Effective September 1, 2025, the regulatory framework governing access to information on companies’ beneficial owners (reelle ejere) has undergone a profound transformation. This reform stems from the implementation of the EU’s Sixth Anti-Money Laundering Directive and the jurisprudence of the Court of Justice of the European Union (CJEU), particularly its landmark judgment of November 22, 2022. In that decision, the Court held that unfettered public access to beneficial ownership data represented a disproportionate infringement on the fundamental rights of privacy and data protection for individuals. In light of this ruling, the Danish Business Authority (Erhvervsstyrelsen) has been tasked with recalibrating the balance between transparency, financial system integrity, and personal rights by instituting a tiered and more restrictive access regime.
Historically, the CVR register provided open, direct, and essentially universal access to data concerning the beneficial owners of Danish companies. Journalists, private individuals, competitors, and researchers alike could freely query the register to identify the individuals ultimately controlling corporate entities. This approach was designed to enhance transparency, but it was increasingly criticized for exposing sensitive personal information without sufficient safeguards. The new model will replace that open framework with a controlled-access system. Under the revised provisions, access is restricted to three defined categories: competent public authorities, entities obliged under the Danish Anti-Money Laundering Act (including financial institutions, auditors, legal professionals, and certain intermediaries), and individuals or organizations that can demonstrate a legitimate interest. Legitimate interest may encompass potential commercial partners performing due diligence, investigative journalists uncovering issues of public concern, or civil society organizations working to prevent corruption.
It must be underscored that while the scope of access has been narrowed, the statutory obligation for companies to register and continuously update their beneficial ownership information remains unchanged and fully enforceable. The reform does not diminish corporate duties; rather, it adjusts who may scrutinize the information. Responsibility for maintaining accuracy and timeliness continues to rest with company directors and management boards. Inaccuracies, omissions, or delays in reporting ownership structures could have serious legal and reputational consequences, particularly in an environment where oversight is becoming more structured and deliberate.
From a practical perspective, access will still be facilitated through the CVR platform, but only upon successful authentication via MitID or other electronic identification recognized under the EU eIDAS Regulation. Users are obliged, prior to receiving access, to submit a legally binding declaration confirming both their eligibility and their commitment to use the data exclusively for legitimate and lawful purposes. This declaration represents not only a procedural formality but also a legal safeguard designed to reinforce accountability. Once granted, access rights remain valid for three years, after which they must be renewed through a similar declaration process. This system of periodic revalidation ensures that only current and authorized actors retain ongoing access.
For small and medium-sized enterprises (SMEs), the practical implications of these developments are significant and multifaceted. On one hand, the enhanced privacy framework shields owners and shareholders from arbitrary or unwarranted public scrutiny, reducing the likelihood that sensitive information could be misused or taken out of context. On the other hand, SMEs face elevated expectations regarding their own internal governance. The accuracy, timeliness, and completeness of beneficial ownership data will be subject to closer review by banks, auditors, and business partners. Any inconsistencies may obstruct routine compliance checks, complicate credit assessments, delay contractual negotiations, or even trigger formal inquiries by supervisory authorities.
The regulatory oversight capacity of the Erhvervsstyrelsen will also become more prominent. The agency retains the authority to investigate, sanction, or revoke access in cases where misuse of the system is detected or where companies fail to meet their reporting obligations. Importantly, the system is built on a trust-based model: entities granted access are presumed to comply, but monitoring mechanisms remain in place to identify potential abuses. For SMEs, this underscores the necessity of proactive compliance rather than reactive correction.
It is therefore advisable for enterprises to begin preparing now, well in advance of the reform’s entry into force. A thorough internal audit of beneficial ownership records should be undertaken to ensure accuracy. Any recent changes in ownership structure must be promptly registered in the CVR. Management should also implement internal controls to ensure that changes are detected and reported on an ongoing basis, rather than addressed only when a formal review is initiated. Proactive verification and meticulous data stewardship will not only mitigate the risk of penalties but also strengthen a company’s reputation with banks, investors, and partners who increasingly expect robust compliance as a prerequisite for collaboration.
The broader regulatory adjustment reflects a deliberate attempt by EU legislators and national authorities to reconcile competing objectives: the imperative of safeguarding financial markets against money laundering and terrorist financing, the need to provide reliable information to those with legitimate oversight responsibilities, and the fundamental requirement of respecting privacy and data protection rights. This triad of objectives creates a complex compliance environment, but one that is consistent with the evolving European emphasis on proportionality and accountability in corporate transparency.
For Danish SMEs, the core message is unambiguous. Their obligations to register beneficial ownership data remain fully intact, and the threshold for demonstrating accuracy, timeliness, and governance diligence has risen. Companies that fail to adapt may face not only regulatory sanctions but also reputational damage and practical barriers in financial and commercial transactions. Conversely, enterprises that anticipate the new standards, embed compliance in their governance structures, and cultivate a culture of accuracy and transparency will be best positioned to thrive in the evolving environment. In this sense, the forthcoming reform should not be seen solely as a constraint but as an opportunity to professionalize internal systems, foster trust with stakeholders, and secure a competitive advantage in an increasingly compliance-driven market.