On 16 December 2025, the CSSF published Circular CSSF 25/900 (the “Amending Circular”) amending Circular CSSF 22/811 on the authorisation and organisation of entities acting as UCI administrators (the "UCIA Circular"), with immediate effect as of 16 December 2025.
The Amending Circular introduces targeted amendments to the UCIA Circular, in particular in relation to the annual reporting framework applicable to UCI administrators and the applicable ICT and digital operational resilience requirements.
Key points to note
Annual reporting framework
The Amending Circular repeals Annex B of the UCIA Circular with immediate effect. As a result, the UCIA Circular now provides that the UCI administrator must communicate to the CSSF, on an annual basis, information regarding its UCI administration activities in accordance with the reporting modalities and instructions as further detailed on the CSSF website.
The previous reference to a fixed list of information set out in Annex B, as well as the explicit reference to a five-month deadline following the financial year-end of the UCI administrator, has been removed from the UCIA Circular.
The CSSF’s website distinguishes the reporting requirements for those UCI administrators that are banks or investment firms (via the long form report, the requirements of which have been amended via CSSF circular 25/870), other specialised professionals of the financial sector (via the SAQ on the e-Desk within 3 months of the end of the year) and other UCI administrators (via the e-Desk or an API solution within 5 months of the end of the financial year).
ICT and digital operational resilience framework:
The Amending Circular updates the UCIA Circular to reflect the applicability of Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (DORA). UCI administrators falling within the scope of DORA are required to comply with its requirements.
The UCIA Circular also refers to Circular CSSF 25/882 on ICT third-party risk management for entities subject to DORA and confirms that UCI administrators outside the scope of DORA remain subject to the applicable ICT and outsourcing requirements, including Circular CSSF 22/806.
BSP remains available to assist with any questions relating to the interpretation and application of the Amending Circular and the UCIA Circular.
Share on
