Luxembourg has enshrined the European Union's Directive 2014/57/EU of 16 April 2014 on criminal sanctions for market abuse in its own law.

In passing the new law, the authorities have been at pains to advertise their unwillingness to add to or 'gold plate' the directive for their own purposes, in stark contrast to the British habit. It deals with not only regulated markets, as before, but also with multilateral trading facilities and other types of organised trading facilities, which MiFID II (the revamped Markets in Financial Instruments Directive) will introduce in January 2018. The sanctions in the new law will eventually take account of the widening reach of existing offences.
 
Both the Luxembourgeois regulator, the Commission de Surveillance du Secteur Financier or CSSF, and the state prosecutor are worried that the interplay between criminal and administrative punishments might interfere with the legal principle of "non bis in idem" or "not twice in the same thing," which dictates that nobody should take legal action twice for the same cause of action. The new law therefore contains provisions that help them consult one another in an effort to stave this off. Both administrative and criminal sanctions have increased and criminal sanctions apply to companies as well as people.
 
The new law extends the CSSF's supervisory and investigative powers. The law firm of Arendt and Medernach has reported that the regulator is now allowed "to reach out to external experts in connection with specific questions raised during an inquiry for an infringement of the provisions of the Market Abuse Regulation," a statement that suggests that freedom of speech and the right of one person to telephone another and ask him questions are seriously abridged in that evidently unhappy country.
 
On the subject of the reporting of suspicious orders and transactions, the law firm also says that the new law contains the rules and technical arrangements to fully implement Article 32 (Reporting of infringements) of the Market Abuse Regulation provided for in Directive (EU) 2015/2392, including the arrangements for reporting and for following up reports, and measures for the protection of people working under contracts of employment and measures for the protection of personal data. The phrase ‘regulated information’ now includes the notifications that a 'relevant issuer' (or any other person who has applied for the admission of securities to trading on a regulated market without the issuer's consent) is required to disclose for the purposes of article 19 of the EU's Market Abuse Regulation (i.e. transactions conducted by people with managerial responsibilities and their close associates).