Alternative Funds 2025

PORTUGAL Law and Practice Contributed by: João Nóbrega, Bernardo Marques and Francisco Miguel Gomes, EY Law – Sociedade de Advogados, SP, S.A.

In practice, the regulator expects effective and inde - pendent decision-making, adequate staffing and financial resources proportionate to the AIFM’s size and complexity. 3.9 Change of Control Changes affecting the ownership or corporate struc - ture of an AIFM are subject to CMVM oversight, with the level of regulatory intervention varying based on the nature of the transaction. Mergers, demergers or other corporate reorganisa - tions of an AIFM require prior authorisation from the CMVM. Transformations between management company types (eg, from an SGOIC to an SCR) generally require prior notification when the intended activities overlap; otherwise, authorisation is necessary. Changes in qualifying shareholdings – specifically, direct or indirect holdings representing 10%, 20%, 33% or 50% of voting rights or capital, or resulting in control – must be immediately reported to the CMVM. The regulator may object if the new shareholders are deemed not “fit and proper” or if their involvement could impair sound and prudent management. In practice, the CMVM conducts “fit and proper” assessments of new controllers and may suspend the voting rights of shareholders who fail to obtain prior non-opposition when required. The regulator also expects timely communication regarding any restruc - turing or acquisition that may impact the governance, financial soundness or independence of the AIFM. 3.10 AI and Use of Data Portugal does not have a standalone regime specifi - cally regulating the use of artificial intelligence (AI), predictive analytics or big data by AIFMs. However, several EU and national frameworks impose relevant obligations regarding governance, risk management and data protection. • AI Act: The EU Artificial Intelligence Act, adopted in 2024 and set to be implemented gradually through 2026, classifies certain AI applications used in financial services (such as credit scoring, auto -

mated decision-making and algorithmic trading) as “high-risk” systems. AIFMs utilising such tools will be required to ensure human oversight, traceability, robust documentation and effective risk manage - ment controls. • DORA: The Digital Operational Resilience Act, which has been in effect since January 2025, applies to AIFMs and encompasses ICT govern - ance, incident reporting, resilience testing, and oversight of third-party providers, including those employing AI-based technologies integrated into ICT systems. • Data Protection: All processing of personal data by AIFMs must comply with Regulation (EU) 2016/679 (the General Data Protection Regulation, GDPR) and Law No. 58/2019, which mandate a lawful basis for processing, data minimisation, transpar - ency, and respect for data subject rights. In practice, the CMVM expects AIFMs to adopt AI governance policies, ensure human validation of mod - el-driven decisions, and integrate AI and data analyt - ics tools within their existing risk management and compliance frameworks. 3.11 Anticipated Changes for Fund Managers Several forthcoming EU regulatory developments are anticipated to impact Portuguese AIFMs over the next two years: • AIFMD II (transposition by April 2026; certain reporting from April 2027): This directive will tighten delegation and governance requirements, intro - duce harmonised liquidity management rules for open-ended funds, and expand reporting and depositary oversight. These changes will neces - sitate amendments to the RGA/RRGA and cor - responding updates to internal policies and proce - dures. • EU Artificial Intelligence Act (main obligations for high-risk AI effective from August 2026): AIFMs utilising AI-based systems – such as automated decision-making, scoring or risk modelling tools – will be required to establish AI governance frame - works, ensure human oversight, and maintain documentation and traceability of model-driven processes.

262 CHAMBERS.COM

Powered by