On 9 January 2026, the European Securities and Markets Authority (ESMA) issued non-binding principles for risk-based supervision which are intended to support a common and effective EU-wide supervisory culture and strengthen the EU Single Market.
The principles apply to Member State competent authorities and ESMA when carrying out direct supervision. They are intended to apply to all mandates (markets, entities and products) under an authority’s remit and focus on the supervision of those mandates. The main concepts and processes covered concern:
- Definition and understanding of risk-based supervision.
- Risk identification.
- Risk assessment.
- Risk prioritisation and treatment.
ESMA states that the principles do not constitute a one-size-fits-all common model nor a fully-fledged manual on risk-based supervision. Rather, they are intended to complement pre-existing frameworks, providing elements that promote the effective and consistent application of supervisory capabilities, building on collective practices across the EU. When following the guidance from these principles, Member State competent authorities are expected to use their supervisory judgment, and to consider the specific risks and characteristics of their national market and the entities (including products offered) under their supervision.