Last updated

CSSF Issuer Regulated Information and Market Abuse Disclosure in Luxembourg: Practical Control Guide

Direct answer

CSSF Issuer Regulated Information and Market Abuse Disclosure in Luxembourg: Practical Control Guide helps compliance teams, directors, risk owners, and advisers translate a Luxembourg supervisory topic into owners, evidence, and escalation points. It explains understanding the Luxembourg regulatory obligation, supervisory evidence, internal ownership, and escalation points in CSSF Issuer Regulated Information and Market Abuse Disclosure in Luxembourg: Practical Control Guide, then shows how to map the controlling rule, prepare board or compliance evidence, and know when a CSSF-facing specialist should review the file. Read it before assigning owners or responding to a supervisory request, so the evidence file matches the regulatory question.

The CSSF information-requirements page explains that regulated information includes information disclosed under the Transparency Law and information under Articles 17 and 19 of the Market Abuse Regulation. It also describes three simultaneous obligations for regulated information: effective dissemination, storage on the OAM and filing with the CSSF through eRIIS. That makes issuer disclosure an operating control, not only a legal obligation.

This guide is for issuers, company secretaries, legal teams, investor-relations teams, finance, disclosure committees, listed-company executives, board members and advisers. It is not legal advice. Source check date: 20 May 2026.

Control Why it matters Evidence
Regulated information Determines what must be disseminated, stored and filed Disclosure classification memo, legal basis and owner
Home Member State Controls whether Luxembourg Transparency Law obligations apply Home Member State notification, listing/admission facts
eRIIS filing CSSF filing is a separate obligation from website posting Submission confirmation, timestamp, filed document
Market abuse controls Inside information and PDMR notifications require time-sensitive governance Disclosure committee minutes, insider list, PDMR register

Official sources used

This article uses CSSF official pages on information requirements for issuers, market abuse and enforcement of issuer financial information. Readers should verify current CSSF forms, FAQs and legislation before acting.

Start with home Member State analysis

The issuer should first confirm whether Luxembourg is its home Member State for Transparency Law purposes. This is not a clerical detail. It determines whether the issuer is in the CSSF's disclosure perimeter for periodic and ongoing regulated information.

The CSSF issuer page explains that issuers whose home Member State is Luxembourg are subject to the Transparency Law, and that Luxembourg can be imposed as home Member State in certain cases where an issuer omits to disclose its home Member State after admission to trading on a regulated market in Luxembourg.

The evidence file should include the issuer's registered office, securities admitted to trading, market, denomination, choice or automatic home Member State basis, host Member States and notification evidence.

A weak home Member State record creates uncertainty for every later filing obligation.

Control Why it matters Evidence
Owner Start with home Member State analysis needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Create a regulated information taxonomy

Issuer teams should classify information before a deadline occurs. A taxonomy can separate annual financial reports, half-yearly financial reports, payments-to-governments reports, major holding publications, total voting rights and capital changes, home Member State disclosures, inside information and PDMR transaction notifications.

The taxonomy should identify legal basis, owner, approval path, dissemination channel, OAM storage, CSSF filing path, deadline and evidence. Without a taxonomy, teams decide under pressure and may miss a simultaneous filing obligation.

The taxonomy should be maintained by legal or company secretariat with finance and investor-relations input. It should be reviewed when the issuer changes instruments, markets, group structure or reporting calendar.

A taxonomy turns a dense legal regime into an operating calendar.

Control Why it matters Evidence
Owner Create a regulated information taxonomy needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Control periodic reporting deadlines

The CSSF issuer page states that annual financial reports are to be published at the latest four months after the end of each financial year, and half-yearly financial reports at the latest three months after the end of the first six months of each financial year, subject to exemptions and detailed legal conditions.

Finance teams should not treat these as publication-only dates. The report must be prepared, approved, disseminated, stored and filed. That requires backwards planning: audit timing, board approval, translations if relevant, dissemination provider instruction, OAM process and eRIIS filing.

