Regulatory Watch Monday — EU Finance Regulation

Week of March 16, 2026

MiFID II/MiFIR

Commission Delegated Regulation 2026/482 (Feb 27, 2026) amended equity transparency rules:

• New definitions for liquid markets
• Market data must be provided on a "reasonable commercial basis"
• Updated systematic internaliser requirements
• Revised post-trade risk reduction disclosures

Effective dates: - Entered force: March 2, 2026 - Market data provisions: August 23, 2026

ESMA also withdrew its MiFID II/MiFIR guidelines on market data obligations (Feb 23) and launched a consultation on revised suitability assessment requirements (Feb 25).

PSD2 / PSD3 Transition

Key development: EU Advocate General Athanasios Rantos issued an opinion (March 11, 2026) recommending banks immediately refund victims of unauthorized payments—shifting from the current "gross negligence" defense model.

EBA guidance on crypto overlap (ended March 2, 2026): - Crypto-asset service providers (CASPs) handling e-money tokens (EMTs) now need dual authorization: MiCA + PSD2 - Non-compliant firms must cease services or partner with licensed PSPs - France emerging as a hub for dual-authorized issuers

Looking ahead: PSD3/PSR will introduce broader SCA requirements and explicit immediate reimbursement rules—though legislative delays persist.

DORA — Full Enforcement Now in Effect

The DORA grace periods expired in February 2026. Compliance is now mandatory:

• ICT Risk Management: Comprehensive frameworks mapping tech assets to business functions
• Incident Reporting: Early warning within 24 hours, full notification within 72 hours
• Third-Party Oversight: Continuous monitoring with contractual audit rights
• Penetration Testing: Annual threat-led testing required

Accountability shift: Board members and C-suite executives are now personally liable for security posture. Negligence can result in personal liability, multi-million-dollar penalties, and temporary management bans.

Banking Regulation (CRR/CRD)

Basel III finalization (Basel 3.1): - Most provisions effective since January 1, 2025 - Full application targeted: January 1, 2027 - Includes expanded capital, liquidity, and risk requirements - Output floors reaching 72.5%

BRRD/SRM/DGS updates: - Council adopted first reading positions (March 5, 2026) - European Parliament consideration: March 25-26, 2026

EU-UK developments: March 2026 discussions highlighted Basel implementation as priority for financial stability.

Quick Hits

• EU Financial Preparedness Report (March 10, 2026): European Commission published report highlighting improvements through legislative measures and digital euro resilience benefits

Source: Official EU publications, EBA, ESMA, Council of the EU, BIS

Regulatory Watch Monday — delivered weekly