UBO Registers, the UK PSC and the Privacy Crisis: Why Europe's Transparency Drive Is Backfiring

The EU's Transparency Ambition and Its Unintended Consequences

For over a decade, the European Union pushed hard for corporate transparency. The 4th and 5th Anti-Money Laundering Directives mandated that EU member states establish publicly accessible Ultimate Beneficial Owner (UBO) registers. The logic was straightforward: if anyone could look up who owns a company, it would deter financial crime and tax evasion. By 2022, most EU member states had complied. Then the Court of Justice of the European Union changed everything.

The CJEU Ruling: A Fundamental Shift

In November 2022, the CJEU issued a landmark ruling invalidating the public access provisions of the 5th Anti-Money Laundering Directive. The Court found that unrestricted public access to UBO registers constitutes a serious interference with the fundamental rights to privacy and personal data protection under the EU Charter. In plain terms: making beneficial ownership information freely accessible to anyone with an internet connection is a disproportionate measure that cannot be justified by AML objectives alone.

The ruling did not abolish UBO registers. Competent authorities, financial institutions, and obliged entities can still access UBO data for legitimate purposes. What was struck down was the principle that any member of the public, with no demonstrated legitimate interest, could search and extract information about who owns what.

The UK PSC Register: A Different Problem

The UK left the EU before the CJEU ruling had any legal effect on its regime. The Persons with Significant Control (PSC) register, maintained by Companies House, remains largely public. Anyone can search Companies House, retrieve the name, nationality, partial date of birth, and nature of control of individuals holding more than 25% of shares or voting rights, or otherwise exercising significant influence or control over UK companies.

Post-Brexit reforms have introduced some improvements, including identity verification requirements for company directors and PSCs. But the fundamental architecture remains: beneficial ownership information for UK companies is publicly searchable. For private individuals who own UK holding structures, operating companies, or real estate vehicles, this creates meaningful and ongoing exposure.

Real Risks for Beneficial Owners

The risks are not theoretical. When your name, nationality, and ownership stake in a company are publicly accessible, several threat vectors emerge:

• Targeted harassment and extortion: Business disputes, disgruntled former partners, or opportunistic actors can identify and approach beneficial owners directly using public register data.
• Physical security risks: For high-net-worth individuals, UHNWI families, and executives operating in sensitive markets, public ownership data creates a roadmap for those with harmful intent. Kidnapping and security risks are not theoretical in a number of active jurisdictions.
• Competitive intelligence exposure: Counterparties and competitors can map your corporate structure, track acquisitions, and understand your business before any negotiation begins.
• Reputational targeting: Activist groups, journalists, or political actors can selectively publicize ownership information without context, creating reputational damage regardless of the legality of the underlying structure.

None of these risks require the beneficial owner to have done anything wrong. Transparency, when it is genuinely public and unrestricted, creates exposure for law-abiding individuals alongside bad actors.

The Post-CJEU Fragmentation Across Europe

The CJEU ruling has produced significant fragmentation across EU member states. Each country has responded differently and at a different pace:

• Luxembourg and the Netherlands moved quickly to restrict public access, limiting searches to parties with a demonstrable legitimate interest.
• Germany and Austria restricted general public access while maintaining access for press, civil society organizations, and entities with a documented legitimate purpose.
• Several smaller member states have been slower to implement changes, leaving their registers effectively open during a transitional period that has extended well beyond initial expectations.

This creates a patchwork. An individual who holds structures in multiple EU jurisdictions may find that their information is well-protected in one country and freely accessible in another. The fragmentation is structural, not a temporary gap that will close quickly. Differences in national implementation of AML directives are a feature of how EU law operates in practice.

Building Structures That Protect Privacy While Remaining Compliant

The answer to these risks is not opacity or regulatory evasion. Any advisor who suggests hiding beneficial ownership from competent authorities is creating far greater problems than the ones being solved. The question is how to build structures that comply fully with disclosure obligations to regulators and financial institutions, while limiting exposure to unrestricted public access.

Several legitimate approaches are available:

• Jurisdictional selection: Holding structures established in jurisdictions that protect UBO data from public access while meeting international standards, including FATF and OECD CRS requirements, provide a defensible balance. The UAE, Singapore, and certain well-regulated offshore jurisdictions offer this combination.
• Trust and foundation structures: Properly established trusts and private foundations can separate legal ownership from beneficial interest in ways that are fully disclosed to competent authorities but that do not appear in public company registers.
• Nominee arrangements with proper documentation: In some jurisdictions, nominee shareholders or directors are permissible provided the underlying beneficial ownership is properly documented and disclosed to regulators. This is a recognized structural tool, not a concealment mechanism.
• Reviewing UK-held assets: For individuals with legacy UK holding structures, the continued public nature of the PSC register may warrant a review of whether those structures remain fit for purpose given their privacy implications and the alternatives now available.

The key principle throughout is consistent: full disclosure to competent authorities, financial institutions, and tax administrations is non-negotiable. The objective is to avoid unnecessary public exposure, not to avoid legitimate regulatory scrutiny.

What This Means in Practice

Beneficial owners with European exposure need to audit their current structures against two concrete questions. First, which registers currently contain their information and who actually has access to it? Second, is that level of access proportionate to the regulatory purpose, and does it create risks that can be mitigated through legitimate restructuring?

The CJEU ruling created space for protection that did not exist before 2022. Member states are still adapting. That window should be used deliberately.

How Bolster Group Can Support You

Bolster Group advises individuals and corporate clients on cross-border structuring, beneficial ownership compliance, and privacy-compliant holding architectures. If you are reviewing your current structures in light of evolving UBO register requirements, or considering a reorganization that balances compliance with legitimate privacy protection, we are available to assist.

Contact us at contact@bolster-group.com.