Regulatory Framework - European Union Report

Section 

Description 

Retail banking 

This section lists out the regulations and directives that apply to the retail banking sector, such as: 

• Regulation (EU) No. 575/2013 (Capital Requirements Regulation – CRR).
• Directive 2014/59/EU (Bank Recovery and Resolution Directive – BRRD).

Payment services

This section lists out the regulations and directives that apply to the payments sector, such as:

• Directive 2009/110/EC (E-Money Directive – EMD).
• Directive (EU) 2015/2366 (Revised Payment Services Directive – PSD2)

Investment Services

This section lists out the regulations and directives that apply to the investments sector, such as: 

• Directive 2014/65/EU (Markets in Financial Instruments Directive II – MiFID II).
• Regulation (EU) No. 600/2014 (Markets in Financial Instruments Regulation – MiFIR).

Lending Providers 

This section lists out the regulations and directives that apply to providers offering consumer credit and related products, such as:

• Directive (EU) 2023/2225 (Consumer Credit Directive 2 – CCD2).
• Directive 2014/17/EU (Mortgage Credit Directive – MCD)  

Digital Assets

This section lists out the regulations and directives that apply to providers offering digital assets such as crypto-assets and related products and services, such as Regulation (EU) 2023/1114 (Markets in Crypto-Assets –MiCA).

Cross-Cutting 

This section lists out the regulations and directives that apply to all financial services institutions, including obligations related to data protection, environmental, social and governance (ESG), operational resilience and other corporate governance related matters, such as:

• Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR).
• Directive (EU) 2022/2464 (Corporate Sustainability Reporting Directive – CSRD). 

Financial Crime 

This section lists out the regulations and directives that provide the requirements relating to financial crime, including anti-money laundering, such as: 

• Directive (EU) 2015/849 (4th Anti-Money Laundering Directive – 4th AMLD).
• Regulation (EU) 2024/1624 (Anti-Money Laundering Regulation – AMLR).

European Banking Authority

The European Banking Authority (EBA) is an independent EU authority. It is one of the three European Supervisory Authorities (ESAs) and aims to contribute to the stability and effectiveness of the European financial system. 

The EBA’s remit extends to: 

• Banks and financial institutions.
• National competent authorities.
• Critical ICT third-party service providers under Regulation (EU) 2022/2554 (Digital Operational Resilience Act – DORA).
• Crypto-asset service providers under Regulation (EU) 2023/1114 (Markets in Crypto-Assets – MiCA).

One of the EBA’s principal tasks is to contribute to the creation of the European Single Rulebook in banking through the development of technical standards (regulatory technical standards (RTS) and implementing technical standards (ITS)) and guidelines. 
Other tasks include: 

• Promoting the convergence of supervisory practices to ensure a harmonised application of prudential rules.
• Assessing the risks and vulnerabilities in the EU banking sector through regular and ad-hoc risk assessments and EU-wide stress tests.
• Investigating alleged incorrect or insufficient application of EU law by national authorities.
• Acting as an independent advisory body to the European Parliament, Council and Commission. 

European Securities and Markets Authority

The European Securities and Markets Authority (ESMA) is an independent EU authority. It is one of the three European Supervisory Authorities (ESAs) and aims to enhance investor protection, promote orderly financial markets and safeguard financial stability. 

The ESMA’s remit extends to: 

• Critical ICT third-party service providers under Regulation (EU) 2022/2554 (Digital Operational Resilience Act – DORA)
• National competent authorities.
• Cross-border activities. 

The ESMA also directly supervises: 

• Credit rating agencies.
• Trade repositories.
• Securitisation repositories.
• Data reporting service providers.
• Benchmark administrators.
• External reviewers of EU green bonds.
• Environmental, social and governance (ESG) rating providers.
• Certain central counterparities. 

Like the EBA, ESMA also contributes to the development of European laws through the development of technical standards and guidelines. 

European Insurance and Occupational Pensions Authority

The European Insurance and Occupational Pensions Authority (EIOPA) is an independent EU authority. It is one of the three European Supervisory Authorities (ESAs) and its mission is to protect public interest by contributing to short, medium and long-term stability and effectiveness of the financial system.

