On 21 November 2025, the European Banking Authority (EBA) issued a factsheet on the AI Act and its implications for the EU banking and payments sector.
The factsheet notes that there are not significant contradictions between the EU’s AI Act, which entered into force in August 2024, and EU banking and payments legislation.
On 17 October 2025, the European Securities and Markets Authority (ESMA) updated its Q&As under the Markets in Crypto-Assets Regulation (MiCA) with two new entries (Q&A 2653 and Q&A 2654). The updates provide further clarification on (i) how to distinguish between different execution services, and (ii) the treatment of
On 10 October 2025, the Financial Stability Board (FSB) issued a report that examines how financial authorities can monitor artificial intelligence (AI) adoption and assess related vulnerabilities. The report builds on the FSB’s 2024 report and incorporates findings from a member survey on AI monitoring approaches, interviews with member authorities, publicly
On 9 October 2025, the European Banking Authority (EBA) published a report on tackling money laundering and terrorist financing risks in Cryptoasset services, including what can be learned from recent supervisory cases across the EU and how competent authorities can strengthen their approach to supervision.
Key findings
The report summarises lessons learnt from
On 20 August 2025, Commission Delegated Regulation 2025/885, supplementing the Regulation on markets in crypto-assets 2023/1114 (MiCA) with regard to regulatory technical standards (RTS) on market abuse, was published in the Official Journal of the European Union.
The RTS specify regulations regarding systems and controls, templates for reporting, and co-operation
On 12 August 2025, the European Systemic Risk Board (ESRB) published a report that provides a compliance assessment on sub-recommendation A(1) of the ESRB recommendation of 2 December 2021.
Overview
On 2 December 2021, the General Board of the ESRB adopted Recommendation ESRB/2021/7 (Recommendation) on a pan-European systemic cyber incident coordination
On 16 July 2025, the European Central Bank (ECB) published a guide on outsourcing cloud services to cloud service providers.
The publication of the guide follows an earlier public consultation and the ECB has also published a feedback statement which provides an overview of the comments received and the ECB’s assessment of them.
On 14 May 2025, the European Parliament’s Economic and Monetary Affairs Committee published a draft report on the impact of artificial intelligence (AI) on the financial sector.
The report examines the use and impact of AI in the EU’s financial services sector and the regulatory landscape. The Rapporteur provides policy recommendations to enable
On 15 May 2025, there was published in the Official Journal of the EU a Corrigendum to Commission Delegated Regulation (EU) 2024/1774 of 13 March 2024 supplementing Regulation (EU) 2022/2554 with regard to regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework. The Corrigendum amends
On 29 April 2025, the European Commission adopted a Delegated Regulation supplementing the Regulation on markets in crypto-assets (MiCA) with regard to regulatory technical standards (RTS) specifying the arrangements, systems and procedures to prevent, detect and report market abuse, the templates to be used for reporting suspected market abuse, and the coordination procedures