The control calendar should show internal draft deadlines, audit committee review, board approval, final document lock, release time, filing owner and contingency owner.

Deadline control is one of the easiest issuer controls to evidence and one of the most visible when it fails.

Control Why it matters Evidence
Owner Control periodic reporting deadlines needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Do not confuse website posting with dissemination

The CSSF page explains that mere availability of regulated information, such as on the issuer's website, is not sufficient for Transparency Law purposes because dissemination should involve active distribution to media to reach investors on a non-discriminatory basis.

This is a practical trap. Investor-relations teams may update the website and assume disclosure is complete. The issuer should instead maintain a dissemination workflow that includes media distribution, OAM storage and CSSF filing.

The evidence file should include release timestamp, dissemination provider confirmation, OAM storage confirmation, eRIIS filing evidence and website archive where applicable.

A disclosure is stronger when each channel is independently evidenced.

Control Why it matters Evidence
Owner Do not confuse website posting with dissemination needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Store regulated information with the OAM correctly

For issuers whose securities are admitted to trading on a regulated market and where Luxembourg is the home Member State, the CSSF page explains the obligation to make regulated information available to an officially appointed mechanism, with storage at the time of dissemination and at the latest by the end of the day of dissemination.

The issuer should assign an OAM owner and backup. The owner should know the indexing categories, file naming rules and cut-off expectations. Mis-indexed information can become difficult for investors to find.

OAM evidence should be captured immediately: confirmation page, timestamp, document title, category and link where available.

OAM storage is not a secondary archive. It is part of the regulated disclosure chain.

Control Why it matters Evidence
Owner Store regulated information with the OAM correctly needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Use eRIIS as a controlled filing workflow

The CSSF page states that from 30 May 2022, entities and persons subject to the Transparency Law and Market Abuse Regulation must fulfil their filing obligation through eRIIS. That means issuer controls should include access rights, backup users, training and submission evidence.

A single person with eRIIS access creates operational risk. The issuer should maintain access governance, user review, backup submitters and a procedure for emergency releases.

Each filing should preserve submitted document, filing category, timestamp, confirmation, submitter and any error messages. If a correction is filed, preserve both versions and the explanation.

Filing evidence should be stored with the disclosure pack rather than in an individual's inbox.

Control Why it matters Evidence
Owner Use eRIIS as a controlled filing workflow needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Build an inside information escalation process

The CSSF market abuse page explains that market abuse encompasses insider dealing, unlawful disclosure of inside information and market manipulation, and that the CSSF is the competent authority in Luxembourg under the Market Abuse Law. For issuers, Article 17 of MAR creates time-sensitive disclosure discipline around inside information.

An issuer should maintain an escalation process for potential inside information. Business teams should know when to escalate financial performance surprises, M&A, financing, litigation, regulatory matters, cyber incidents, material contracts, solvency concerns or operational disruptions.

The disclosure committee should assess whether information is precise, non-public, price-sensitive and directly or indirectly concerns the issuer or financial instruments. Legal advice may be needed.

The evidence file should include the assessment, decision, timing and any delayed disclosure rationale.

Control Why it matters Evidence
Owner Build an inside information escalation process needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Manage delayed disclosure decisions carefully

Delaying disclosure of inside information is a high-risk decision. The issuer should document the legal basis, legitimate interest, confidentiality controls, risk of misleading the public, decision maker, review cadence and disclosure trigger.

The delay file should not be created after the fact. It should exist while the information is being withheld and be updated as facts change. If confidentiality is lost, the issuer needs a rapid disclosure plan.

The issuer should maintain restricted access, insider lists, need-to-know circulation and communication controls. Rumors, leaks or unusual trading may require reassessment.

Delayed disclosure is not a way to avoid bad news. It is a controlled exception that must remain defensible.

