November 2025
Welcome to the latest edition of European Regulatory Radar
The new issue of European Regulatory Radar brings you the latest updates impacting financial services firms in the region. Complementing the UK Regulatory Radar series, European Regulatory Radar provides an overview of the wider economic and political environment, key updates from the last quarter and deep-dive articles.
Pressure on EU authorities to deliver streamlining and simplification measures remains high, in line with the EU’s competitiveness agenda. This is reflected in the European Supervisory Authorities’ (ESAs’) – ESMA, EIOPA and the EBA’s – workplans for 2026 (see more below). Important themes across the programmes include promoting innovation and supporting key initiatives such as the Savings and Investments Union (SIU).
Regulatory activity continues at pace to deliver the simplification agenda. In the last quarter, the ESAs moved forward with consultations, technical standards and supervisory reviews. Denmark will be keen to progress its priorities on the Retail Investment Strategy, payments regulation and the SIU, alongside efforts to streamline legislative frameworks and reduce reporting burdens, before handing over presidency of the European Council to Cyprus on 1 January 2026. Early indications are that Cyprus will continue with the simplification drive amid calls from some member states to deliver more systematic simplification.
EU-UK cooperation remains key. The fourth EU-UK Financial Regulatory Forum met in Brussels in October, and reaffirmed cooperation on financial stability, market integration and sustainable finance. Key topics for discussion included Basel implementation and the importance of alignment on common priorities such as the T+1 transition.
ESAs Joint Committee Work Programme for 2026: The EBA, ESMA and EIOPA have published their 2026 joint Work Programme, outlining key areas of collaboration for the coming year. The programme aims to strengthen the financial system’s digital operational resilience, ensure the continued protection of consumers and identify risks that could undermine financial stability. Joint work planned includes:
ESAs Joint Committee report on risks and vulnerabilities: The EBA, ESMA and EIOPA have issued their joint Autumn 2025 statement on Risks and Vulnerabilities in the EU financial system, urging firms to remain alert to macro-financial and operational risks given persistent inflation, high interest rates and geopolitical uncertainty. Firms are encouraged to integrate geopolitical and trade-related risks into strategic and operational planning. The ESAs also highlight the growing systemic relevance of cyber and crypto-asset risks and note that institutions should look to strengthen resilience, stress test liquidity and assess third-party dependencies. The focus on stability and contagion channels will continue through 2026, with emphasis on the importance of cyber readiness and cross-sector coordination.
Deprioritisation of level two acts: The European Commission has written to the ESAs, informing them that in order to facilitate the simplification agenda, certain non-essential “level 2” acts will not be adopted as previously communicated. Out of the 430 areas where the Commission has been empowered to adopt level 2 acts, it has deemed 115 to be non-essential for financial services and has published a list of these. These cover a range of important files including CRR, MiFID, SFDR, AIFMD II and Solvency II. Notably, the Commission will not adopt any of the listed acts before October 2027. In parallel, it will propose to amend or repeal empowerments for the non-essential acts where there is an obligation to act within a specific deadline in the context of ongoing amendments of level 1 rules.
EBA 2026 Work Programme: The 2026 Work Programme is structured around three core priorities:
In 2026, the EBA will assume new oversight and supervisory responsibilities for critical third-party providers under DORA, crypto-asset issuers under MiCA, and initial margin models under EMIR. The EBA's responsibilities for anti-money laundering and countering the financing of terrorism (AML/CFT), in place since 2020, will transition to the newly established Anti-Money Laundering Authority (AMLA).
EU-wide Transparency Exercise: The EBA has launched its 2025 EU-wide Transparency Exercise to strengthen market discipline and transparency in the EU banking sector. The exercise covers more than 100 major banks and will disclose data on capital positions, asset quality, sovereign exposures and risk profiles from Q3 2024 to Q2 2025. It complements banks’ Pillar 3 disclosures under the Capital Requirements Directive (CRD) and uses existing supervisory reporting to minimise burden. Results will be released in December 2025 alongside the EBA’s Risk Assessment Report. The exercise will provide investors with greater insight into banks’ resilience and exposure trends ahead of 2026 regulatory reviews.