EIOPA has three strategic activity areas: 

• Strengthening single market integration.
• Enhancing market and societal resilience against risks.
• Simple, bolder, faster: better regulation supporting supervision. 

Meanwhile, its remit extends to: 

• Insurance and reinsurance companies.
• Occupational pensions.
• Insurance intermediaries.
• Financial conglomerates. 

European Central Bank 

The European Central Bank (ECB) is both the central bank of the EU and a supervisor of EU banks. It forms part of Europe’s Single Supervisory Mechanism, consisting of the ECB and national supervisory authorities. 

For banking supervision, the ECB: 

• Oversees banking authorisation, working closely with national competent authorities.
• As part of the supervisory review and evaluation process, assesses the risks banks face.
• Conducts fit and proper assessments of banks’ senior managers.
• Assesses whether the internal models that banks use to calculate capital requirements comply with legal requirements.
• Conducts stress tests to evaluate whether banks are able to cope with financial and economic shocks. 

European Systemic Risk Board 

The European Systemic Risk Board (ESRB) is responsible for the macroprudential oversight of the EU financial system and the prevention and mitigation of systemic risks. Its remit extends to: 

• Banks.
• Insurers.
• Asset managers.
• Shadow banks.
• Financial market infrastructure.
• Other financial institutions and markets. 

Anti-Money Laundering Authority 

The Anti-Money Laundering Authority (AMLA) is a decentralised EU agency that coordinates with national authorities to ensure the correct and consistent application of EU rules. AMLA will also directly supervise up to 40 high-risk financial institutions in 2028. 

The aim of AMLA is to transform the anti-money laundering and counter-terrorism financing (AML/CTF) supervision in the EU and enhance cooperation among financial intelligence units (FIUs).

European Commission 

The European Commission is the executive body of the European Union. Its main roles include: 

• Proposing new laws and policies.
• Monitoring the implementation of new laws.
• Managing the EU’s budget. 

European Parliament 

The European Parliament is a forum for political debate and decision-making at the EU level. The members of the European Parliament are directly elected by voters in all member states to represent people’s interests. 

The Parliament acts as a co-legislator, sharing with the Council the power to adopt and amend legislative proposals. 

European Council 

The European Council is the EU institution that defines the general political direction and priorities of the European Union. The members of the European Council are the heads of state or government of the 27 EU member states, the European Council President and the President of the European Commission.

Council of the EU 

The Council of the EU, also known as the Council, consists of government ministers from each EU country who meet to discuss, amend and adopt laws and coordinate policies. 

National Competent Authorities 

National competent authorities (NCAs) are specialised bodies in each member state who are responsible for supervising financial markets and institutions, ensuring compliance with EU regulations, and protecting consumers. 

For a full list of competent authorities, see here. 

National Financial Intelligence Units

National financial intelligence units (FIUs) are independent, central national agencies responsible for receiving, analysing and disseminating reports on suspicious transactions (money laundering/terrorist financing) from banks and financial institutions.

For a full list of FIUs, see here. 

Term

Definition 

Source

Financial institution

Means: 

• An undertaking other than a credit institution, which carries out one or more of the activities listed in points (2) to (12), (14) and (15) of Annex I to Directive 2013/36/EU of the European Parliament and of the Council, including the activities of currency exchange offices (bureaux de change).
• An insurance undertaking as defined in point (1) of Article 13 of Directive 2009/138/EC of the European Parliament and of the Council, insofar as it carries out life assurance activities covered by that directive.
• An investment firm as defined in point (1) of Article 4(1) of Directive 2004/39/EC of the European Parliament and of the Council.
• A collective investment undertaking marketing its units or shares.
• An insurance intermediary as defined in point (5) of Article 2 of Directive 2002/92/EC of the European Parliament and of the Council where it acts with respect to life insurance and other investment-related services, with the exception of a tied insurance intermediary as defined in point (7) of that article.
• Branches, when located in the Union, of financial institutions as referred to in points (a) to (e), whether their head office is situated in a member state or in a third country.

Directive (EU) 2015/849 (4th Anti-Money Laundering Directive – 4th AMLD)

Credit institution 

Means an undertaking the business of which is to take deposits or other repayable funds from the public and to grant credits for its own account.

