This article was first published on 12 January 2026 by Law360.com
With the development of a range of new and ongoing legislative measures across the banking, investment, digital and payments sectors, 2025 was an exceptionally busy year for European Union financial services initiatives.
Judging from the work programmes of the European Commission (Commission), the three European Supervisory Authorities, or ESAs — comprising the European Insurance and Occupational Pensions Authority (EIOPA), the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA) — and the Joint Committee of the ESAs, EU Iawmakers will continue to be at full capacity in 2026.
Here is our pick of what financial services businesses operating or looking to operate in the EU should look out for in the year ahead.
Capital markets integration
Building on the adoption of its savings and investment strategy in March 2025 and a targeted consultation in April 2025, the Commission announced a major set of legislative reforms at the start of December 2025 to fully integrate EU financial markets.
The package, which will require extensive negotiation by each of the EU Parliament and EU Council in 2026, will complete the ambition of a Savings and Investments Union.
The legislative proposals consist of a master regulation and a master directive, which make changes to a number of existing pieces of EU capital market legislation. There is also a proposal for a Settlement Finality Regulation, which amends the Financial Collateral Directive and repeals the Settlement Finality Directive.
Noteworthy aspects of the proposals include the following:
- a major upgrade to ESMA's role and functions, as a result of which it will become the supervisor for significant market infrastructures such as certain trading venues, central counterparties — entities that act as intermediaries between trading parties, central securities depositories, and all crypto-asset service providers
- the streamlining of regulatory requirements, such as removing obstacles to the authorisation and marketing of investment funds
- the removal of barriers to distributed ledger technology innovation.
It is unclear what will ultimately emerge from this latest attempt to address what has become something of a holy grail for the Commission. Given the range of reactions to the proposals to date, notably the criticism of the beefed-up remit of ESMA, this will certainly be a hot topic throughout 2026.
Simplification agenda
A common thread through all the work programmes is simplification, reflecting the EU's simplification agenda, which was announced in 2024 and is reflected so far in a number of omnibus packages. For example, the Joint Committee's 2026 work programme, published on 16 October 2025, notes it "will execute its 2026 work programme in the context of the simplification agenda ... [and] explore ways to foster simplification in areas within its remit."
It was therefore timely that the EU Council agreed on 12 December 2025 the principles that should inform the simplification of EU financial services regulation. The EU Council calls for maintaining "key pillars of the regulatory framework," such as strong capital and liquidity rules, resolution frameworks, consumer and investor protection, supervision and effective financial crime rules.
It goes on to say that a primary focus of simplification should be "eliminating unnecessary requirements" through techniques such as building greater consistency between different legislation and aligning definitions, and getting rid of duplications and obsolete or unnecessary provisions.
This and its emphasis on the importance of coordination, timing and sequencing of legislation, and the integral role of consulting with the public and stakeholders, should resonate well with businesses.
The EU Council's announcement followed the publication the day before of recommendations from the European Central Bank on simplifying EU prudential, regulatory and reporting requirements, which will feed into the Commission's preparation of a report on the EU banking system, due out in 2026.
Digital assets and payments
With the jigsaw of technical measures accompanying the EU's Markets in Crypto-Assets Regulation, or MiCAR, in place, attention now turns to ensuring consistent implementation across the EU and the monitoring of crypto-assets markets.
A review of its practical implementation has already given rise to concerns. In September 2025, the French, Austrian and Italian authorities proposed amendments to MiCAR, including stricter rules on the platforms targeting EU investors despite operating outside the EU.
The authorities propose that intermediaries executing orders on crypto-assets should do so on a platform that is compliant with MiCAR or equivalent regulation.
The Commission is also coming under pressure to clarify whether multi-issuance stablecoins are permitted under MiCAR in light of the European Systemic Risk Board (ESRB) report on the systemic risks arising from crypto-assets and decentralised finance in the context of the US's Guiding and Establishing National Innovation for US Stablecoins Act, referred to as the GENIUS Act, and the proposed Digital Asset Market Clarity Act, known as the CLARITY Act.
With political agreement in November 2025 on a new Payment Services Regulation, or PSR, and a revised Payment Services Directive, or PSD3, replacing the existing Payment Services Directive and the Electronic Money Directive, the focus in 2026 will turn to the final form of the PSD3 and PSR and the various implementing measures that the European Banking Authority will be tasked to develop — currently 18 under the PSD3 and 22 under the PSR.