Stress testing: The EBA and ECB have published results of the 2025 EU-wide stress test. The ECB has confirmed that its 2026 stress test will target banks’ exposures to geopolitical risks. For more on both see the latest edition of KPMG SSM Insights below. The ECB has also published findings from its counterparty credit risk (CCR) exploratory scenario exercise. The exercise looked at the concentration of exposures across various types of counterparties and the sensitivity of these exposures to diverse adverse market conditions. The ECB found that additional FX shocks to the main currency pairs may have a significant impact on stressed CCR exposure. It also observed that the highest risk concentration of sub-investment-grade counterparties is among hedge funds and private equity, exposures to non-financial corporations are relatively less collateralised, and there is relatively low materiality of specific wrong-way risk in CCR portfolios. Supervisors will follow up with participating banks to discuss the observations and may seek clarification on matters that were not sufficiently covered in the explanatory notes accompanying the quantitative submissions.
FRTB postponement: On 12 June, the European Commission adopted a new Delegated Act deferring the application of the Fundamental Review of the Trading Book (FRTB) standards for calculating own funds requirements for market risk in the EU for another year to 1 January 2027. Following the Delegated Act, the EBA confirmed that its 12 August 2024 “no action” letter remains fully valid. The EBA's considerations on specific issues related to the FRTB postponement also continue to apply during the extended deferral period.
Internal models: The ECB has revised its Guide to internal models to incorporate updates to regulatory requirements under CRR3, address the use of Machine Learning, and strengthen governance standards. For more information see the latest edition of KPMG SSM Insights below.
Prudential treatment of cryptoasset exposures: The EBA has published final draft Regulatory Technical Standards (RTS) specifying the technical elements for institutions to calculate and aggregate crypto-asset exposures under the Capital Requirements Regulation (CRR 3). The RTS aim to harmonise capital requirements for various crypto-asset exposures, including Asset Reference Tokens (ARTs) and unbacked crypto-assets, across the EU, aligning with Basel standards and the Markets in Crypto Assets Regulation (MiCA).
Operational risk losses: The EBA has published three key final draft RTS to assist in implementing the EU Banking Package. The first RTS focuses on establishing a risk taxonomy for operational risk, providing a comprehensive list of event types, categories, and attributes that institutions must use when recording operational risk loss events. The second addresses the conditions under which calculating the annual operational risk loss would be unduly burdensome for an institution. The third provides guidance on adjustments to an institution's loss data set after the inclusion of losses from merged or acquired entities or activities.
Non-performing exposures: The ECB has consulted on a draft Guideline to harmonise the supervisory approach to non-performing exposures (NPEs) held by less significant institutions (LSIs). The Guideline, developed with National Competent Authorities, aims to strengthen the resilience of LSIs, while allowing for proportionate and consistent risk management. It focuses on legacy NPEs originated before 26 April 2019 and will be phased in from 31 December 2025 to 31 December 2028.
Internal governance: The EBA is consulting until 7 November on revised Guidelines on internal governance under the Capital Requirements Directive (CRD 6). The proposals clarify expectations on documented duties for management body members, senior managers and key function holders and would require comprehensive mapping of responsibilities. They incorporate requirements relating to DORA, address findings from the EBA’s diversity and remuneration benchmarking report and provide guidance for third-country branches.
Third country branches: The EBA consulted until 10 October on three sets of RTS and Guidelines (GL) for third-country branches under CRD 6. The consultations covered three key areas:
The standards and guidelines aim to ensure harmonised implementation of the new EU framework, enhance comparability across member states and foster effective supervisory cooperation.
Resolution plans and resolution colleges: The EBA is consulting until 5 November on amendments to its RTS on resolution plans and resolution colleges. The proposed updates aim to simplify and streamline resolution plans, clarify the content of resolvability assessments and improve cooperation among resolution authorities. Changes include reorganising resolvability assessments across seven core dimensions and enhancing cross-border coordination through simplified college procedures. The measures are intended to improve crisis readiness and ensure a more efficient, harmonised approach to resolution planning across the EU.