Control Why it matters Evidence
Owner Manage delayed disclosure decisions carefully needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Maintain insider lists as operational records

Insider lists should identify persons with access to inside information and support regulatory review. They should be timely, accurate and connected to each inside information project.

The issuer should define who creates the list, when people are added, how acknowledgements are captured, how advisers are covered and when lists are closed. Project names should be clear enough for internal tracking without leaking sensitive details.

Insider-list controls also help prevent unlawful disclosure. People who do not need access should not receive the information.

A stale insider list is weak evidence because it suggests the issuer did not control information flows.

Control Why it matters Evidence
Owner Maintain insider lists as operational records needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Control PDMR and closely associated person notifications

The CSSF market abuse page notes that Article 19 of MAR obliges persons discharging managerial responsibilities and persons closely associated with them to notify the issuer and the CSSF about certain transactions conducted on their own account.

Issuers should maintain a PDMR register, notify PDMRs of duties, collect closely associated person information, set blackout periods and preserve notification evidence. The process should not rely on informal reminders.

When a PDMR transaction occurs, the issuer should track receipt, CSSF filing where applicable, market disclosure, timing and evidence. Late notifications can create reputational and regulatory risk.

PDMR controls should be part of onboarding for directors and senior executives.

Control Why it matters Evidence
Owner Control PDMR and closely associated person notifications needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Manage major holding notifications

The CSSF issuer page explains that issuers publish information contained in major holding notifications upon receipt and no later than three trading days thereafter under the Transparency Law. It also discusses disclosures around own shares and total voting rights.

Issuer teams should know who receives shareholder notifications, who checks completeness, who prepares publication, who files and who updates investor-relations pages. A notification sitting in an unattended mailbox can create delay.

The evidence file should preserve shareholder notification, receipt timestamp, publication document, dissemination proof, OAM storage and CSSF filing.

Major holding controls protect market transparency and shareholder trust.

Control Why it matters Evidence
Owner Manage major holding notifications needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Prepare total voting rights disclosures

The CSSF page states that issuers disclose the total number of voting rights and capital at the latest at the end of each calendar month during which an increase or decrease occurred, with the disclosure deemed fulfilled if made during the month.

This control requires coordination between corporate actions, legal, finance and investor relations. Share issuance, cancellation, treasury shares or capital changes should trigger assessment.

The issuer should maintain a month-end voting-rights check even in quiet periods. The check should record whether a change occurred and whether disclosure was needed.

A documented no-change review is useful evidence when questions arise.

Control Why it matters Evidence
Owner Prepare total voting rights disclosures needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Connect financial reporting enforcement with disclosure quality

The CSSF enforcement page explains that the CSSF controls periodic information published by issuers and can notify decisions such as injunctions, recommendations and follow-up measures relating to corrections or improvements of financial information.

Issuers should therefore treat financial reporting quality as part of disclosure governance. Accounting judgments, alternative performance measures, going concern, segment reporting, impairment and climate or risk disclosures can all attract scrutiny.

When CSSF questions arise, the issuer should respond through a controlled process: owner, fact pack, accounting analysis, legal review, board or audit committee involvement where needed and evidence of corrections.

A strong reporting file reduces the risk that issuer disclosure becomes a remediation exercise.

Control Why it matters Evidence
Owner Connect financial reporting enforcement with disclosure quality needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Create a disclosure committee file

A disclosure committee file should preserve agenda, attendees, information assessed, decision, legal basis, release timing, channels, documents and follow-up. It should exist for periodic releases and material ongoing disclosures.

The file does not need to be long, but it should show disciplined judgment. If the committee decides that information is not inside information, record why. If it decides to delay, record controls. If it decides to release, record timing and channel coordination.

The file helps in regulatory review because the issuer can show contemporaneous reasoning rather than retrospective explanation.

The committee file is also a learning tool for future disclosures.

Control Why it matters Evidence
Owner Create a disclosure committee file needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Coordinate with exchanges and advisers

Issuer disclosure often involves stock exchange rules, listing agents, legal counsel, auditors, dissemination providers and the OAM. Coordination should be planned before a release deadline.

