Top MiFID II Compliance Tools: Why You Need Regulatory Change Management

If you work in compliance at an investment firm, broker, credit institution, or payment company operating under the Markets in Financial Instruments Directive II (MiFID II), some of these challenges might sound familiar:

• The MiFID review is producing a fresh wave of delegated regulations, several of which have already come into force this year under EU regulations. You don't have a reliable process for spotting those changes and assessing what they mean for your business. 
• You're manually checking the European Commission's website, tracking European Securities and Market Authority (ESMA) guidelines, and monitoring national regulator publications across every country you operate in. The process is inconsistent and you're never fully confident you're catching everything that matters.
• You operate across multiple EU member states, and MiFID II gives each country some room to implement the rules in their own way. That means your compliance obligations aren't the same in every market you operate in, and manually keeping track of what's different across 27 jurisdictions feels impossible.

To help you find a solution, we'll break down what you need to look for in a MiFID II compliance tool. We'll go into depth on regulatory change management, a solution that gives compliance teams a reliable way to track and manage regulatory changes, and streamline internal processes.

In this article:

• MiFID II: State of play in 2026 
• Which firms and entities fall under MiFID II
• Why MiFID II is so difficult to monitor manually
• Why regulatory change management tools are so important for MiFID II compliance 
• Checklist: What to look for in a MiFID II regulatory change management tool 
• The best regulatory change management tools for MiFID II

Vixio is a regulatory change management platform built specifically for financial services, payments, and gambling compliance teams. Book a demo to see how it works for you. 

MiFID II: State of play in 2026 

MiFID II is the directive that governs firm conduct, investor protection, and the authorisation of investment firms. As a directive, it requires national transposition, meaning each EU member state must incorporate it into domestic law. That process introduces variation, and permitted differences (national discretions) mean the same underlying requirement can look meaningfully different depending on where you operate. 

Then we have MiFIR, which is the regulation that sets out transparency and reporting requirements for how markets actually operate. Because it's a regulation rather than a directive, it applies directly across the EU without transposition. This makes it more uniform in theory, but no less complex in practice.

MiFID II isn't just one regulation to track. It's a constantly expanding body of secondary legislation, national transpositions, and regulator guidance that stretches across 27 EU member states and underpins financial markets. 

As a result, staying current with MiFID II requires monitoring dozens of sources simultaneously, interpreting how requirements apply differently across jurisdictions, and tracking deadlines that vary by member state. 

Most compliance teams are doing this manually, and as a result, it can be difficult to catch everything that matters.

Which firms and entities fall under MiFID II?

MiFID II has a wide reach across the European Union financial system.

It covers:

• Investment firms (brokers, dealers, portfolio managers, advisers providing investment services)
• Credit institutions that trade in financial instruments
• Market operators: stock exchanges, multilateral trading facilities (MTF), organised trading facilities (OTF)
• Data reporting services
• Certain commodity dealers

If your business deals in financial products or financial instruments (shares, bonds, derivatives), MiFID II almost certainly applies to you in some form.

Why MiFID II is so difficult to monitor manually

MiFID II is unusually prescriptive. The European Commission's list of current secondary regulations alone runs more than ten pages long. On top of that, every national competent authority in every member state can publish its own guidance, in its own language, on its own schedule.

Also, individual national competent authorities in all member states can and do publish their own guidance. 

For example, the Finnish Financial Supervisory Authority regularly updates its regulations and guidelines for alternative investment fund managers and investment firms, including rules on authorisation, ownership and governance. This kind of update is easy to miss if you aren’t actively monitoring the Finnish regulator’s website.

National discretions compound the problem further. Member states are permitted to deviate from certain requirements within defined limits. 

Payment for order flow is a live example. There's a general EU ban on brokers receiving payments for directing clients to specific trading platforms, but Germany was permitted to defer application until June 2026. 

When you multiply that kind of discretion across seven or eight permitted deviations and over two dozen member states, and the tracking challenge becomes clear.