MREL reporting framework: The EBA has published final draft Implementing Technical Standards (ITS) to amend the framework for reporting decisions on the Minimum Requirement for Own Funds and Eligible Liabilities (MREL) by resolution authorities. Key changes include a shift to a semi-annual reporting cycle from annual, enhanced reporting of discretionary elements in MREL setting, and streamlined data fields to reduce administrative burden. The amendments incorporate recent legal updates, such as those from the "Daisy Chain Directive".
ESMA’s 2026 Annual Work Programme: ESMA published its Annual Work Programme for 2026, outlining its strategic priorities for the year ahead. ESMA’s focus for the year will be split across three key areas. Firstly, supporting the SIU. Secondly, driving data innovation and market integration through the effective implementation of MiCA, ensuring the smooth T+1 transition by October 2027 and rolling out key data innovation projects. Finally, continuing to support in the implementation of key legislation such as EMIR 3, the European Single Access Point (ESAP) and Retail Investment Strategy (RIS), while also reviewing the implementation of the PRIIPS, SFDR and Securitisation Regulations.
Draft RTS for open-ended loan originating (LO) AIFs: To complement the level 1 AIFMD II rules, ESMA has published draft RTS for LO AIFs. These set out the requirements that such funds would need to meet to be permitted to have an open-ended rather than a closed-ended structure. Compared to ESMA’s initial proposals, the RTS have been revised to make them more flexible and accommodating. Key changes include removing a requirement for AIFMs to determine an appropriate amount of liquid assets that LO AIFs should hold to meet redemptions, relaxing the minimum stress testing frequency from quarterly to annually, and clarifying that LO AIF managers do not require specific pre-authorisation before they can manage open-ended LO AIFs. The Commission technically has three months to adopt the RTS. However, ESMA notes that these RTS are on the list of non-essential acts that the Commission will not adopt before October 2027 at the earliest.
ESMA Feedback Statement on private securitisation: ESMA has published a Feedback Statement as part of its ongoing efforts to enhance the proportionality and effectiveness of the securitisation disclosure framework. The decision, as a result of consultation feedback, is to delay changing disclosure requirements for private securitisation until after the European Commission concludes the broader review of the Level 1 framework.
Financial literacy and Savings and Investments Accounts (SIAs): The European Commission has published a progress update on key deliverables under the SIU initiative. It has released a financial literacy strategy for EU citizens made up of four pillars. In addition, following a call for input it has published a ‘blueprint’ for EU SIAs with key features that they should include, and recommended member states should introduce SIAs for the first time or enhance existing frameworks. The Commission will monitor uptake by member states.
EBA and ESMA report on IFR/IFD: The EBA and ESMA have recommended targeted revisions to the EU investment firms’ prudential framework that will be submitted to the European Commission. These aim to improve the functionality of the framework, make it more proportionate, and contribute to a more level playing field amongst investment firms and wider financial institutions. The report also includes more detailed reflections on specific topics such as the adequacy of own funds requirements and the interaction between the prudential framework and other regulations such as the UCITS Directive.
Supervisory expectations for management bodies: ESMA has outlined 12 principles it expects its directly supervised entities to apply to their governance and oversight frameworks. These include the role, responsibilities, operation and leadership of the management body. The principles apply to administrators of EU critical benchmarks and third-country recognised benchmarks, Tier 2 CCPs, Credit Rating Agencies, DRSPs, SRs and Trade Repositories and will apply from 15 January 2026.
Application of the MiFID II/MiFIR review: ESMA has published a second statement clarifying how firms should apply certain provision of MiFID II/MiFIR review, given that in some cases revised RTS have not been adopted by the Commission or IT systems are still under development. The areas covered are commodity derivatives and derivatives on emission allowances, the SI regime, volume cap mechanism and the revised rules on equity and non-equity transparency.
EMIR 3: Amendments to EMIR now allow CCPs to accept non-financial counterparties as clearing members – ESMA is consulting on a new RTS that specifies what should be considered by CCPs when establishing admission criteria.
ESMA has also published its final reports on RTS that specify the conditions:
T+1 Settlement: ESMA published its final report recommending amendments to the CSDR settlement discipline RTS to facilitate the movement to T+1 settlement by 11 October 2027. The amendments include same-day (trade date) timing for trade allocations and settlement, machine-readable formats for allocations and confirmations, and mandatory implementation of key functionalities such as hold and release, auto-partial settlement, and auto-collateralisation. There is a proposed phased-in implementation schedule beginning December 2026.