Article 4(1)(1), Regulation (EU) No. 575/2013 (Capital Requirements Regulation – CRR) 

Payment institution

Means a legal person that has been granted authorisation in accordance with Article 11 to provide and execute payment services throughout the Union.

Article 4(4), Directive (EU) 2015/2366 (Revised Payment Services Directive – PSD2) 

Payment service

Means any business activity set out in Annex I:

• Services enabling cash to be placed on a payment account, as well as all the operations required for operating a payment account.
• Services enabling cash withdrawals from a payment account, as well as all the operations required for operating a payment account.
• Execution of payment transactions, including transfers of funds on a payment account with the user’s payment service provider or with another payment service provider:
  • Execution of direct debits, including one-off direct debits.
  • Execution of payment transactions through a payment card or a similar device.
  • Execution of credit transfers, including standing orders.
• Execution of payment transactions where the funds are covered by a credit line for a payment service user:
  • Execution of direct debits, including one-off direct debits.
  • Execution of payment transactions through a payment card or a similar device.
  • Execution of credit transfers, including standing orders.
• Issuing of payment instruments and/or acquiring of payment transactions.
• Money remittance.
• Payment initiation services.
• Account information services.

Article 4(3), Directive (EU) 2015/2366  (Revised Payment Services Directive – PSD2) 

Investment firm

Means any legal person whose regular occupation or business is the provision of one or more investment services to third parties and/or the performance of one or more investment activities on a professional basis.

Article 4(1)(1), Directive 2014/65/EU (Markets in Financial Instruments Directive II – MiFID II)

Investment services and activities 

Means any of the services and activities listed in Section A of Annex I relating to any of the instruments listed in Section C of Annex I:

• Reception and transmission of orders in relation to one or more financial instruments.
• Execution of orders on behalf of clients.
• Dealing on own account.
• Portfolio management.
• Investment advice.
• Underwriting of financial instruments and/or placing of financial instruments on a firm commitment basis.
• Placing of financial instruments without a firm commitment basis.
• Operation of a multilateral trading facility (MTF).
• Operation of an organised trading facility (OTF).

Article 4(2), Directive 2014/65/EU (Markets in Financial Instruments Directive II – MiFID II)

Lending provider

A non-bank financial institution providing consumer credit. This can include mortgages, buy now pay-later (BNPL), loans and others. 

Vixio definition 

Crypto-asset service 

Means any of the following services and activities relating to any crypto-asset:

• Providing custody and administration of crypto-assets on behalf of clients.
• Operation of a trading platform for crypto-assets.
• Exchange of crypto-assets for funds.
• Exchange of crypto-assets for other crypto-assets.
• Execution of orders for crypto-assets on behalf of clients.
• Placing of crypto-assets.
• Reception and transmission of orders for crypto-assets on behalf of clients.
• Providing advice on crypto-assets.
• Providing portfolio management on crypto-assets.
• Providing transfer services for crypto-assets on behalf of clients.

Article 3(1)(16), Regulation (EU) 2023/1114 (Markets in Crypto-Assets – MiCA)

Financial instrument

Means any of the following: 

• A contract that gives rise to both a financial asset of one party and a financial liability or equity instrument of another party.
• An instrument specified in Section C of Annex I to Directive 2004/39/EC (now Directive 2014/65/EU (Markets in Financial Instruments Directive II – MiFID II)).
  • Transferable securities.
  • Money market instruments.
  • Units in collective investment undertakings.
  • Options, futures, swaps, forward rate agreements and any other derivative contracts relating to securities, currencies, interest rates or yields, emission allowances or other derivatives instruments, financial indices or financial measures which may be settled physically or in cash.
  • Options, futures, swaps, forwards and any other derivative contracts relating to commodities that must be settled in cash or may be settled in cash at the option of one of the parties other than by reason of default or other termination event.
  • Options, futures, swaps, and any other derivative contract relating to commodities that can be physically settled provided that they are traded on a regulated market, a MTF, or an OTF, except for wholesale energy products traded on an OTF that must be physically settled.
  • Options, futures, swaps, forwards and any other derivative contracts relating to commodities, that can be physically settled not otherwise mentioned in point 6 of this section and not being for commercial purposes, which have the characteristics of other derivative financial instruments.
  • Derivative instruments for the transfer of credit risk.
  • Financial contracts for differences.
  • Options, futures, swaps, forward rate agreements and any other derivative contracts relating to climatic variables, freight rates or inflation rates or other official economic statistics that must be settled in cash or may be settled in cash at the option of one of the parties other than by reason of default or other termination event, as well as any other derivative contracts relating to assets, rights, obligations, indices and measures not otherwise mentioned in this section, which have the characteristics of other derivative financial instruments, having regard to whether, inter alia, they are traded on a regulated market, OTF, or an MTF.
  • Emission allowances consisting of any units recognised for compliance with the requirements of Directive 2003/87/EC (Emissions Trading Scheme).
• A derivative financial instrument.
• A primary financial instrument.
• A cash instrument. 

