Access matters: Designing user-centered and responsible beneficial ownership disclosure regimes

Publication date: 06 May 2026
Author: Open Ownership

Photo by Szabo Viktor on Unsplash.

Accessing information that is easy enough to interpret, connect, and rely on is fundamental to maximise its usability and impact. When designing beneficial ownership transparency (BOT) reforms, governments need to think thoroughly why beneficial ownership (BO) information should be accessible, by whom, and in what ways. These decisions affect the reforms’ effectiveness and policy outcomes, ranging from preventing the misuse of companies and trusts, to tackling crime and creating an enabling business environment, to encouraging more effective, accountable public financial management.

Effective access to BO information involves designing access regimes in a way that is both user-centred, meaning information is usable by a wide range of actors, and responsible, appropriately balancing transparency with privacy and data protection. In our latest policy briefing we outline key considerations for designing access regimes effectively and maximising impact.

Striking the right(s) balance

Who should have access to BO information, and how to balance access with privacy, have been the subjects of much debate. Ultimately, implementing governments should ensure users relevant to their policy objectives have access to usable information, and that the access regime strikes a balance between transparency and privacy. Where this balance lies will be specific to each legal and policy context, and different countries have taken different approaches to this. These decisions are key to ensuring implementation is effective, responsible, and sustainable. This means the reforms meet the needs of users of BO information; respect rights, minimising risks of abuse and enabling accountability; and ensure the disclosure regime is robust and able to withstand potential legal challenges.

Beneficial owners, by definition, are natural persons, so BO information inherently constitutes personal data. However, privacy and data protection are not absolute rights. This means they can be limited in certain circumstances – for example, if it is deemed in the general interest to do so, or when they are in conflict with other rights. The European Court of Justice’s ruling from November 2022, where indiscriminate public access to BO information for anti-money laundering (AML) purposes was found to be legally invalid, catalysed discussions at national and international levels about who should have access to what information. This highlighted the need to find more legally robust and nuanced solutions to delivering the access that a range of actors need to BO data while appropriately protecting other rights.

Therefore, having a thorough and comprehensive understanding of who needs access to what information, in what ways, and for what purpose is not only fundamental to designing effective and impactful reforms, but also to implementing responsible and sustainable reforms that comply with domestic privacy and data protection laws.

Designing access regimes

In order to design an access regime that places data usability at its core, and considers privacy and data protection in this process, implementing agencies should consider their contexts by:

Clarifying policy purpose: Clearly defining the policy goals of BOT reforms from the outset is fundamental to inform subsequent decisions about laws, policies, and systems. A narrow purpose – such as AML – may make it easier to build quick, broad political support for reforms, but it limits the wide-reaching impact that BOT can have on various other policy areas, which many countries may also wish to advance – from investigating corruption schemes in public procurement, to tackling tax abuse, to informing investment decisions. Providing a broader range of objectives based on impact assessments and consultations with implementing agencies, potential users, and businesses will maximise the impact of BOT reforms.
Reviewing legal frameworks and international standards: Existing countries’ obligations and requirements under national and international legal and policy frameworks typically inform the design of access regimes in BOT reforms. For example, in the Philippines, the domestic procurement law requires specific access to BO information for public procurement authorities. In the European Union (EU), the 6th Anti-Money Laundering Directive requires member states to implement specific access provisions for various categories of users. As for international standards, the Global Forum’s Exchange of Information on Request for tax purposes requires competent authorities to share information with counterparts abroad.
Identifying relevant users and understanding their needs: Considering all relevant users, including foreign users, and engaging them through user research will help the design of systems which are useful, and which embed necessity and proportionality. User research will also enable policy makers to be intentional and to ground access rights in evidence about users’ needs, rather than on broad assumptions.

Layers of access

Once the objectives of the reforms have been defined, and relevant users and their needs have been mapped out, different layers of access can be designed. Three main considerations should be taken into account when designing access layers:

Who can access the data and for what purpose

Layers of access are either publicly accessible or limited to specific users or groups. Research with users of BO information shows that – across all policy goals – a variety of stakeholders are expected to use data in complementary ways to achieve impact. Therefore, a wide range of stakeholders (potentially representing different sectors) should be considered when defining who will have access to what information. Where possible, providing public access is by far the easiest way to ensure the broadest range of relevant users have access to some BO information. However, experiences in the EU show that public access does not necessarily guarantee effective access to usable data. Implementing a layer of public access does not preclude governments from designing additional dedicated layers for specific user groups that have more extensive needs, but can ensure that foreign users or users who may not fall neatly into recognised or pre-defined categories – which often play a critical role in identifying wrongdoing – do not struggle to meet eligibility criteria.

What information users can access and how flexibly it can be used

Each layer should have data usability at its core. There are a series of data features which are key to this, relating to the scope of information (type of legal vehicles covered or access to historical information); the specific content (data fields, reliable identifiers, or personal information included); and how the information can be delivered and searched (whether it is accessible through an API, or in bulk, and in which format).

Some countries have adopted a business model that includes charging companies and data users with a fee to access BO information. Where these fees exist, all user groups have reported that the cost creates barriers to effective use of this information, which is likely to undermine impact. There are other solutions available for cost recovery, such as making specific products or data processing options by only adding a fee for certain profiles of users (e.g. commercial users). Access fees should not be introduced to mitigate interference with privacy.

How to design appropriate safeguards

As mentioned above, privacy infringement should be appropriately balanced with the policy purpose pursued. To support responsible implementation and prevent data misuse (including by government users), implementing agencies should consider the degree of interference on privacy posed by each layer, and put in place appropriate safeguards to support it. The interference depends on the amount of information and flexibility of use provided, and the number of people who will access the information.

For access layers restricted to certain users with increased flexibility of data use, various requirements can be put in place (e.g. authentication permissions, limiting access to sensitive and protected information). Authenticating permissions, such as demonstrating a legitimate interest, should not be unduly burdensome (e.g. take long periods of time or request unnecessary information).

This can also include maintaining access and audit logs to prevent and detect misuse, and developing clear terms. All access regimes should include a protection regime that can provide for exemptions in circumstances where someone is exposed to disproportionate risks, and ensure this system is not abused.

Designing effective access regimes is essential to ensuring BOT reforms are impactful. Effective regimes will typically enable complementary user groups to access usable BO information effectively and in a diversity of ways to advance a jurisdiction’s policy goals. Ultimately, governments should strive for approaches that put the principles of usability and responsibility at their core to create systems that are enduring, accountable, and maximise impact.

Briefing

Effective access to beneficial ownership information

Taking into account ongoing debates about the balance between privacy and access to information, this briefing offers considerations for developing a beneficial ownership access regime – including to whom beneficial ownership information should be accessible, for which purpose, and in what ways – in order to create systems that are effective, responsible, and sustainable.

Written by Julie Rialet , Tymon Kiepe

Published: 16 April 2026

Publication type
Blog post

Sections
Implementation

Open Ownership Principles
Access