EIOPA annual work programme: EIOPA’s 2026 Work Programme outlines strategic priorities focused on sustainable finance, digital transformation, supervisory convergence and financial stability. Key objectives include closing natural-catastrophe protection gaps, improving oversight of AI and greenwashing risks, implementing the Insurance Recovery and Resolution Directive (IRRD) and updating Solvency II standards. EIOPA will also develop a conduct-risk dashboard, strengthen cyber resilience through threat-led testing and enhance coordination on critical third-party oversight.
Solvency II consultations: EIOPA has initiated a new series of consultations concerning legal instruments stemming from the Solvency II framework review. This round includes six new and revised technical standards and guidelines on topics including: disclosure templates for supervisory authorities, treatment of matching adjustment, valuation of technical provisions, ring-fenced funds, simplified calculation of the risk margin, and supervisory powers on liquidity vulnerabilities. The submission deadline for feedback is 5 January 2026.
Solvency II Delegated Regulation: The European Commission sought feedback on draft amendments to the Solvency II Delegated Regulation aimed at improving capital management, enhancing proportionality and incentivising long-term investment. Proposed changes include recalibration of the risk margin, refinements to the volatility adjustment and simplified group-solvency and reporting rules. EIOPA wrote to the Commission expressing concern about the proposed changes, specifically around the potential combined impact of lower capital requirements, riskier investment strategies, and economic and geopolitical uncertainty, comparing it to 'increasing speed limits on our roads while eliminating simultaneously the requirement to have airbags in our vehicles'.
Supervising mass-lapse reinsurance: EIOPA has released annexes to its 2021 Opinion on risk-mitigation techniques, offering guidance on mass-lapse reinsurance and termination clauses in reinsurance contracts. The annexes promote consistent prudential treatment across the EU by setting parameters for measurement periods, exclusions and termination clauses used to determine effective risk transfer. Supervisors are encouraged to apply a 12-month rolling measurement period as standard, with longer horizons justified only in specific business contexts. Insurers using mass-lapse reinsurance should review contractual structures, governance documentation and risk-transfer assessments to ensure alignment with EIOPA’s guidance. Enhanced supervisory monitoring is expected in forthcoming peer reviews.
Resolution colleges and IRRD reporting: EIOPA has consulted on draft Regulatory and Implementing Technical Standards under the Insurance Recovery and Resolution Directive (IRRD). The proposals define governance arrangements for resolution colleges, including membership, coordination procedures and communication processes. They also set minimum reporting requirements and templates for insurers’ resolution planning. The consultation aims to balance effective data collection with proportionality to reduce burden. Firms likely to fall within scope of IRRD should review the proposals carefully and assess data-system readiness.
AI governance and risk management: EIOPA has issued an Opinion clarifying how Solvency II and the Insurance Distribution Directive apply to AI systems not classed as high-risk under the EU AI Act. It defines supervisory expectations for data quality, model explainability, fairness, cyber security and human oversight. National Competent Authorities (NCAs) are expected to apply these principles proportionately to AI-system complexity and risk. Firms should review governance frameworks, update data-management and algorithmic-control procedures, and ensure transparent documentation of decision-making processes.
Supervision of occupational-pension liquidity risk: EIOPA’s Opinion on liquidity-risk management for occupational pension funds (IORPs) sets expectations for supervisors to strengthen oversight of liquidity risks from margin and collateral calls, particularly in volatile markets. It recommends integrating liquidity-risk analysis into the overall management system, regular stress-testing of cash flows, and maintaining adequate liquid-asset buffers. Pension funds should ensure their risk frameworks capture liquidity shocks and that their governance arrangements provide for ongoing monitoring and mitigation.
Diversity guidelines: EIOPA has published guidelines to promote diversity on insurers' boards, following the amendment to the Solvency II Directive that aims to promote greater diversity among entities' decision-makers. The guidelines stress proportionality and note that insurers should develop and implement a diversity policy that considers education and professional background, gender, age and geographical provenance. Insurers should aim to have an appropriate gender-balance and specify a timeframe for when they will achieve quantitative gender targets. The diversity policy may also envisage employee representation within the administrative, management or supervisory body. The guidelines will apply from 30 January 2027.