The MiFID review (MiFID III) is already generating new compliance obligations

Sometimes referred to as MiFID III, the MiFID review is an enhancement of the current regime rather than a replacement. It focuses heavily on transparency around payment for order flow, data reporting requirements, and call recording rules.

New delegated regulations triggered by the review have already started entering into force in 2025 and 2026, which means firms are dealing with new compliance obligations and deadlines right now, not at some future point.

Looking further ahead, several live or incoming EU regulatory developments may affect firms in scope of MiFID II:

• PSD3, which modernises the payments framework
• AMLA, the new AML authority that will directly supervise 40 institutions from 2028
• MiCA, for firms with any exposure to digital assets
• FIDA, the financial data access regulation

Firms that use regulatory change management platforms now are better placed to absorb these without starting from scratch each time.

Why regulatory change management tools are so important for MiFID II compliance 

Most compliance teams managing MiFID II don't have a regulatory change management tool. What they have instead is a collection of email alerts, bookmarked websites, and informal arrangements where someone is loosely responsible for checking what's new.

That works until it doesn't.

When a new delegated regulation lands, the typical process looks something like this: someone spots it, forwards it to the right person, and hopes it gets picked up. There's no:

• Central record of what came in
• Assigned owner
• Deadline for response
• Documentation of what your firm actually did about it

If a regulator later asks what your firm did about a specific ESMA guideline or NCA publication, you're reconstructing the answer from inboxes and spreadsheets.

The reason this matters more now than it did five years ago is volume. MiFID II isn't generating one or two significant updates a year. The MiFID review alone is producing a continuous stream of delegated regulations, NCA guidance, and ESA guidelines, each with its own implications, its own timeline, and in some cases its own language. 

Tracking all of that manually across 27 member states, while managing day-to-day compliance work, is difficult without an automated tool. And because there's no audit trail, you often don't know something was missed until a regulator asks about it.

A regulatory change management tool changes the structure of that process entirely. Whether it's a new delegated regulation from the MiFID review or guidance from a national competent authority, the tool:

• Surfaces the update automatically across all relevant jurisdictions
• Categorises it by relevance to your business
• Lets your team create a task directly from the update, with an assigned owner, a deadline, and a link back to the original source
• Tracks the response from identification through to completion

When a regulator asks what your firm did about a specific update, you're not piecing together an answer from old emails: it’s already documented.

Checklist: What to look for in a MiFID II regulatory change management tool 

Before comparing specific platforms, it's worth establishing what good looks like for this category.

• Coverage at member state level, not just EU level. MiFID II compliance requires visibility at the national level, not just what ESMA or the European Commission has published, but what each national competent authority has said in your operating jurisdictions. A platform that covers primary regulation but misses NCA-level guidance is leaving a meaningful gap.
• Analyst expertise in EU investment regulation, not generic financial services. Human oversight matters more for MiFID II than for many regulations because the interpretation of national transpositions and discretions is genuinely complex. Ask whether the analysts have direct expertise in EU investment regulation, not just broad financial services coverage.
• AI outputs that are traceable to source. Every update should link back to the original publication from the relevant authority. When a regulator asks where your intelligence came from, the chain of reasoning needs to be intact.
• Workflow that connects a regulatory update to an internal task. Monitoring is only useful if it results in managed, documented responses. A platform that stops at surfacing updates leaves teams rebuilding context manually every time they need to act.
• Forward-looking coverage of the MiFID review. Given the review is still generating new delegated regulations, the tool needs to surface developments before they enter into force, not after. Firms that are only tracking what has already landed are already behind.

The best regulatory change management tools for MiFID II

The four platforms below all sit in the regulatory change management category. They differ in their coverage depth, analyst model, and best-fit audience.

1. Vixio: Specialist regulatory intelligence for MiFID II and beyond

Vixio is a specialist regulatory intelligence platform that has tracked global regulatory change across financial services, payments, and gambling for nearly 20 years. It combines AI-powered monitoring with in-house analyst expertise across 200+ jurisdictions. 