External advisers can help interpret obligations, but the issuer remains responsible for timely and accurate disclosure. The file should identify adviser input but not hide behind it.

When several jurisdictions are involved, coordinate home and host requirements. The CSSF page reminds issuers to comply with other applicable foreign legislation where relevant.

A cross-border disclosure checklist prevents one-market compliance and another-market failure.

Control Why it matters Evidence
Owner Coordinate with exchanges and advisers needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Control corrections and restatements

If information is wrong, incomplete or misleading, the issuer needs a correction process. The process should identify the error, assess materiality, approve correction language, disseminate, store, file and preserve evidence.

Corrections can relate to financial reports, major holdings, voting rights, PDMR notices or inside information. Each type has different timing and sensitivity.

The evidence file should show when the error was discovered, who assessed it, what was corrected and how the market was informed.

A prompt, transparent correction is usually better than informal clarification.

Control Why it matters Evidence
Owner Control corrections and restatements needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Manage disclosure during crises

Crises compress time. Cyber incidents, liquidity stress, litigation, regulatory investigations, executive departures or failed transactions can all raise disclosure questions. The issuer should have a crisis-disclosure playbook.

The playbook should connect crisis management, legal, finance, investor relations, market abuse controls, insider lists, media monitoring and board communication. It should also define who can approve emergency disclosure.

During crisis, preserve timestamps. The sequence of when the issuer knew, assessed, decided and disclosed can matter.

A crisis playbook makes fast disclosure more controlled.

Control Why it matters Evidence
Owner Manage disclosure during crises needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Train people who create disclosure risk

Disclosure controls fail when only legal understands them. Finance, strategy, M&A, treasury, investor relations, operations, HR and executive assistants can all encounter potentially inside information or regulated information triggers.

Training should be practical: examples of inside information, when to escalate, what not to say externally, how to treat rumors, PDMR obligations, blackout periods and where evidence is stored.

Training attendance and materials should be preserved. New directors and executives should receive tailored onboarding.

People who understand escalation reduce the chance of late or selective disclosure.

Control Why it matters Evidence
Owner Train people who create disclosure risk needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Use a release-day checklist

Release day should be procedural. Confirm final document, approvals, timestamps, dissemination provider, OAM storage, eRIIS filing, website posting, exchange notification if needed, media monitoring, PDMR or major holding links and archive.

The checklist should have a primary owner and backup. It should include emergency contacts and credentials for each filing channel.

After release, capture evidence immediately. Do not wait until weeks later to find confirmations.

A release-day checklist is simple and highly protective.

Control Why it matters Evidence
Owner Use a release-day checklist needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Review the control after each major disclosure

After an annual report, major transaction or inside-information disclosure, the issuer should run a short lessons-learned review. Were decisions timely? Were channels synchronized? Did eRIIS or OAM create friction? Were advisers aligned? Did investors ask predictable questions?

The review should produce concrete improvements: calendar changes, template updates, better escalation triggers, access fixes or training refresh.

Continuous improvement matters because disclosure controls face new fact patterns every year.

A five-line lessons log can be more useful than a long policy that never changes.

Control Why it matters Evidence
Owner Review the control after each major disclosure needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Create a document naming and version policy

Issuer disclosure files fail in surprisingly simple ways: several documents named final, conflicting PDFs on different drives, draft releases sent to advisers after approval, or a website team uploading the wrong file. A naming and version policy prevents these operational errors.

The policy should distinguish draft, board-approved, release-ready, filed, corrected and archived versions. It should also state who can change the document after approval and how emergency corrections are handled.

Version evidence matters when regulators, auditors or investors ask what was released and when. The issuer should be able to point to one authoritative released file.

A clean naming policy is a small control with large practical value.