The new payments framework makes key changes in areas such as fraud prevention and customer safeguards, including a new verification of payee scheme, reimbursement rules and potential liability for online platforms. It also makes amendments to fees, transparency, competition and open banking, including the removal of barriers to data access, and it seeks to clarify the relationship with MiCAR.
Followers of the payments reforms will also be eagerly awaiting the finalisation of the regulation for a framework for financial data access, which dovetails with the upgraded payments package.
Having survived rumours that it was to be shelved early in 2025, this landmark initiative will lay the foundations for open finance in the EU, enabling consumers to allow third parties, known as financial information service providers, to access their financial data to provide a range of services spanning virtually all of the financial services sector.
Currently, institutional agreement on financial data access has not yet been reached, so this looks set to be finalised during the Cypriot presidency of the EU Council, which runs from 1 January to 30 June 2026.
Digital operational resilience
The implementation of the Digital Operational Resilience Regulation, or DORA, which along with technical measures provides detailed requirements for a comprehensive information and communications technology risk management framework for a wide range of financial entities, represents a major shared priority across all ESAs.
While DORA has applied since January 2025, its impact beyond financial entities to technology providers means that it is likely to continue to pose challenges in the year ahead. For regulated financial services businesses in the UK and EU, there is an added complexity of complying with similar but divergent regimes.
The Joint Committee will concentrate on ensuring the effective operation of the new critical third-party oversight framework — the first list of designated providers having been issued in November 2025 — conducting risk assessments to outline individual annual oversight plans for each designated critical third-party provider.
All three ESAs will jointly exercise their oversight mandate over such critical third-party providers, marking a significant expansion of their supervisory responsibilities
For audit firms, DORA requires the Commission to report in January on whether DORA or an auditing standard is the most appropriate vehicle to strengthen digital resilience requirements for statutory auditors and audit firms.
Finally, 2026 will also see the strengthening of coordination between participating authorities in the pan-European Systemic Cyber Incident Coordination Framework.
Artificial intelligence and digital innovation
Digital transformation features prominently across all programmes, with key priorities being the provision of support by EIOPA to supervisors in order to assist with the identification and mitigation associated with artificial intelligence use.
The authority will monitor financial innovation by the EBA, focusing specifically on AI and machine learning applications, the development of the European Securities and Markets Authority data platform, and exploring AI-powered tools for supervision, including anomaly detection and market abuse prevention.
Alongside the wider plans to simplify some EU rules on AI in the form of the digital omnibus package, on 25 November 2025, the EU Parliament adopted a resolution on the impact of AI in the financial sector.
The EU Parliament is concerned with the regulatory overlaps and interactions between the EU AI Act and EU financial services legislation. The lack of sufficient guidance on
interpreting these overlaps and interactions introduces undue complexity, compliance burdens and legal uncertainty.
The Commission and national supervisors are asked to identify and address any inconsistencies in the course of the EU AI Act's implementation and as part of the digital omnibus package.
While the EU Parliament strikes a note of caution regarding the risks of AI, echoing a recent paper from the ESRB on AI and systemic risk, it has called on the Commission, ESAs and national supervisors to assess the added value of AI-specific regulatory sandboxes, innovation hubs and cross-border testing environments for financial services, which if introduced should offer industry some encouragement.
Conclusion
For financial services businesses with a footprint in the EU or seeking to establish one, the regulatory agenda presents both significant challenges and strategic opportunities. Success will require navigating an ever-increasing number of policy initiatives.
It will be important to undertake effective horizon-scanning across each dossier, and to monitor closely announcements from the Commission, EU Parliament, EU Council, relevant ESAs and the Joint Committee. Where possible, businesses should proactively engage with trade bodies and institutions, and respond to consultations.
Along with the heightened supervision of critical third parties, 2026 is likely to see enhanced supervision generally of in-scope DORA firms as their compliance programs come under scrutiny.
For payments firms, now is the time to undertake a gap analysis of the current Payment Services Directive regime and the PSD3/PSR regime. There should be a particular focus on those requirements that are likely to need significant resource, such as operational and technical challenges with fraud protection and open banking, along with identifying what adjustments need to be made to contractual arrangements with third parties.
With MiCAR fully in operation, firms should expect more attention from their supervisors and be prepared for investigations and potential enforcement action.
All in all, while predicting the trends in regulation is not a precise science, it seems likely that the regulatory almanac for 2026 and the work streams it gives rise to will keep everyone in the industry well occupied for some time to come.