General-Purpose AI Code of Practice: The European Commission has published the final version of its General-Purpose AI (GPAI) Code of Practice, designed to help model developers comply with the EU AI Act’s transparency, safety and copyright obligations. The voluntary Code provides structured templates for documenting model provenance, implementing copyright-law compliance, and managing systemic risks associated with GPAI models. Accompanying guidelines clarify when downstream modifications to AI models trigger compliance duties under the AI Act. The Code will serve as an interim mechanism until enforcement begins in 2026–2027. Financial institutions using foundation or modified AI models should review whether their use cases qualify as “significant modifications” under the Act.
Liquidity requirements under MiCA: The EBA has published two Opinions responding to the European Commission's proposed amendments to the draft RTS on liquidity requirements for the reserve of assets under the Markets in Crypto-Assets Regulation (MiCA). The EBA believes the Commission’s amendments are inconsistent with MiCA's prudential framework, potentially introducing significant liquidity risk, weakening alignment with the banking liquidity framework and creating opportunities for regulatory arbitrage.
Digital Euro sandbox: After running a sandbox with almost 70 market participants, the ECB has shared its findings and confirmed that it will launch a second round of experimentation through a platform next year to maximise innovation potential. Overall, the experiment highlighted the importance of harmonised standards, a shared infrastructure and ongoing collaboration with market participants to ensure the scalability, reliability and usability of the digital euro across the euro area. Conditional payments were identified as possible key driver of innovation for consumers and businesses.
DORA oversight of Critical Third Parties: The ESAs have published a guide on oversight activities related to the Digital Operational Resilience Act (DORA). The guide, intended to help prepare for oversight implementation, provides an overview of the processes used by the ESAs through the Joint Examination Teams to oversee critical third party service providers (CTPPs). It explains the CTPP oversight framework, governance structure, founding principles, and available tools for overseers.
ESMA supervision of third-party risks: ESMA has published Principles for the supervision of third-party risks. These 14 principles aim to support harmonised and effective EU-wide supervisory culture, and address the growing risks associated with outsourcing, delegation and other third-party services used by supervised firms.
ESMA - Outsourcing to cloud service providers: DORA became applicable on 17 January 2025. ESMA’s Guidelines on outsourcing to cloud service providers no longer apply to those financial entities subject to DORA. DORA does not apply to AIFs and UCITS depositaries which are not part of a credit institution and investment firms. ESMA has re-published the Guidelines with updates that apply specifically to these entities.
Outsourcing peer review: EIOPA’s follow-up report on its 2022 peer review of outsourcing under Solvency II found that most supervisory actions have been completed by NCAs, with 55 of 77 recommendations fully implemented. Remaining areas for attention relate to off-site monitoring, internal procedural consistency and operationalisation of supervisory tools. EIOPA encourages further work from NCAs to ensure convergence in oversight of outsourced critical and important functions. The report signals continuing supervisory scrutiny of outsourcing arrangements, including cloud and IT service dependencies, and highlights the importance of robust documentation, due diligence and exit planning within governance frameworks.
EBA - Third-party risk: The EBA is consulting on draft Guidelines for the sound management of third-party risk, specifically focusing on non-ICT related services. The draft Guidelines aim to revise and update the previous EBA Guidelines on outsourcing from 2019, ensuring alignment with DORA.
EFRAG consultation on revised ESRS exposure drafts: EFRAG consulted until 29 September on revised and simplified European Sustainability Reporting Standards (ESRS) developed under the Omnibus initiative to reduce reporting complexity. The consultation proposed to cut mandatory data points by 57%, remove voluntary disclosures and introduce cost-relief mechanisms for smaller entities. It also clarified double-materiality assessment guidance. EFRAG will deliver final advice to the Commission by 30 November.
