KMMV: Specification of insider disclosure requirements

RegCORE Client Alert | German Regulatory Developments

Authors: Michael Huertas, Hagen Weiss and Maximilian Kunz

Outlook

Germany’s Crypto Markets Communication RegulationAvailable at: https://www.gesetze-im-internet.de/kmmv/index.htmlShow Footnote (Kryptomärktemitteilungs-Verordnung - KMMV) was announced in the Federal Law Gazette on 28 August 2025 based on the regulatory authority granted to the Federal Financial Supervisory Authority (BaFin) and came into force on 29 August 2025. On 18 September, BaFin published the KMMW communication on its website.Available at: https://www.bafin.de/SharedDocs/Veroeffentlichungen/DE/Meldung/2025/neu/meldung_2025_09_18_kryptomaerktemitteilungs-verordnung_kmmv.htmlShow Footnote

Through the KMMV, BaFin specifies the content and manner in which crypto-asset issuers, providers and other market participants must publish insider information in accordance with Sect. 36 of the Crypto Markets Supervision ActAvailable at: https://www.gesetze-im-internet.de/kmag/Show Footnote (Kryptomärkteaufsichtsgesetz - KMAG) and report it to the supervisory authority. The KMMV fits into the European legal framework and serves to further implement the KMAG, which anchors both Regulation (EU) 2023/1114Available at: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32023R1114Show Footnote (Markets in Crypto-Assets Regulations - MiCAR) and the technical implementing standards adopted pursuant to it into Germany’s legislative, regulatory and supervisory framework.

Key takeaways

The KMMV focuses in particular on the operational implementation of the requirements of the KMAG and MiCAR with regard to insider information into national law. Within the scope of application, the KMMV expressly refers to Implementing Regulation (EU) 2024/2861Available at: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=OJ:L_202402861Show Footnote, which establishes the technical framework for disclosure and deferral under MiCAR. The KMMV thus establishes the interface between national supervisory communication and EU legal requirements.

Sect. 2 of the KMMV specifies the content of insider information notifications to be submitted to BaFin by issuers, offerors or applicants pursuant to Sect. 36 para. 1 KMAG. The wording, time and specific media channels of the publication must be specified in accordance with Article 88 para. 1 MiCAR, as well as a contact person at the issuer, offeror or applicant with a telephone number and email address. A mere reference notification without the full text of the publication is therefore not sufficient; at the same time, the immediate availability of the responsible body is legally established.

With regard to the manner of transmission within the meaning of Article 3 para. 1 and 3 of Implementing Regulation (EU) 2024/2861, Sect. 3 KMMV stipulates that all notifications must be transmitted in electronic form via a channel specified by BaFin on its website. In addition, BaFin may require the use of its reporting and publication system. In practice, this means using the BaFin portal or the approved reporting channels.

Sect. 4 para. 1 KMMV requires more extensive information regarding the deferral notification pursuant to Article 88 para. 3 MiCAR in addition to the provisions of the Implementing Regulation. The following information must be provided in addition to the minimum requirements of the Implementing Regulation: All dates on which the continued existence of the reasons for the deferral was reviewed, first and last names, business addresses, work telephone numbers and email addresses of all persons involved in the decision on the deferral. This additional information increases the traceability of internal decision-making and the audit trail.

In its publication of 18 September 2025, BaFin emphasises once again that the KMMV specifies existing MiCAR obligations and addresses both the content and the manner of transmission and cases of deferral. All addressees are therefore subject to the principle of immediate disclosure and, at the same time, immediate notification to the supervisory authority with clear electronic delivery.

Key considerations for firms

For financial service providers and other MiCAR-relevant firms, the greatest practical leverage is the standardisation of disclosure and delay processes. The mandatory content under Sect. 2 KMMV requires that the published text be available in its entirety and that the specific channels be named. Those who previously only referred to a web URL must now ensure that the wording, time stamp and channel selection are documented and included in the BaFin notification. This requires close cooperation between legal, communications, IT and, where applicable, investor relations departments.

Sect. 3 sent. 2 KMMV gives BaFin the option of specifying the transmission channel and requiring the use of its reporting and publication system. The designated electronic transmission channels must be used and the necessary technical requirements should be put in place in good time. Companies should define their interfaces, tests and fallbacks, including clear procedures for system malfunctions. Those who already have processes in place for ad hoc disclosures under the EU’s Market Abuse RegulationAvailable at: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32014R0596Show Footnote (Marktmissbrauchsverordnung - MAR) can adapt these templates but must observe the KMMV-specific requirements.

