What are the most important EU financial regulation deadlines in 2026?

The major EU financial regulation deadlines in 2026 are: 16 April — AIFMD II national transposition deadline (liquidity management tools, loan origination, delegation rules); 1 July — MiCAR CASP transitional period expires (all crypto-asset service providers must hold full MiCAR authorisation); 2 July — ESG Ratings Regulation applies; 10 July — AML Package applies (new EU AML Authority, harmonised AML rules); 2 August — EU AI Act high-risk AI obligations apply (credit scoring, AML screening, insurance pricing); and Q4 2026 — CSRD third wave (large listed SMEs). Missing any of these deadlines can result in supervisory action, fines, or operational shutdown.

Has the DORA compliance deadline already passed?

Yes. DORA (Digital Operational Resilience Act) applied from 17 January 2025. All in-scope financial entities — credit institutions, investment firms, insurance undertakings, CASPs, AIFMs, and others — were required to comply from that date. Key obligations already in force include ICT risk management frameworks, incident classification and reporting, third-party register maintenance, and DORA-aligned contractual requirements for ICT providers. The first ICT third-party register submission reference date was 31 March 2025.

When must fund managers comply with AIFMD II?

Fund managers must comply with AIFMD II requirements from 16 April 2026 — the deadline for national transposition. In practice, AIFMs should be operationally ready before this date. The most time-sensitive requirements are the liquidity management tool (LMT) framework for all open-ended AIFs, which requires policy updates, board approvals, and prospectus amendments. Loan origination AIFs face concentration limits and risk retention rules. The partial depositary passport will only be available once both the AIF's home state and the depositary's home state have transposed the directive.

EU Financial Regulation Compliance Calendar 2026: Every Deadline Your Team Must Know

The EU's regulatory calendar for 2026 is one of the most demanding in years. Four major frameworks reach critical implementation milestones — AIFMD II, MiCAR, the AML Package, and the AI Act — while DORA enforcement moves from paper compliance to active supervisory testing. Understanding the exact deadlines and what they require of your organisation is not optional: missed deadlines carry authorisation risk, marketing restrictions, and direct supervisory action.

This compliance calendar covers every significant EU financial regulation deadline in 2026, with the applicable scope, obligations that crystallise at each date, and what you should already have in place.

Why 2026 Is Particularly Demanding

Most EU regulatory cycles produce one or two major compliance events per year. 2026 is an exception. Several regulations that entered into force or began applying in 2023–2025 now hit their most operationally significant milestones — authorisation deadlines, transposition dates, and enforcement escalations — simultaneously:

AIFMD II national law transposition: 16 April 2026
MiCAR transitional period ends (CASP authorisation or cessation): 1 July 2026
AML Package (AMLAR + AMLD6) full application: 10 July 2026
ESG Ratings Regulation applicability: 1 July 2026
AI Act high-risk AI system obligations: 2 August 2026

Simultaneously, DORA has moved from the implementation grace period (it applied from 17 January 2025) into active supervisory use — the first full year in which EU supervisors are running ICT risk inspections, testing incident reporting, and assessing third-party risk frameworks in practice. Firms that treated January 2025 as a "start now" date rather than a compliance date are running out of runway.

Q1 2026: DORA Enforcement Accelerates

DORA — ICT Risk Framework (Applied: 17 January 2025)

Although the Digital Operational Resilience Act (Regulation (EU) 2022/2554) entered into application on 17 January 2025, 2026 is the first year of active supervisory engagement. The European Supervisory Authorities (EBA, EIOPA, ESMA) published their supervisory priorities for 2026, explicitly identifying DORA implementation as a key focus. The Joint Examination Team (JET) framework for Critical ICT Third-Party Providers (CTPPs) begins active oversight during 2026.

What must be in place (now):

ICT risk management framework — documented policies for identification, protection, detection, response, and recovery, aligned with the DORA RTS on ICT risk management tools, methods, processes, and policies (Commission Delegated Regulation (EU) 2024/1774)
Incident classification and reporting — operational processes to classify ICT-related incidents against the thresholds in Commission Delegated Regulation (EU) 2024/1772, and to report major ICT incidents to competent authorities within prescribed timelines (initial notification within 4 hours; intermediate report within 72 hours; final report within one month). See our DORA incident reporting timeline and incident classification guide.
Digital operational resilience testing — basic testing for all in-scope entities; Threat-Led Penetration Testing (TLPT) for significant entities (at least every 3 years)
ICT third-party risk management — a register of information on all ICT third-party service providers (CTPPs and others), maintained in standardised format for supervisory access; key contractual provisions in agreements with ICT providers covering security standards, audit rights, exit and termination clauses. See our ICT register guide.

Who is in scope: Credit institutions, payment institutions, e-money institutions, investment firms, crypto-asset service providers (under MiCAR), AIFMs, UCITS management companies, insurance and reinsurance undertakings, insurance intermediaries, IORP pension funds, trade repositories, CCPs, CSDs, data reporting service providers, crowdfunding service providers, credit rating agencies, securitisation repositories, and ICT third-party service providers designated as critical.

For a deep dive into DORA's relationship with other cybersecurity frameworks, see our DORA vs NIS2 comparison.

EMIR 3 — Clearing Obligation Changes

The EMIR 3 reforms (Regulation (EU) 2024/2987) began phased application from late 2024 through 2026. Key 2026 milestones include the application of revised clearing thresholds and the continued implementation of active account requirements for systemically important counterparties. ESAs are publishing RTS and ITS under EMIR 3 on a rolling basis through 2026.