Control Why it matters Evidence
Owner Create a document naming and version policy needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Monitor media and market reaction after release

A disclosure control should not end at publication. After material releases, investor relations and legal should monitor market reaction, media reports, analyst questions, trading anomalies and rumors. This monitoring can reveal whether the disclosure was understood or whether further clarification is needed.

Monitoring should be especially active after profit warnings, transaction announcements, delayed disclosures, restatements and cyber or litigation updates. If market rumors suggest confidentiality failed before release, preserve the evidence and assess whether procedures need strengthening.

Media monitoring does not mean responding to every article. It means knowing whether the information environment creates a regulatory or communication issue.

The monitoring log should be proportionate but contemporaneous.

Control Why it matters Evidence
Owner Monitor media and market reaction after release needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Coordinate disclosure with treasury and financing activity

Treasury and financing teams often possess market-sensitive information: liquidity position, covenant pressure, refinancing negotiations, bond buybacks, ratings engagement, hedging programmes or major capital allocation decisions. These facts can intersect with issuer disclosure and market abuse controls.

The disclosure committee should understand upcoming treasury events and whether they affect periodic reporting, inside information assessment or prospectus supplements. Treasury teams should know escalation triggers before negotiations or market soundings begin.

Where financing transactions are confidential, insider lists and wall-crossing controls become important. The issuer should also coordinate with banks and legal advisers.

Ignoring treasury as a disclosure-risk source can create blind spots.

Control Why it matters Evidence
Owner Coordinate disclosure with treasury and financing activity needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Use investor questions as control signals

Investor questions can reveal unclear disclosure. If many investors ask the same question after a release, the issuer should assess whether the published information was sufficiently clear or whether future disclosures should be improved.

The issuer should avoid giving selective material information in one-on-one conversations. Investor-relations teams need scripts and escalation rules for questions that might require public disclosure.

A log of recurring questions can feed the next annual report, half-year report, risk factor update or investor presentation review.

Investor engagement is therefore both communication and control feedback.

Control Why it matters Evidence
Owner Use investor questions as control signals needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Plan handover after management changes

Changes in CFO, general counsel, company secretary, investor-relations lead or board chair can weaken disclosure controls if institutional knowledge leaves. A handover pack should include the disclosure calendar, eRIIS access, OAM process, contact lists, committee terms, templates, recent CSSF correspondence and open issues.

The issuer should not rely on the outgoing person to remember everything in a final call. Disclosure controls are recurring obligations and need durable records.

New directors and executives should receive PDMR, MAR and regulated-information training quickly. Their own transaction obligations may begin immediately.

A good handover protects continuity during leadership transitions.

Control Why it matters Evidence
Owner Plan handover after management changes needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Test emergency access before it is needed

Emergency disclosure can fail because credentials, backup contacts or approval routes are not available outside office hours. Issuers should test whether the team can disseminate, store and file regulated information during a crisis.

The test can be simple: confirm access to eRIIS, dissemination provider, OAM process, website publishing, legal adviser contacts and approval authority. It should include backups, not only primary users.

Testing is especially important before holiday periods, market-sensitive transactions and financial-reporting deadlines.

The evidence should record the test date, issues found and fixes completed.

Control Why it matters Evidence
Owner Test emergency access before it is needed needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Integrate ESG and sustainability disclosures carefully

Sustainability and ESG statements can become issuer disclosure risk where they are included in periodic reports, investor materials or regulated information. Claims about climate strategy, transition plans, social metrics or governance controls should be supported and consistent.

Finance, sustainability and legal teams should reconcile sustainability statements with financial risks, strategy, targets, data availability and assurance status. Unsupported claims can create reputational and regulatory issues.

If sustainability information is part of regulated reporting, it should follow the same document control, approval and evidence discipline as financial information.

This avoids treating ESG as narrative content disconnected from issuer obligations.

Control Why it matters Evidence
Owner Integrate ESG and sustainability disclosures carefully needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Build a disclosure evidence index

A disclosure evidence index should list every released document, disclosure type, legal basis, release timestamp, dissemination proof, OAM proof, eRIIS proof, website link, approval record and archive location. This index lets the issuer answer basic review questions without searching several inboxes.