Article 4(1)(50), Regulation (EU) No. 575/2013 (Capital Requirements Regulation – CRR) 

Crypto-asset

Means a digital representation of a value or of a right that is able to be transferred and stored electronically using distributed ledger technology or similar technology,

Article 3(1)(5), Regulation (EU) 2023/1114 (Markets in Crypto-Assets – MiCA) 

Crypto-asset service provider 

Means a legal person or other undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is allowed to provide crypto-asset services in accordance with Article 59.

Article 3(1)(15), Regulation (EU) 2023/1114 (Markets in Crypto-Assets – MiCA) 

Distributed ledger technology (DLT)

Means a technology that enables the operation and use of distributed ledgers.  

Article 3(1)(1), Regulation (EU) 2023/1114 (Markets in Crypto-Assets – MiCA) 

Distributed ledger

Means an information repository that keeps records of transactions and that is shared across, and synchronised between, a set of DLT network nodes using a consensus mechanism

Article 3(1)(2), Regulation (EU) 2023/1114 (Markets in Crypto-Assets – MiCA) 

Electronic money institution

Means a legal person that has been granted authorisation under Title II to issue electronic money.

Article 2(1), Directive 2009/110/EC (Electronic Money Directive – EMD) 

Electronic money

Means electronically, including magnetically, stored monetary value as represented by a claim on the issuer which is issued on receipt of funds for the purpose of making payment transactions as defined in point 5 of Article 4 of Directive 2007/64/EC, and which is accepted by a natural or legal person other than the electronic money issuer.

Article 2(2), Directive 2009/110/EC  (Electronic Money Directive – EMD) 

Title 

Impacted Sector 

Current Stage

Key Information

Proposal for a Directive on Payment Services and Electronic Money Services (Payment Services Directive 3 – PSD3)

Payments 

PSD3 was first announced on June 28, 2023 as part of a proposal to bring payments and the wider financial sector into the digital age.  Then, on November 27, 2025, the European Parliament announced that it had, along with the Council of the European Union, agreed on the proposals for PSD3. 

According to the European Parliament, PSD3 is currently awaiting the Council’s first reading position. The proposal must be formally adopted by the Parliament and Council before final publication can take place. 

Final publication of the directive is expected to take place in Q2/Q3 2026. 

PSD3 lays down rules concerning access to the activity of providing payment and electronic money services within the union by payment institutions, as well as supervisory powers and tools for the supervision of payment institutions. In doing so, the directive provides provisions on: 

• Licensing and supervision.
• The use of agents, distributors, branches and outsourcing.
• Competent authorities and supervision.
• Exemptions and notifications. 

The proposed directive amends Directive 98/26/EC and repeals the following: 

• Directive 2015/2366/EU.
• Directive 2009/110/EC.

Proposal for a Regulation on Payment Services (Payment Services Regulation – PSR)

Payments

The PSR was first announced on June 28, 2023 as part of a proposal to bring payments and the wider financial sector into the digital age. Then, on November 27, 2025, the European Parliament announced that it had, along with the Council of the European Union, agreed on the proposals for the PSR. 

According to the European Parliament, the PSR is currently awaiting the Council’s first reading position. The proposal must be formally adopted by the Parliament and Council before final publication can take place. 

Final publication of the regulation is expected to take place in Q2/Q3 2026. 

The PSR lays down uniform requirements on the provision of payment services and electronic money services. It focuses on: 

• The transparency of conditions and information requirements for payment services and electronic money services.
• The respective rights and obligations of payment and electronic money service users, and of payment and electronic money service providers in relation to the provision of payment services and electronic money services. 

