Who Is a Public Interest Entity Now? ICPAC TC 7/2026 Explained

For decades, the central concept in audit independence was the "listed entity": a company whose shares, stock or debt were quoted on a recognised stock exchange. That concept determined who needed a PIE-grade audit, which auditors could act, and when partner rotation kicked in.

The 2024 revision to Part 4A of the IESBA International Code of Ethics retires the term. In its place sits "publicly traded entity" (PTE): an entity that issues financial instruments that are transferable and traded through a publicly accessible market mechanism, including through listing on a stock exchange.

The practical effect of the change is that the boundary of PIE status has shifted. Formal exchange listing is no longer required. Accessibility to the public is the test, and that test reaches OTC platforms, multilateral trading facilities, and secondary markets that were previously outside the category.

The IAASB has aligned its standards to mirror this change, replacing "listed entity" with "publicly traded entity" across ISA 700, ISA 260, ISA 701, ISA 720, ISQM 1, and ISRE 2400 (Revised). Those IAASB amendments are effective for periods beginning on or after 15 December 2026, with early adoption permitted.

The revised IESBA Code sets out four categories of entity that must be treated as PIEs. The first three are "mandatory" in the sense that local bodies cannot remove them, though they may more precisely define them. The fourth is a local-law designation category.

These categories operate as a floor. Relevant local bodies can refine or expand them but may not contract the mandatory coverage. Where a local definition already covers all four mandatory categories, it continues to apply without amendment: this is the basis on which ICPAC has assessed Cyprus's existing EU PIE definition.

The existing EU PIE definition holds

Cyprus defines EU PIEs in the Auditor's Law of 2017. The four categories are: entities whose transferable securities are admitted to trading on a regulated market or organised market of any EU Member State; licensed credit institutions; insurance and reinsurance undertakings; and entities designated by the Council of Ministers.

ICPAC has assessed this definition and concluded that it already covers all four mandatory IESBA categories. No change to the Auditor's Law definition is required to adopt the revised IESBA Code. The EU PIE framework continues to apply as before for entities within that definition.

Case I: CSE Emerging Companies Market

The CSE Emerging Companies Market (ECM) is a Multilateral Trading Facility (MTF), not a regulated market. Under the Auditor's Law of 2017, entities listed there are not EU PIEs. They were also outside the old "listed entity" definition because the ECM was not a "recognised stock exchange" in the traditional sense.

That position has now changed. ICPAC TC 7/2026 explicitly states that entities listed on the CSE Emerging Companies Market should be treated as PIEs for the purposes of the IESBA Code, ISQMs and ISAs. The basis is the new PTE definition, which captures entities whose instruments are traded through a publicly accessible market mechanism, and paragraph 400.24 A1 of the IESBA Code, which allows for consistent treatment in line with market practice.

Case II: Cyprus companies listed on foreign secondary markets

Where a Cyprus company is listed on a non-regulated or secondary market outside Cyprus, ICPAC has set out a dual-jurisdiction test. The auditor must assess whether the entity meets the PIE definition either in Cyprus (the Home Market) or in the jurisdiction where the instruments are traded (the Target Market).

If entities listed on that foreign market are treated as PIEs in that jurisdiction, the Cyprus statutory auditor must apply equivalent treatment. By illustration: a Cyprus holding company admitted to trading on an AIM-equivalent market in a country that treats such entities as PIEs would carry PIE obligations in its Cyprus audit, even without any regulated-market listing anywhere in the EU.

The test is bilateral. Meeting the PIE definition in either jurisdiction is sufficient to trigger PIE treatment in the Cyprus audit.

Being treated as a PIE under the IESBA Code and IAASB standards is not a cosmetic classification. It carries a specific set of obligations that apply to both the audit firm and the audited entity. These obligations are materially more demanding than the standard framework.

For audit firms

• Partner rotation: The engagement partner and other key audit partners are subject to rotation requirements. The maximum engagement period is seven years for PIEs, with a mandatory cooling-off period thereafter.
• Long association: Restrictions apply to all individuals at the firm whose long association with the client could create a familiarity threat to independence.
• Non-assurance services: Certain non-assurance services (bookkeeping, tax return preparation linked to financial reporting, IT systems directly affecting financial statements, and others) may be restricted or prohibited for PIE audit clients. Where permitted, prior approval by those charged with governance is required.
• Fee restrictions: Contingent fees and fee caps that could impair independence are restricted. Fee dependency rules apply more strictly.
• Engagement Quality Review: Every PIE audit must be subject to an Engagement Quality Review by a reviewer who is not part of the engagement team, before the audit opinion is issued.
• Public disclosure: The audit report must disclose that PIE-specific independence requirements have been applied, the relevant ethical framework, and a statement that the auditor is independent in accordance with those requirements.

For companies

• Key Audit Matters: The auditor's report must communicate Key Audit Matters (KAMs) in accordance with ISA 701. This extends to all PTEs under the revised framework.
• TCWG communication: The auditor must communicate with those charged with governance about matters that may bear on independence, including fee-related information. This is a formal, documented requirement.
• Other information transparency: Under ISA 720 (Revised), auditors of PTEs have specific obligations relating to the transparency of other information in annual reports.
• Governance readiness: Boards and audit committees of newly PIE-classified companies should ensure they have the governance infrastructure to manage the pre-approval requirements for non-assurance services and to engage meaningfully with the Engagement Quality Review process.

TC 7/2026 reinforces a distinction that is frequently blurred in practice: being a PIE and being an EU PIE are not the same thing. Every EU PIE is a PIE, but a PIE is not necessarily an EU PIE.

The two classifications carry different regulatory architectures:

• EU PIEs are subject to the EU Audit Regulation (537/2014), which imposes additional requirements including mandatory audit firm rotation, restrictions on the provision of non-audit services with specific caps, and joint audit provisions in some jurisdictions. In Cyprus, EU PIEs also fall under the Technical Circulars of the Cyprus Public Oversight Board (CPOB).
• Non-EU PIEs (such as ECM-listed companies) carry the IESBA Code independence requirements and the IAASB standard obligations, but are not subject to the EU Audit Regulation. The auditor's report format differs: ICPAC's Auditor's Booklet includes specific illustrations for entities listed in unregulated markets.

For ECM-listed companies specifically, this means the practical requirements are substantial but not as extensive as those applying to a regulated-market-listed company. The distinction matters when planning the audit, reviewing non-assurance services, and drafting the auditor's report.