Account representatives shall be able to access their accounts in the Union Registry through the secure area of the Union Registry. The central administrator shall ensure that the secure area of the Union Registry website is accessible through the Internet. The website of the Union Registry shall be available in all official languages of the Union.

The central administrator shall ensure that accounts in the Union Registry, where access through external platforms in accordance with Article 21(4) is enabled and one authorised representative is also the authorised representative of an external platform account, are accessible to the external platform operated by the holder of that external platform account.

Communications between authorised representatives or external platforms and the secure area of Union Registry shall be encrypted in accordance with the security requirements set out in the data exchange and technical specifications provided for in Article 79.

The central administrator shall take all necessary steps to ensure that unauthorised access to the secure area of the Union Registry website does not occur.

If the security of the credentials of an authorised representative or additional authorised representative has been compromised, the authorised representative or additional authorised representative shall immediately suspend access to the relevant account, inform the administrator of the account thereof and request a replacement.

The Union Registry shall issue each authorised representative and additional authorised representative with a username and password to authenticate them for the purposes of accessing the registry.

An authorised representative or additional authorised representative shall only have access to accounts in the Union Registry for which he is authorised and shall only be able to request the initiation of processes for which he is authorised pursuant to Article 21. That access or request shall take place through a secure area of the website of the Union Registry.

In addition to the username and password referred to in paragraph 1, secondary authentication for the purpose of accessing the Union Registry shall be provided. The types of secondary authentication mechanisms that can be used to access the Union Registry shall be set out in the data exchange and technical specifications provided for in Article 79.

The administrator of an account may assume that a user who was successfully authenticated by the Union Registry is the authorised representative or additional authorised representative registered under the provided authentication credentials, unless the authorised representative or additional authorised representative informs the administrator of the account that the security of his credentials has been compromised and requests a replacement of his credentials.

The authorised representative shall take all necessary measures to prevent the loss, theft or compromise of its credentials. The authorised representative shall immediately report to the national administrator the loss, theft or compromise of its credentials.

The Commission may instruct the central administrator to suspend access to the Union Registry or the EUTL or any part thereof where it has a reasonable suspicion that there is a breach of security of the Union Registry or the EUTL or that there exists a serious security risk to the Union Registry or the EUTL that threatens the integrity of the system, which includes the back-up facilities referred to in Article 65.

In the event of a breach of security or a security risk that may lead to suspension of access, an administrator who becomes aware of the breach or risk shall promptly inform the central administrator of any risks posed to other parts of the Union Registry. The central administrator shall inform all other administrators.

If an administrator becomes aware of a situation that requires the suspension of all access to the accounts that it manages in accordance with this Regulation, it shall inform the central administrator and account holders with such prior notice of the suspension as is practicable. The central administrator shall inform all other administrators as soon as possible.

The notice referred to in paragraph 3 shall include the likely duration of the suspension and shall be clearly displayed on the public area of the EUTL’s website.

The Commission may instruct the central administrator to suspend access to allowances or Kyoto units in the Union Registry or the EUTL for a maximum period of two weeks if it suspects that the allowances or Kyoto units have been the subject of a transaction constituting fraud, money laundering, terrorist financing or other serious crime.

The administrator or the Commission shall immediately inform the competent law enforcement authority of the suspension.

A national law enforcement authority of the Member State of the national administrator may also instruct the administrator to implement a suspension on the basis of and in accordance with national law.

The national administrator, its directors and its employees shall cooperate fully with the relevant competent authorities to establish adequate and appropriate procedures to forestall and prevent operations related to money laundering or terrorist financing.

The information referred to in paragraph 2 shall be forwarded to the FIU of the Member State of the national administrator. The national measures transposing the compliance management and communication policies and procedures, referred to in Article 34(1) of Directive 2005/60/EC, shall designate the person or persons responsible for forwarding information pursuant to this Article.

The Member State of the national administrator shall ensure that the national measures transposing Articles 26 to 29, 32, and Article 35 of Directive 2005/60/EC apply to the national administrator.

The Commission may instruct the central administrator to temporarily suspend the acceptance by the EUTL of some or all processes originating from the Union Registry if it is not operated and maintained in accordance with the provisions of this Regulation. It shall immediately notify national administrators concerned.

The central administrator may temporarily suspend the initiation or acceptance of some or all processes in the Union Registry for the purposes of carrying out scheduled or emergency maintenance on the Union Registry.

A national administrator may request the Commission to reinstate processes suspended in accordance with paragraph 1 if it considers that the outstanding issues that caused the suspension have been resolved. If this is the case, the Commission shall instruct the central administrator to reinstate those processes. It shall otherwise reject the request within a reasonable period and inform the national administrator without delay, stating its reasons and setting out criteria to be fulfilled for a subsequent request to be accepted.