Here's how the platform helps compliance teams:

Stay ahead of MiFID II, MiCA, PSD3, DORA, and more: all on a single platform 

Compliance teams aren't just tracking ESMA and the European Commission. They're tracking implementing regulations, delegated regulations, ESA guidelines, and NCA-level publications across every member state they operate in, and in multiple languages.

To make sure you get all the intelligence you need, Vixio's SCANS technology monitors 1,600+ regulators and 6,200+ curated sources. Then, our specialist EU financial services analysts determine scope, materiality, and publication readiness as part of the core intelligence process to ensure accuracy.

VIQ queries only Vixio's curated regulatory library, so every answer links back to a primary source rather than the open web.

Know what requires action and what doesn't, before your team has read a single document

The MiFID review is generating a steady stream of new delegated regulations, each with its own deadlines and compliance implications. Knowing something has been published is only the first step.

Vixio categorises every update as Actionable, Indicative, or Informative so your team knows what they need to take action on immediately. 

Then, the Smart Inbox is personalised to your specific licences, jurisdictions, and business lines, so the feed is relevant from the moment you log in and your team isn’t drowning in updates that don’t actually matter to them. 

Easily manage compliance tasks and maintain a complete audit trail with Vixio Workspace

When a national competent authority publishes guidance that affects your firm, that update needs to become a task with an owner, a deadline, and a record of what was done. Most teams have no reliable way to make that connection automatically.

Vixio Workspace lets teams create tasks directly from regulatory updates, with ownership, deadlines, and status tracked in one place. The audit trail builds automatically, so when a regulator asks what was done about a specific ESMA guideline, the answer is already there. 

MiFID II doesn't sit in isolation, and firms managing investment compliance are also managing DORA, preparing for PSD3, tracking the AML regulation package, and monitoring MiCA if they have any exposure to digital assets. 

Vixio covers all of these on the same platform, so as the EU regulatory calendar adds new requirements, teams don't need to add new tools.

How Envestnet | Yodlee uses Vixio to map regulatory requirements across global markets

Envestnet | Yodlee, a global leader in open banking, data aggregation, and analytics trusted by more than 1,400 financial institutions, integrated Vixio's Horizon Scanning into their compliance framework as they expanded their global operations. The platform gave their team a way to map regulatory requirements by country and surface the sections that matter without manually tracking dozens of sources.

Here’s what Principal Director of Open Banking Compliance for EMEA, Kat Cloud, had to say about Vixio:

“One of the standout things that we've seen is that Vixio is actually addressing that the market is growing, the market is changing, and that they need to provide different products and services to their clients that continue to be useful. It’s so nice to see that they’re actually listening to their clients.”

Read the full case study: Envestnet | Yodlee navigates global compliance with Vixio horizon scanning

2. CUBE: Automated regulatory intelligence at enterprise scale

CUBE is a global RegTech with broad financial services regulatory coverage across multiple jurisdictions. It's known for its regulatory content library and automated change management workflows.

Key features:

• Large regulatory content library spanning EU and US environments
• Automated change management workflows
• Broad cross-sector coverage across financial services
• Used by large institutions with wide multi-jurisdiction obligations

3. Regology: Industry-agnostic compliance automation with deep GRC integration

Regology is a US-headquartered RegTech focused on regulatory change management with dedicated solutions for financial services. Its core differentiator is AI-assisted obligation mapping that connects regulatory requirements to internal controls and policies, with human experts validating the output.

Key features:

• AI-assisted obligation mapping linked to internal controls and policies
• "Expert in the Loop" model with human validation of AI outputs
• Regulatory change management workflows with controls mapping

4. FinRegE: End-to-end compliance automation with EU and UK regulatory depth

FinRegE is a UK-based platform focused on regulatory change management for financial services firms. It uses AI to map regulatory obligations to internal policies and procedures, with human review in the process. Coverage is focused primarily on the FCA and the UK regulatory environment, with EU coverage available but narrower than dedicated EU-focused platforms.