The index should be maintained continuously. For annual and half-year reports, the evidence pack is predictable. For inside information or PDMR notices, evidence may be assembled under time pressure, so a standard index is even more useful.

If a disclosure is corrected, the index should link original and corrected versions and explain the correction reason. This avoids confusion later when two versions circulate.

The index is not a public document. It is an internal control that proves the public disclosure chain happened.

Control Why it matters Evidence
Owner Build a disclosure evidence index needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Separate disclosure judgment from drafting mechanics

Issuer teams sometimes treat disclosure as a document-production task. But judgment and mechanics are different controls. Judgment decides whether information is regulated, inside information, delayed, periodic, corrective or exempt. Mechanics execute dissemination, OAM, eRIIS, website and archive.

Both can fail independently. A correct legal judgment can still fail if eRIIS filing is missed. A perfect filing process can still fail if the issuer made the wrong inside-information decision.

The disclosure committee should record the judgment, and the release-day checklist should record mechanics. Keeping both records makes the file more defensible.

This separation also helps training because different teams own different parts of the process.

Control Why it matters Evidence
Owner Separate disclosure judgment from drafting mechanics needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Use negative controls for no-disclosure decisions

Not every rumor, negotiation, forecast change or operational issue requires immediate disclosure. But no-disclosure decisions should still be controlled when the issue is material enough to discuss. A short negative-control memo can explain why disclosure was not required at that time.

The memo should identify the facts known, information gaps, MAR or Transparency Law issue considered, decision maker, review date and trigger for reassessment. This is particularly useful for early-stage transactions, uncertain litigation, preliminary financing discussions or unconfirmed operating metrics.

If the facts later become inside information or regulated information, the earlier memo shows contemporaneous judgment rather than silence.

Negative controls prevent hindsight from rewriting the decision process.

Control Why it matters Evidence
Owner Use negative controls for no-disclosure decisions needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Coordinate disclosure and financial calendar ownership

The financial calendar should be owned jointly enough to work. Finance owns numbers, legal owns obligations, investor relations owns market communication, and the company secretary often coordinates approvals. If one team owns the calendar alone, less visible dependencies can be missed.

The calendar should include audit committee meetings, board approvals, release dates, quiet periods, PDMR blackout windows, major holding monitoring, voting-rights checks, eRIIS filing tasks and OAM tasks.

Calendar changes should trigger communication to all owners. A delayed audit committee meeting can affect release timing, dissemination booking and investor communication.

A shared calendar is one of the simplest operational controls for issuer compliance.

Control Why it matters Evidence
Owner Coordinate disclosure and financial calendar ownership needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Document adviser reliance without outsourcing judgment

Issuers often rely on external counsel, auditors, listing agents, dissemination providers and banks. Adviser input is important, but the issuer should preserve its own decision record and not treat adviser emails as a substitute for internal judgment.

The evidence file should state which advice was relied upon, what decision the issuer made and who approved it. If advice is privileged, store the record appropriately and keep a non-privileged decision note where useful.

Adviser reliance can support the file, but it does not remove issuer responsibility for disclosure timing and accuracy.

This protects governance while respecting legal privilege.

Control Why it matters Evidence
Owner Document adviser reliance without outsourcing judgment needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Prepare for CSSF questions after publication

A CSSF question after publication should be handled through a controlled response process. Assign an owner, preserve the request, collect facts, involve finance or legal where needed, draft a response, approve it and archive the final submission.

Do not answer regulatory questions through scattered emails. A controlled response reduces inconsistency and preserves evidence for future reviews.

If the question reveals a disclosure error, activate correction assessment rather than treating the response as private clarification only.

Regulatory correspondence should feed lessons learned and control improvements.