In doing so, the regulation provides provisions on: 

• Single payment transactions.
• Framework contracts.
• Access to payment systems and to accounts maintained with credit institutions.
• Account information services and payment initiation services.
• Data access interfaces for account information services and payment initiation services.
• The rights and obligations of account servicing payment service providers.
• The authorisation of payment transactions. 

The PSR amends Regulation (EU) No. 1093/2010. 

Proposal for a Regulation on a Framework for Financial Data Access (Financial Data Access Regulation – FiDA)

All 

FiDA was first announced on June 28, 2023 as part of a proposal to bring payments and the wider financial sector into the digital age.  Then, on December 4, 2024, the Council of the European Union announced that it had reached an agreement on the proposal. 

According to the European Parliament, FiDA is currently awaiting the Council’s first reading position. The proposal must be formally adopted by the Parliament and Council before final publication can take place.

Although FiDA was expected to be published in Q4 2025, it is now expected in 2026. 

FiDA establishes rules on the access, sharing and use of certain categories of customer data in financial services. It also establishes rules concerning the authorisation and operation of financial information service providers. 

In particular, FiDA would apply to the following categories of customer data:

• Mortgage credit agreements, loans and accounts, except payment accounts as defined in Directive (EU) 2015/2366, including data on balance, conditions and transactions.
• Savings, investments in financial instruments, insurance-based investment products, crypto-assets, real estate and other related financial assets, as well as the economic benefits derived from such assets, including data collected for the purposes of carrying out an assessment of suitability and appropriateness in accordance with Article 25 of Directive 2014/65/EU.
• Pension rights in occupational pension schemes, in accordance with Directive 2009/138/EC and Directive (EU) 2016/2341.
• Pension rights on the provision of pan-European personal pension products, in accordance with Regulation (EU) 2019/1238.
• Non-life insurance products in accordance with Directive 2009/138/EC, with the exception of sickness and health insurance products, including data collected for the purposes of a demands and needs assessment in accordance with Article 20 of Directive (EU) 2016/97, and data collected for the purposes of an appropriateness and suitability assessment in accordance with Article 30 of Directive (EU) 2016/97.
• Data which forms part of a creditworthiness assessment of a firm which is collected as part of a loan application process or a request for a credit rating.

In doing so, the proposed regulation provides provisions on:

• Data access.
• Responsible data use and permission dashboards.
• Financial data sharing schemes.
• Eligibility for data access and organisations.
• Competent authorities and supervision framework. 

Proposal for a Regulation on the Establishment of the Digital Euro (Digital Euro Regulation – DER)

Payments, Banking 

DER was first announced by the European Commission on June 28, 2023 in its digital euro package. On December 19, 2025, the Council of the European Union announced that it had agreed its negotiating position on key proposals. 

According to the European Parliament, the DER is currently awaiting a committee decision. 

The proposed regulation establishes the digital euro and lays down rules concerning, in particular, its legal tender status, distribution, use and essential technical features. In this vein, digital euro is defined as the digital form of the single currency available to natural and legal persons. 

The regulation provides provisions on: 

• The establishment and issuance of the digital euro.
• The digital euro’s legal tender status.
• Distribution.
• Use of the digital euro as a store of value and as a means of payment.
• Technical features.
• Privacy and data protection. 

Proposal for a Regulation on the Provision of Digital Euro Services (Digital Euro Services Regulation – DESR) 

Payments, Banking 

DESR was first announced by the European Commission on June 28, 2023 in its digital euro package. On December 19, 2025, the Council of the European Union announced that it had agreed its negotiating position on key proposals. 

According to the European Parliament, the DESR is currently awaiting a committee decision. 

The proposed regulation lays down rules concerning: 

• The specific obligations that payment service providers incorporated in member states whose currency is not the euro shall apply when providing digital euro payment services.
• The supervision and enforcement of the obligations.
• The specific obligations that original equipment manufacturers of mobile devices and providers of electronic communication services within the meaning of Article 2(1) Directive (EU) 2018/1972 established in member states whose currency is not the euro shall apply in relation to the digital euro.

The DESR amends Regulation (EU) 2021/1230.