ARTICLE
16 July 2021

The CSSF Implements ESMA' Guidelines On Cloud Outsourcing And Extends The Scope Of The Cloud Circular

EH
ELVINGER HOSS PRUSSEN, société anonyme

Contributor

ELVINGER HOSS PRUSSEN, société anonyme logo
Independent in structure and spirit, Elvinger Hoss Prussen guides clients on their most critical Luxembourg legal matters. Committed to excellence and creativity in legal practice, our firm delivers the best possible advice for businesses, institutions and entrepreneurs, playing a unique role in the development of Luxembourg as a financial centre.
Explore
On 12 July 2021, the Luxembourg regulator of the financial sector, the CSSF, published its Circular 21/777 implementing the ESMA' guidelines on outsourcing to cloud service providers (ESMA50-164-4285 , "ESMA Guidelines").
Luxembourg Finance and Banking
Photo of Jacques Elvinger
Photo of Sophie Dupin
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

On 12 July 2021, the Luxembourg regulator of the financial sector, the CSSF, published its Circular 21/777 implementing the ESMA' guidelines on outsourcing to cloud service providers (ESMA50-164-4285 , "ESMA Guidelines").

The CSSF considers that CSSF Circular 17/654 on cloud outsourcing, as amended (the "Cloud Circular") (applicable inter alia to credit institutions, investment firms, professionals of the financial sector and investment fund managers) and its current regulatory practice are already in line with the substance requirements of the ESMA Guidelines.

The CSSF, however, extends the scope of the Cloud Circular to align it with the ESMA Guidelines by including the following financial market professionals in the scope of the Cloud Circular as of 31 July 2021 ("New Entities"):
- depositaries of AIFs (under article 21, paragraph 3 of the AIFMD) 
- UCITS, depositaries of UCITS (under article 2, paragraph 1, a) of the UCITS Directive) and investment companies that have not designated a management company authorised pursuant to the UCITS Directive 
- as well as other professionals such as central counterparties, data reporting services providers, market operators of trading venues, central securities depositories, administrators of critical benchmarks.

For new cloud outsourcing arrangements (entered into, renewed or amended on or after 31 July 2021), the New Entities would have to comply with the provisions of the Cloud Circular. The New Entities would have until 31 December 2022 to revisit their existing cloud outsourcing arrangements for compliance with the Cloud Circular.

CSSF Circular 21/777 does not require entities already in scope of the Cloud Circular to take specific action with regards the ESMA Guidelines. 

The CSSF does not take the opportunity to comment on points such as the definition of cloud computing and critical or important functions, the initial due diligence and sub-outsourcing requirements etc. on which the Cloud Circular seems to diverge from the ESMA Guidelines. 

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.

Authors
Photo of Jacques Elvinger
Jacques Elvinger
Photo of Sophie Dupin
Sophie Dupin
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More