How to Keep an IPO Data Room Compliant with AMF and Euronext Requirements

The Autorité des marchés financiers (AMF) is continually seeking ways to ensure companies can go public in as safe and straightforward a manner as possible. As part of its Impact 2027 strategic plan, the regulator took into account best practice from around the world and implemented a range of measures in 2025 to speed up the process of running an initial public offering (IPO).

However, any changes to streamline the workflow for going public do not excuse you from your responsibility to meet the requirements of AMF, Euronext Paris and the Market Abuse Regulation (MAR):

  • AMF oversees market integrity and investor protection in France.
  • MAR sets the rules on inside information, unlawful disclosure and market manipulation that shape how you handle information throughout the IPO process.
  • Euronext adds its own listing and admission requirements and process expectations, which your corporate team and advisors need to meet alongside your regulatory obligations.

An IPO data room is key to meeting your obligations. It reduces the risk of selective disclosure, where information leaks to some stakeholders before you officially disclose it to the market. As well as this risk of market abuse, poorly controlled documentation can lead to a delay in the process and data security issues. This article explains how to manage an IPO process through a virtual data room (VDR) in a manner that meets the expectations of the law, the regulator and the stock exchange.

Key takeaways

  • IPO data rooms are subject to AMF, MAR and Euronext requirements.
  • Identify and control inside information before uploading it to your VDR.
  • Access controls and audit trails are essential for compliance with your obligations.
  • Fair access and equal information are critical during investor processes.
  • A compliant data room is a governance and compliance process, not just a handy tool.

Free template Legal due diligence checklist Prepare your data room with confidence. Download our practical checklist to organise contracts, compliance documents, financial information, litigation records and other key materials from day one. Download the template

What AMF requires for IPO data rooms

AMF has a number of requirements for how companies use data rooms during IPOs, mainly with regard to the use of inside information, which is relevant during the IPO process. Here are the details of your obligations to AMF:

  • Companies should use a data room only when it is necessary for a significant transaction, with AMF rating them as an exceptional arrangement for sharing sensitive information. An IPO will usually meet this requirement.
  • Limit the sharing of inside information within the virtual data room to only that which participants, such as advisors, underwriters and institutional investors, who require it to properly assess your offering.
  • All participants should sign non-disclosure agreements (NDA) that clearly prohibit them disclosing details from the VDR to unauthorised persons and limit the use of the information strictly to the IPO preparation process.
  • Only allow access to those with “serious intent” regarding the IPO. Have institutional investors provide a letter of intent to show that they are committed to buying into your public offering if the terms are agreeable.
  • Ensure fair and equal access to information when there are multiple investor groups interested in your IPO. Make sure your VDR access controls are the same for each party so all potential shareholders are working from the same information. Each competitor must sign the same standard of confidentiality agreement.
  • To restore equality among all investors, any privileged information shared with potential acquirers must be published by the issuer as soon as possible after the data room closes. When you issue a prospectus, AMF recommends including a declaration that the issuer has restored equality of access to information between investors by publishing that prospectus.

MAR requirements: Managing inside information during an IPO

Inside information is that which is specific, non-public and likely to move the price of a financial instrument if made public significantly enough that a reasonable investor could use it to inform their investment decisions. You must either disclose inside information straight away or, if you have a valid reason to delay disclosure, maintain insider lists of those with access to the information and protect against the unlawful disclosure of the information or insider dealing, where an insider profits from access to privileged information.

During the sharing of information with parties such as legal counsel, investment bankers and regulators within the VDR, you may give them access to inside information. Under the new EU Listing Act updates to MAR from June 2026, an IPO is deemed a ‘protracted process,’ and you will only have to disclose inside information to the market after the ‘final event’ in the workflow.

During the process, you need to adhere to the requirements of MAR surrounding inside information. These include:

  • Identifying inside information early is key. Determine which documents, discussions and financial information in the IPO process could qualify as inside information under MAR.
  • Maintaining an accurate insider list featuring everyone who has access to the inside information during your IPO, editing it when people gain and lose access to the information and keeping timestamped records of each version.
  • Informing all insiders of their place on the list and having them fill in the personal details in the format required by the European Securities and Markets Authority (ESMA). Ensure they know their responsibilities not to disclose the information or to use it for insider dealing.
  • Using secure systems for document sharing during the IPO. Protect the integrity of the inside information by using controlled platforms, such as a VDR, rather than email or unsecured channels where there is a risk it will leak.
  • Coordinating communications to ensure legal advisers, banks and company representatives with access to the VDR align on messaging to prevent accidental disclosure.
  • Documenting decisions and controls throughout the process. Keep records of access permissions, disclosures and compliance actions to demonstrate proper governance if regulators review the transaction.
  • Preparing a clear disclosure strategy, detailing how and when inside information will be disclosed to the market, particularly as the IPO approaches approval and announcement.

