally, the third phase will extend until January 2030 to include rating agencies and retail investment products (Priips). For SMEs and unlisted companies, the system is voluntary, offering them the opportunity to appear on the Esap to attract foreign capital by complying with the same formatting standards as large entities.
