Welcome to the forum
I'm not aware of any specific EU legislation that would directly apply, although obviously if it is being presented in a way that actually misleads as to the real nature of the product then that would fall into more clear areas around food fraud, but it doesn't sound like that is the case here. If your business is signing the CoA on your letterhead then it does potentially become more problematic, although it will depend on the exact wording of what you're signing - if you haven't done the analysis then you'll need to be very careful about how this is presented.
It's something I used to see very regularly with traders/brokers in the past - 10+ years ago it was pretty much the only approach they used. It goes back to the days of traders trying to hide/"protect" their sources so that customers couldn't cut them out of the supply chain and go direct to the manufacturer, but with the requirements of BRC in particular, those days are numbered if not already gone, at least in some regions of Europe.
In terms of reasons why it's potentially not great practice:
1) The European market is moving towards more and more transparency in food supply chains. If I'm buying from a trader then I want to see information from the actual manufacturing site - if it's their CoA, transferring it onto your own letterhead serves no purpose other than to obfuscate that. Please note I'm certainly not saying that you personally are attempting to hide anything, but rather that this can be the perception from a customer's perspective. In these days of better awareness of food fraud, attempting, or appearing to attempt, to hide anything can easily just look like a big red flag for fraud risk.
Having said that, attitude to this do vary through Europe, with some areas more relaxed about this practice than others. Here in the UK I have customers who'd outright reject deliveries for this, but I also work with a lot of businesses in mainland Europe for whom this wouldn't really cause any concern.
2) The results aren't from your company's analysis, and presumably haven't been analytically verified by your business (if you'd tested the batch you could just issue your own CoA), so there is some potential debate as to how sensible/honest this is as an approach - if you've neither done the testing nor verified it, is your business at risk of misleading the customer as to the basis of the analysis? And in any case, what are you or your customers gaining from it being on your letterhead?
As you've mentioned that this is done sometimes "according to commercial criteria", it might be worth looking at what those are. I could see two potential reasons for this - one is that it's a hangover from the old-fashioned trader approach of trying to hide the sources (rather undermined by the addition of the processor's name and the BRC requirements), and that it's just not really been reconsidered in light of the way the modern industry works. IMO this would fall into the "not great practice" category. The other potential reason might be that the customer has specifically requested it. I've worked for traders and occasionally would get a request like this, because it means that the they can easily link the CoA / product to us as their direct supplier if there is an issue. This is perhaps more excusable if it's at the explicit request of the customer, although I'd get that documented so it's clear.
N.B. I sincerely don't mean for any of this to sound overly critical of you personally - you've raised the question which IMO is a good thing. I've spent many years working both for agents and manufacturers, so have seen a lot of change in this area and have been in your position, so I very much empathise with it!