Euronext requirements for IPO issuers

  • Ongoing disclosure obligations before and after admission to trading
    As you prepare to list and once you are admitted, you must be ready to publish market-sensitive information in line with MAR and Euronext’s issuer framework, so your VDR should help you control drafts and provide evidence of who saw what and when.
  • Coordinating data room use with public announcements
    Treat the VDR as your private workspace for drafting and verification, but ensure anything that could move the price does not circulate beyond authorised deal participants within the VDR before it is publicly announced. Selective disclosure is a market abuse risk and could make you non-compliant.
  • Supporting fair and orderly markets during the IPO process
    Euronext’s market integrity focus means you should control access to sensitive IPO materials and keep a clear record of disclosures, Q&A and document versions in the VDR. This means all authorised interested parties receive the same information.
  • Market segment considerations
    Requirements vary by segment:
  • Euronext Paris is a regulated market with the fullest disclosure framework.
  • Euronext Growth has its own harmonised rulebook and issuer information processes.
  • Euronext Access uses a lighter model supported by a Listing Sponsor.

Your VDR governance should match the segment’s admission process and ongoing obligations.

IPO data room governance and controls checklist

Area

Action

Completed?

Governance

Classify documents by sensitivity level such as public information, confidential materials, inside information and personal data.

Define clear roles for who approves document uploads and who manages and responds to Q&A requests.

Maintain a structured log assessing whether documents constitute inside information.

Access and controls

Gate access through NDAs and letters of intent where appropriate.

Use named user accounts with multi-factor authentication and apply least-privilege permissions so participants only see what they need.

Implement watermarking, download restrictions and automatic access expiry.

Generate full audit logs showing views, downloads and prints.

Market abuse and disclosure

Maintain and regularly update insider lists for anyone with access to inside information.

Apply trading prohibitions where you share inside information.

Prepare contingency plans in case inside information needs to be disclosed to the market quickly.

Fairness

Ensure parity of access so no investor group receives privileged information before it is publicly disclosed.

Keep clear documentation demonstrating that all participants were treated equally during the IPO process.

GDPR

Apply data minimisation by sharing only necessary personal data and use redaction or anonymisation where possible.

Establish clear controller and processor responsibilities with the VDR provider before you put the data room into action.

Implement retention schedules with secure deletion once the IPO process concludes.

Common IPO data room compliance mistakes

  • Uploading documents without assessing them for inside information. This can lead to sharing information that distorts the market and gives some parties an unfair advantage over other investors. Unlawfully disclosing insider information is a market abuse violation.
  • Incomplete or outdated insider lists are also an infringement of MAR. The benefit of complete and current insider lists is that they provide a full account of who knew what and when. Failing to do so can hinder investigations and lead to sanctions and reputational damage for your company.
  • Unequal access between investor groups can cause the breakdown of relationships with interested shareholders who would have invested until they realise that they did not have all the information needed to level the playing field.
  • Weak documentation of decisions and access to the data room make it difficult to ensure there is equal access or that your insider lists are complete. You need strict governance to maintain compliance with the requirements of AMF, MAR and Euronext.
  • Treating the data room as purely technical infrastructure, rather than as a governance and compliance control that manages inside information, disclosure risk and regulatory accountability during the listing process.
CONCLUSION

You must consider the requirements of AMF, MAR and Euronext when you look to issue an initial public offering in France. This means embedding compliance early in the process and managing who gains access to which information about the upcoming deal in your virtual IPO data room. Ensure they know their responsibilities and use your data room as part of your disclosure framework, giving equal access at the same time to interested parties. It also helps you keep track of who accessed which information and when.

Admincontrol’s virtual data room streamlines your document management, keeping everything organised and easy to find. You can manage access easily to ensure only authorised parties can see certain information and communicate securely within the data room. It also allows you to see which documents attract the most attention to help you streamline your equity story ahead of IPO. Request a demo today.

FAQ

Can inside information be shared in an IPO data room?

Yes, inside information can be shared in an IPO data room, provided access is strictly limited to authorised participants and you meet the conditions under the EU Market Abuse Regulation. Companies must ensure the information is only used for the transaction and that appropriate controls prevent onward disclosure.

Who must be added to insider lists?

Any internal employee or external advisor who gains access to inside information during the IPO process must be on the insider list. This typically includes executives, legal advisers, investment banks, auditors and other transaction participants who receive non-public price-sensitive information.

Does GDPR apply to IPO data rooms?

Yes, GDPR applies whenever personal data is processed in the IPO data room, such as employee records, customer information or contract details. Issuers must apply data minimisation, ensure lawful processing and implement appropriate security measures to protect that data.

What happens if confidentiality is lost?

If inside information leaks or you can no longer guarantee its confidentiality, you may need to disclose the information to the market without delay. This ensures all investors receive the same information at the same time and helps maintain fair and orderly markets.

References and further reading

Related Articles

See all posts
Virtual Data Room
How Audit Trails in VDRs Strengthen Legal Defensibility

01-05-26

Virtual Data Room
How to Choose a Data Room Provider: The Decision Framework for Corporate Teams

01-05-26

Virtual Data Room
Data Room Features for M&A and Due Diligence: The Complete Checklist

30-04-26

Virtual Data Room
How to Set Up a Data Room for a Merger: Restricted Access & Audit Trails

29-04-26

Virtual Data Room
From Draft Prospectus to Listing: How a VDR Supports the IPO Journey

20-03-26

Share this post