With regard to governance, documentation and data protection, particular attention is paid to the regulatory content of Sect. 4 para. 1 KMMV. The minimum content for deferral notifications stipulated therein goes beyond the provisions of the Implementing Regulation in a supplementary manner. The notification to the supervisory authority must in any case contain the information specified in Article 3 para. 2 of Implementing Regulation (EU) 2024/2861, including the ‘disclosed inside information’ (title/reference, date/time of disclosure), the identity of the issuer and the reporting person, the contact point, the time of the deferral decision and the function of the decision-makers.

The main differences between the consultation draft published in November 2024 and the final version lie less in new content than in the finalisation of legal technicalities. The draft already contained the core elements of the regulation that has now been adopted. Compared to the draft, references and terms from the legislative process have been transferred to the final references in the KMAG and the BaFinBefugVAvailable at: https://www.gesetze-im-internet.de/bafinbefugv/Show Footnote. The intention remains the same: BaFin is using its regulatory power to supplement Implementing Regulation (EU) 2024/2861 with additional transparency points.

During the consultation process, it was suggested, among other things, that the opening clause in Article 88 para. 3 sent. 2 MiCAR be used, according to which the explanation of compliance with the substantive deferral requirements would only have to be submitted at the request of the authority. The Federal Association of Securities Firms expressly advocated this relief option. However, the final KMMV does not adhere to this. It requires the information pursuant to Sect. 4 KMMV to be provided already with the deferral notification. This confirms the national desire for greater documentation density and immediate verifiability.

The KMMV now provides issuers, providers and applicants subject to MiCAR with legal certainty as to what information they must submit to BaFin, when and in what form, which reduces the scope for interpretation and thus also reduces the risk of sanction proceedings. The obligation to disclose all review dates for deferrals requires a complete record of when the conditions for deferral were reassessed. The obligation to name all persons involved in the decision, including contact details, requires a clear distribution of roles and a continuously maintained responsibility assignment matrix. Obligated companies should check whether their internal guidelines on insider definition, escalation, confidentiality and logging already reflect these granular requirements.

For day-to-day implementation, some firms may wish to consider introducing a disclosure and delay playbook with the following three components: 

1. A decision tree that maps the threshold for inside information under MiCAR and the criteria for deferral;
2. Operational templates for immediate disclosure and deferral notifications that already contain the mandatory fields from Sect. 2 and 4 of the KMMV; and 
3. A protocol standard that secures timestamps, review steps and persons involved in an audit-proof manner and links consistent communication to BaFin with the technical requirements of Implementing Regulation (EU) 2024/2861.

Outlook

Further guidance from the authorities is to be expected in the initial phase. This could take the form of FAQs or information sheets providing further details on formats, deadlines and individual cases. In future, supervisory practice will further tighten expectations regarding consistency, completeness and timelines. BaFin receives standardised data in real time, enabling it to detect anomalies more quickly. This increases the risk of fines and reputational damage for obligated companies in the event of missing or late reports.

In view of the additional requirements of the KMMV, for many firms it may be advisable to carry out a timely gap check and a trial run of the systems and processes. However, those who integrate the KMMV reporting requirements into their workflow will reduce the risk of sanctions and will be able to meet regulatory expectations.

About us

PwC Legal is assisting a number of financial services firms and market participants in forward planning for changes stemming from relevant related developments. We have assembled a multi-disciplinary and multijurisdictional team of sector experts to support clients navigate challenges and seize opportunities as well as to proactively engage with their market stakeholders and regulators.

Moreover, we have developed a number of RegTech and SupTech tools for supervised firms, including PwC Legal’s Rule Scanner tool, backed by a trusted set of managed solutions from PwC Legal Business Solutions, allowing for horizon scanning and risk mapping of all legislative and regulatory developments as well as sanctions and fines from more than 2,500 legislative and regulatory policymakers and other industry voices in over 170 jurisdictions impacting financial services firms and their business.

Equally, in leveraging our Rule Scanner technology, we offer a further solution for clients to digitise financial services firms’ relevant internal policies and procedures, create a comprehensive documentation inventory with an established documentation hierarchy and embedded glossary that has version control over a defined backward plus forward looking timeline to be able to ensure changes in one policy are carried through over to other policy and procedure documents, critical path dependencies are mapped and legislative and regulatory developments are flagged where these may require actions to be taken in such policies and procedures.

The PwC Legal Team behind Rule Scanner are proud recipients of ALM Law.com’s coveted “2024 Disruptive Technology of the Year Award” and the “2025 Regulatory, Governance and Compliance Technology Award in 2025”.

If you would like to discuss any of the developments mentioned above, or how they may affect your business more generally, please contact any of our key contacts or PwC Legal’s RegCORE Team via de_regcore@pwc.com or our website.