Voluntary sustainability reporting standard for SMEs: The Commission has recommended adoption of a Voluntary Sustainability Reporting Standard for small and medium sized enterprises (VSME). This would offer SMEs outside the scope of the Corporate Sustainability Reporting Directive (CSRD) a simplified, more proportionate framework for meeting data requests from banks, investors and large counterparties. The standard would act as a “value-chain cap”, reducing excessive information demands while supporting SME access to finance. The recommendation is an interim step pending formal adoption of a delegated act under the Omnibus sustainability initiative.
Reports to support SME sustainability reporting under VSME: EFRAG has published two new reports designed to assist Small and Medium-sized Enterprises (SMEs) in applying the Voluntary Sustainability Reporting Standard for SMEs (VSME). The first report focuses on practical support for SMEs aiming to report their Greenhouse Gas (GHG) emissions under the VSME. It maps 100 digital tools, such as GHG calculators and geolocation tools. The report includes a comparative analysis of shortlisted GHG calculators that met specific criteria, offering direct assistance to SMEs for VSME-based GHG reporting. The second report provides an overview of 223 platforms and initiatives for SME reporting, comparing those that met specific criteria and completed a self-assessment for VSME alignment.
EU Taxonomy: The Commission has adopted measures to simplify EU Taxonomy reporting from 1 January 2026. Companies will be exempt from assessing non-material activities (<10% of revenue, CapEx or OpEx) and will use reduced KPI templates, cutting data points by 64% for non-financial and 89% for financial firms. Additional adjustments streamline the Do No Significant Harm (DNSH) criteria and simplify Green Asset Ratio (GAR) calculations. The Delegated Act is now being scrutinised by the EU Parliament and Council.
No-action letter on Pillar 3 ESG disclosures: The EBA has issued a no-action letter asking national supervisors not to prioritise enforcement of certain Pillar 3 ESG disclosure requirements until it has finalised updates to the relevant Implementing Technical Standards (ITS). The letter follows a May 2025 consultation, which proposed simplifying reporting in line with the European Commission’s Omnibus initiative. Firms should continue preparing for the final ITS submission to the Commission in Q4 2025 and review data-system readiness for expanded ESG scope.
ESG product oversight and governance (POG): The EBA has consulted on revisions to its POG guidelines to address retail banking products with ESG features and mitigate greenwashing risks. The proposals extend the 2015 POG framework to include ESG considerations within prudential and conduct supervision, reflecting changes under the Capital Requirements Directive and Regulation. Revisions will require firms to incorporate ESG risk into product design, governance, target-market identification and distributor information.
Climate factor for ECB collateral framework: From H2 2026, the ECB will apply a “climate factor” to its collateral framework, adjusting valuations for non-financial corporate assets based on exposure to transition risks. The measure aims to shield the Eurosystem from collateral depreciation linked to climate shocks, and align monetary policy operations with climate objectives. Banks should anticipate haircuts on high-emission assets and review collateral management strategies accordingly.
Integration of climate change into insurers’ risk assessments: EIOPA’s latest monitoring exercise shows progress in embedding climate-risk analysis within insurers’ governance and ORSAs but identifies inconsistent methodologies and data gaps. Most firms now use climate scenarios and link findings to capital planning, yet variance remains across jurisdictions. EIOPA will facilitate supervisory workshops to promote convergence. Insurers should strengthen quantitative climate modelling and evidence how outputs inform strategic decisions.
Biodiversity risk: EIOPA’s biodiversity risk report found that insurers are taking initial steps to identify nature-related risks but that this is still limited to qualitative assessments. Roughly 20% of insurers now reference biodiversity in ORSAs. EIOPA encourages industry-supervisor collaboration to develop data and scenario tools linking biodiversity and climate factors.
SFDR disclosures: The ESAs have published the findings of their latest annual review of entity- and product-level disclosures of principal adverse impacts (PAIs) under the SFDR. This year’s review found a general improvement in the quality of information disclosed and some evidence that firms have taken on board previously published good practice.
ESG ratings: ESMA has published its Final Report including final draft RTS under the Regulation on the transparency and integrity of ESG rating activities. Three RTS have been revised:
European Green Bonds Regulation: ESMA has issued its Final Report containing revised draft technical standards (RTS and ITS) on the EU Green Bonds Regulation for submission to the European Commission for adoption. The technical standards include criteria for:
