When regulatory changes are a moving target, it can be difficult for financial services companies to keep up. In 2025, several key regulatory updates across Europe will demand attention, from changes to MiFID II and PSD3 to new directives on anti-money laundering (AML) and artificial intelligence (AI). These shifts vary in scope by country, but all require companies to adapt to ensure compliance.
While many of these updates are an inconvenience and require organizations to implement new processes and workflows, they will ultimately improve transparency, security, innovation, and enhance the end user experience. Financial services companies that stay ahead of the curve will be better positioned to meet these challenges.
For deeper insights, FinovateEurope, which is taking place in London on February 25 and 26 (register today and save!), will host a diverse group of experts who will explore the region’s regulatory shifts in detail, offering valuable guidance on how firms can best prepare for 2025. Below, we’ve highlighted some of the most important changes that are likely to impact financial services organizations this year.
ESG compliance
The Sustainable Finance Disclosure Regulation (SFDR), which was introduced in 2021, required firms to complete more detailed and standardized reporting on sustainability practices. As a result, many needed to invest in systems to track and report ESG metrics more accurately and transparently. In 2025, the European Commission and European Supervisory Authorities (ESAs) is expected to update the legislation to improve definitions, simplify disclosures, add more mandatory disclosures, and more.
Additionally, in 2025, the Corporate Sustainability Reporting Directive (CSRD) is expected to see a significant expansion to its scope. More companies will be required to report under the CSRD, firms will be required to disclose detailed information about their sustainability impacts, the reporting measure will need to be fully integrated into a company’s business strategy and decision-making processes, and more.
While these shifts may be challenging, many organizations will likely benefit from improving their ESG transparency because it will help attract investors who prioritize sustainability and may improve their firm’s reputation.
Digital Operational Resilience Act (DORA)
The Digital Operational Resilience Act (DORA) went into effect in January of 2023 and began to require compliance last month. DORA aims to enhance the IT security of financial services companies including banks, insurance companies, and investment firms. The regulation requires firms to regularly test their systems, create contingency plans, and ensure that their third-party providers are also in compliance with security standards. The three European Supervisory Authorities– the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA) and the European Securities and Markets Authority (ESMA)– anticipate that DORA will reduce the risk of systemic disruptions and improve financial stability.
EU AI Act
Established in 2024, the European AI Office is implementing the EU AI Act to create regulatory framework for artificial intelligence in Europe. Ultimately, the regulation seeks to ensure that AI applications are transparent, accountable, and ethical. The first requirements under the EU AI Act went into effect earlier this month to ban the use of AI systems that involve prohibited AI practices. There are eight categories of prohibited practices, as law firm DLA Piper details in the graphic below.
European Data Governance Act (DGA)
The European Data Governance Act is designed to enhance consumer trust in voluntary data sharing to help businesses innovate and grow. The act establishes a framework for data sharing and sets standards for data altruism and data intermediaries.
In 2025, the primary update to the EU DGA is the upcoming enforcement of the Data Act, which will impact how businesses manage and share data and their personal information, by specifying data access and usage. The new legislation will take effect in September of 2025.
AML compliance
Anti-money laundering (AML) regulations are set to become even stricter with the introduction of new directives in 2025. Specifically, the EU AML Package, which is launching this year, establishes a new supervisory authority called the Anti-Money Laundering Authority (AMLA). Based in Frankfurt, the AMLA will implement stricter compliance measures for financial institutions, especially high-risk firms, to help combat money laundering and terrorist financing across the EU.
While complying with the AML regulations will require firms to rework their existing strategy and perhaps create new systems, it will help reduce financial crimes, protect firms from reputational damage, and reduce regulatory penalties.
Payment Services Directive 3
Payment Services Directive 3 (PSD3) is the third iteration of the EU’s Payment Services Directive. Changes to the directive coming in 2025 are expected to further enhance open banking capabilities and offer third-party providers greater access to consumer financial data while improving security and user consent mechanisms. The new iteration will also further protect consumers by providing clearer guidelines on payment methods, transaction rules, and dispute resolution processes. The updated standards are expected to increase the speed, transparency, and security of payments, while providing customers with a more seamless and trustworthy payment experience.
Crypto regulation and the MiCA framework
2025 will bring the full implementation of the Markets in Crypto-Assets (MiCA) framework, which will introduce regulation for cryptocurrencies and digital assets across the European Union. Financial services companies that engage with crypto will need to comply with new licensing and operational requirements.
Originally drafted and proposed by the European Commission in September 2020, MiCA aims to provide clarity for businesses and investors by establishing clear rules around the trading, issuing, and holding of crypto assets. This transparency is expected to provide stability and foster trust in the crypto market.
Anti-Tax Avoidance Directive (ATAD III)
The Anti-Tax Avoidance Directive (ATAD III), which aims to reduce tax avoidance by implementing stricter rules to combat aggressive tax planning and ensure that companies pay taxes, is slated to go into effect in 2025. The new directive requires financial services companies to adjust to their tax structures and increase their scrutiny of cross-border transactions. Ultimately, ATAD III should help promote fairness in the EU’s tax system by addressing loopholes used for tax avoidance.