Payments Regulatory Deadlines to Watch in January 2026

Each month, we leverage data from our Horizon Scanning Regulatory Deadlines Calendar to bring you a glimpse of the key response deadlines and legislation effective dates coming up, so you can plan and take action around some of the most important regulatory developments unfolding right now.

In January, there are116 regulatory deadlines on the horizon — with 20 key consultation periods coming to an end and requiring a response, and 80 actionable deadlines to be aware of coming into effect.

What are the regulatory deadlines to watch in January?

Dubai

On December 15, 2025, the Dubai Financial Services Authority (DFSA) issued Rule-making Instrument No. 423 of 2025 (RMI 423/2025), amending the General (GEN) module of the DFSA Rulebook pursuant to Article 23 of the Regulatory Law 2004.  The amendments implement the DFSA’s revised regulatory approach to crypto tokens following Consultation Paper No. 168.

The amendments introduce a fundamental shift from a DFSA-led recognition regime to a firm-led crypto token suitability framework, under which persons conducting activities relating to crypto tokens are responsible for assessing, on a reasoned and documented basis, whether a crypto token is suitable for use in relation to a particular activity. The amendments come into force on January 12, 2026.

United Kingdom

On November 21, 2025, the UK’s Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) issued consultation paper (CP) 25/33 on regulatory fees and levies. The CP sets out policy proposals on the fees and levies for 2026/2027. SOme of the proposals:

• Introduce a Private Intermittent Securities and Capital Exchange System (PISCES) periodic fee.
• Introduce adding a target support to Class 2, Category 2.1 (life distribution and investment intermediation) for Financial Services Compensation Scheme (FSCS) levies.
• Introduce a crypto-asset firm application fee.
• Mandate deferred payment credit providers, also known as buy now, pay later (BNPL) providers, entering the Temporary Permissions Regime to pay a Category 1 registration fee (currently £280).

The FCA is seeking feedback on its proposals on target support by January 9, 2026. For all other proposals, the FCA and PRA is seeking feedback by January 16, 2026. Feedback may be submitted via the FCA’s online form or by email to cp25-33@fca.org.uk.

Hungary

On June 16, 2025, the Hungarian government published a decree in the official gazette adopting a regulation amending certain rules on payment transactions.

The amending regulation aims to clarify the rules governing the QVIK service, Hungary’s instant payment system. Specifically, it amends Hungarian National Bank (MNB) Regulation No. 35/2017 on the execution of payment transactions. The amendments include:

• Additional clarifications on the identification of the holder of a payment account.
• A requirement that, if a payment account contains multiple currencies, the payment service provider must determine the account’s primary currency.
• The repeal of Section 4A(2) and (8).

The regulation enters into force on July 1, 2025, except:

• The additional clarifications on identity, which apply from October 1, 2025.
• The repeal of the specified sections, which applies from January 31, 2026.

Australia

The Australian Payments Network (APN),  has issued standards and accompanying guidelines for Payment Service Provider (PSP) Porting of Merchant Payment-Related (MPR) Data.

 APN is the industry association and self-regulatory body for the Australian payments industry. The APN states that the standards aim to reduce the friction associated with the porting of a merchant’s customer payment data by detailing a common set of requirements for the secure transfer, to or from a PSP, of customer payment data associated with card on file payment information.

The six standards comprise:

• A list of data elements to be included in the porting of MPR data.
• A requirement to encrypt data using the “OpenPGP” standards.
• A mandate to transfer data using a plain text file encoded in the JavaScript Object Notation (JSON) format.
• An obligation to transfer the MPR Data via Secure File Transfer Protocol (SFTP).
• A requirement to properly authorise the access of MPR data by third parties.
• An obligation to complete data transfers in a timely manner.

The standards have a 12-month transition period commencing July 1, 2025 to enable entities to become compliant. All applicable entities must complete and submit to AusPayNet by email to    standardsdevelopment@auspaynet.com.au an Annual Compliance and Monitoring Survey, in the form set out in Annex D: Annual Compliance and Monitoring Survey Response by January 31st each year.

Abu Dhabi 

On July 29, 2025, the Financial Services Regulatory Authority (FSRA) in Abu Dhabi amended its General Rulebook (GEN) to introduce a new Rule 3.5 on Cyber Risk Management. The rule requires authorised persons to adopt a written cyber risk management framework approved by their governing body and proportionate to the scale and complexity of their business.

Key elements include requirements to:

• Identify and assess ICT assets and vulnerabilities.
• Implement access, network, and data security controls, including encryption.
• Monitor systems, conduct testing, and maintain incident detection and response capabilities.
• Ensure timely software updates and controlled change management processes.
• Manage third-party and outsourcing risks.
• Train staff and raise awareness.
• Notify the FSRA within 24 hours of any material cyber incident.

In line with this addition, the Conduct of Business Rulebook (COBS) has been amended to note that GEN 3.5 contains additional cyber risk requirements applicable to authorised persons. The Glossary (GLO) has also been updated to include definitions related to cyber risk management. Rule 3.5 will take effect on January 31, 2026.

Vixio’s Horizon Scanning tool shows you real-time updates on regulatory deadlines and trends across 140+ global jurisdictions, including all US states, at the click of a button. Its Regulatory Deadlines Calendar feature sets out effective dates for published legislation, closing dates for consultation periods on proposed regulatory developments, and deadlines for specific requests for information by regulatory authorities. 

‍

We’ve only shown you a snapshot of January’s deadlines.

Want to see them all? Book a demo with a member of our team, who can show you how the Regulatory Deadline Calendar works, and why it forms a critical part of your compliance risk process.

‍