Control Why it matters Evidence
Owner Prepare for CSSF questions after publication needs clear ownership Disclosure owner, backup and approval record
Timing Issuer obligations are often time-sensitive Release calendar, timestamp and filing confirmation
Evidence Regulatory review depends on contemporaneous records Memo, documents, confirmations and archive

Issuer disclosure checklist

A practical issuer disclosure checklist should be short enough to use and complete enough to evidence simultaneous obligations. The issuer should adapt it by instrument type, market, home Member State and internal governance.

Control Why it matters Evidence
Classification Identify the disclosure type Regulated information taxonomy entry
Approval Confirm who approved the release Board, committee or officer approval
Dissemination Reach investors actively and non-discriminatorily Dissemination provider confirmation
OAM Store regulated information properly OAM confirmation and indexing proof
CSSF filing File through eRIIS where required Submission timestamp and file copy
Archive Keep a defensible evidence pack Complete release-day checklist

FAQ

Is website posting enough for regulated information? The CSSF page explains that mere availability, for example on an issuer website, is not sufficient; dissemination should involve active distribution to media so investors can access information quickly and non-discriminatorily.

What is regulated information? The CSSF page links it to information required under the Transparency Law and Articles 17 and 19 of the Market Abuse Regulation, including periodic and ongoing information.

What is eRIIS? It is the CSSF web portal for electronic reporting of information concerning issuers of securities, used for filing obligations under the Transparency Law and Market Abuse Regulation.

Who handles market abuse questions at the CSSF? The CSSF market abuse page lists [email protected] for additional information.

Can disclosure be delayed? Delayed disclosure of inside information is a sensitive MAR question that requires contemporaneous assessment, confidentiality controls and legal review.

Source risk and update note

Issuer disclosure rules, eRIIS processes, CSSF FAQs and MAR interpretation can change. This guide was checked against CSSF official pages on 20 May 2026 and should be used as operational publication guidance, not legal advice.

Official source and decision check

Use this section as the practical checkpoint for CSSF Issuer Regulated Information and Market Abuse Disclosure in Luxembourg: Practical Control Guide. The reader decision is whether the available evidence is strong enough to act now, or whether the file should first be confirmed with the CSSF, Luxembourg official journal or EU source. Rules can change by country, status and date, so treat this guide as orientation for the file and recheck the current rule before relying on a filing obligation, governance deadline, supervisory scope or reporting workflow.

For expats, foreigners, students, workers, founders, families and other mobile readers, record the reader category, country, residence status and deadline before comparing the official source with the article checklist.

Official sources to verify first

Decision pointWhat to checkReader action
Luxembourg issuer disclosure dutyConfirm that the case is really about Luxembourg issuer disclosure duty, not a different category that follows another rule.Write down the country, authority, dates, status and document number before asking for a decision.
File for CSSF, Luxembourg official journal or EU sourceKeep the instrument, deadline and disclosure evidence in one dated file, with originals, translations where required and proof of submission.Save receipts, emails, appointment confirmations, payment records and authority replies in the same order as the checklist.
CSSF Issuer Regulated Information and Market Abuse Disclosure in Luxembourg: Practical Control Guide fallbackIf the answer is refused, delayed or unclear, identify the competent authority, review window, complaint route or regulated provider escalation path.Ask for the reason in writing and compare it with the official source before paying again, travelling, closing an account or resubmitting.
When the answer is unclearWhat to do next
The authority, bank, insurer, employer or provider gives a verbal answer only.Ask for the answer in writing, save the name of the office or provider, and compare it with the official source before changing travel, payroll, residence or payment plans.
The file depends on a deadline, appointment, payment, address or status change.Keep the dated receipt, note the next deadline, and avoid closing the old route until the replacement document, account, policy or registration is confirmed.

Related guides to cross-check

For legal, tax, medical, immigration or financial consequences, confirm the position with the competent authority or a qualified adviser. This page is designed to organize the decision, source checks and next steps; it is not a substitute for case-specific professional advice.