Key features:

• ^AI-assisted mapping of regulatory obligations to internal policies and procedures
• Human review of AI output built into the process
• Strong FCA and UK regulatory environment coverage
• EU coverage available, though less depth than dedicated EU-focused platforms

Optimise MiFID II compliance management with Vixio

MiFID II doesn't get simpler as your firm expands into more member states. The national discretion problem compounds, the volume of secondary regulation increases, and the MiFID review is adding new obligations on top of an already complex baseline, at exactly the point that leadership expects compliance to move faster.

Vixio gives your compliance team a more scalable way to manage that complexity, combining AI-powered monitoring across the European Commission, ESMA, EBA, and all relevant national competent authorities with analyst-validated intelligence. This intelligence covers both primary regulation and national transpositions and discretions. Finally, you get connected workflows for turning regulatory updates into managed, auditable compliance tasks.

Book a demo to see how Vixio tracks MiFID II regulatory developments and helps your team stay ahead of the MiFID review.

Frequently asked questions (FAQs) about MiFID II compliance tools 

What is the difference between MiFID II and MiFIR?

MiFID II is the directive that governs firm conduct, investor protection, and the authorisation of investment firms and requires national transposition into domestic law in each EU member state. 

MiFIR is the regulation, setting out the transparency and reporting requirements for how markets operate and applies directly across the EU without transposition. 

The practical difference is that MiFIR obligations are more uniform across member states, while MiFID II obligations can vary depending on how each country has transposed the directive and which national discretions it has applied.

Which firms are in scope of MiFID II?

MiFID II’s scope is broad. It covers:

• Investment firms (brokers, dealers, portfolio managers, advisers)
• Credit institutions that trade in financial instruments
• Market operators (stock exchanges, multilateral trading facilities, organised trading facilities)
• Data reporting services
• Certain commodity dealers

If your business deals in financial instruments (shares, bonds, derivatives, structured products), MiFID II is likely to apply in some form. The specifics depend on your business model and the jurisdictions you operate in.

What is the MiFID review and how does it affect compliance obligations in 2026?

The MiFID review, sometimes called MiFID III, is an enhancement of the current regime rather than a replacement. It focuses primarily on transparency, including:

• A general ban on payment for order flow (with certain member state derogations)
• Updated data reporting and transparency requirements
• Changes to call recording and client data rules. 

New delegated regulations triggered by the review have already started entering into force in 2025 and 2026, meaning firms are dealing with new compliance deadlines right now. The review is ongoing, and further delegated regulations are expected.

What are the main categories of MiFID II compliance tools and which do I need?

Broadly, there are four categories:

1. Transaction reporting tools (meeting MiFIR Article 26 reporting obligations)
2. Data and reconciliation tools (managing data quality for accurate reporting)
3. Surveillance tools (monitoring for market abuse and conduct compliance)
4. Regulatory change management tools (tracking regulatory developments and managing internal responses)

Most firms need tools from more than one category. Regulatory change management is the area where most investment compliance teams are still relying on manual processes, which is where the most significant unaddressed risk tends to sit.

How do national discretions affect MiFID II compliance across EU member states?

MiFID II as a directive permits member states to deviate from certain requirements within defined limits. There are approximately seven or eight areas where such deviations are currently permitted, and each can apply differently across 27 EU member states.

The payment for order flow ban is a current example:

• There is a general EU ban on brokers receiving payments for directing clients to specific trading platforms
• Germany was permitted to defer application until June 2026
• Other member states applied the ban on their own timelines

For firms operating across multiple EU countries, tracking which deviations apply in which jurisdictions, and when any deferral periods expire, requires either a significant manual effort or a tool specifically designed to track member state-level implementation.

Sources

1. https://cube.global 
   
   1. https://cube.global/solutions/technology
   2. https://cube.global/solutions 
   3. https://cube.global/
   4. https://www.cubesoftware.com/content-library 
2. https://www.regology.com/
   
   1. https://www.regology.com/platform 
3. https://www.finreg-e.com/ 
   
   1. https://www.finreg-e.com/ai-policy-management-and-mapping/ 
   2. https://finreg-e.com/compliance-services/regulatory-horizon-scanning/ 

‍