Who is in scope: Financial counterparties, non-financial counterparties above clearing thresholds, CCPs, and trade repositories.

Need cited answers on EU financial regulation?

Try free analysis

Q2 2026: AIFMD II — The Fund Manager Transformation

AIFMD II — Transposition Deadline: 16 April 2026

The revised Alternative Investment Fund Managers Directive (Directive (EU) 2024/927, "AIFMD II") must be transposed into the national law of all EU Member States by 16 April 2026. This is the most immediately pressing deadline on the 2026 calendar for fund managers, depositaries, and fund administrators.

AIFMD II is not a minor update. It fundamentally restructures several key aspects of the AIFMD regime and introduces an entirely new framework for loan origination funds.

Key changes that take effect from 16 April 2026:

1. Loan origination funds — new dedicated regime

AIFMD II introduces a dedicated framework (new Articles 15a–15l of AIFMD) for AIFs that originate loans. Loan origination AIFs are subject to:

Mandatory retention requirement: the AIFM or the AIF must retain a net economic interest of not less than 5% of the nominal value of each originated loan sold or transferred
Portfolio concentration limit for closed-ended loan origination AIFs: the AIF may not lend more than 20% of its capital to a single borrower that is a financial undertaking, an AIF, or a UCITS
Leverage limits for open-ended loan origination AIFs: total leverage must not exceed 175% of net asset value; for closed-ended loan origination AIFs, no numerical cap applies, but leverage must be disclosed

2. Liquidity management tools (LMTs)

AIFMD II mandates that all EU AIFMs managing open-ended AIFs must have at least two liquidity management tools from a defined menu (Annex V to AIFMD II) available in their fund constitutional documents. The selection must cover at least one from the "activation tools" category (e.g., redemption gates, suspension of redemptions, notice periods) and one from the "quantitative tools" category (e.g., swing pricing, redemption fees, anti-dilution levies). Depositors and side pockets are also recognised. For the full selection methodology and operational parameters, see our AIFMD II Liquidity Management Tools guide.

3. Delegation arrangements — enhanced substance requirements

AIFMD II imposes new requirements on AIFMs that delegate portfolio management or risk management functions. Delegation arrangements must be reviewed and, where necessary, updated to reflect:

Mandatory disclosure in the fund prospectus/PPM of the list of delegated functions, the identity of all sub-delegates, and the measures taken to manage conflicts of interest
Supervisory reporting: the revised Annex IV template includes new fields for delegation arrangements, including delegation to entities in third countries
Competent authorities gain new powers to object to delegation arrangements where substance requirements are not met

4. Depositary regime — conditional cross-border passporting

AIFMD II introduces limited depositary passporting for EU jurisdictions that lack a sufficient domestic depositary market. This applies on a case-by-case basis, subject to ESMA approval and National Competent Authority consent. The full depositary passport (initially proposed by the Commission) was not included in the final text.

5. New disclosure requirements

AIFMs must update pre-investment and periodic disclosures to cover:

Information on the sustainability-related aspects of the AIF's investment strategy (where applicable)
Costs that are charged to the AIF and information on how AIFMs ensure fair treatment of investors

Practical action:

Most Member States should have published their national transposition acts. Verify that your jurisdiction's transposition is in force. Update fund documentation (constitutional documents, investment management agreements, PPMs) to reflect AIFMD II requirements. Reconfigure Annex IV reporting templates to include new data fields. For loan origination AIFs, verify retention structure and leverage compliance.

For full transposition status by jurisdiction, see our AIFMD II transposition tracker.

Q3 2026: Crypto, AML, and ESG Ratings

MiCAR — CASP Authorisation Deadline: 1 July 2026

This is the most operationally critical deadline for crypto-asset service providers.

Under the Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114), crypto-asset service providers (CASPs) that were operating under national law exemptions or transitional arrangements must obtain MiCAR authorisation from their National Competent Authority (NCA) by 1 July 2026, or cease providing crypto-asset services.

Article 143(3) of MiCAR provides the transitional regime: entities that were providing crypto-asset services in accordance with applicable national law before 30 December 2024 may continue to do so until 1 July 2026 (or such earlier date as the Member State specifies under Article 143(1)). After 1 July 2026, no transitional protection remains.

Key MiCAR authorisation requirements (Article 63):

Legal entity established in the EU (relevant entity-type: investment firm, credit institution, CCP, CSD, UCITS management company, AIFM, or a newly licensed entity)
Minimum capital: ranging from €50,000 (custody, reception/transmission) to €150,000 (exchange, portfolio management, advice, underwriting) depending on services provided
Programme of operations, business plan, and governance documentation
Fit and proper assessment of management body and qualifying shareholders
Prudential safeguards: own funds, professional indemnity insurance, or a combination
ICT risk management policies aligned with DORA
Conflicts of interest policy, complaints handling, business continuity plan

National deadlines may be earlier: Several Member States (including France and The Netherlands) implemented MiCAR early or set earlier transitional deadlines. Check your NCA's published guidance.

Scope of MiCAR CASP services (Article 3(1)(16)):

Custody and administration of crypto-assets; operation of a trading platform; exchange of crypto-assets for funds or other crypto-assets; execution of orders; placing of crypto-assets; reception and transmission of orders; providing advice; providing transfer services.

See our MiCAR CASP compliance checklist for full Article 63 requirements and application timelines, our MiCAR whitepaper requirements guide, and our MiCAR vs MiFID II comparison.

ESG Ratings Regulation — Application Date: 2 July 2026

Regulation (EU) 2024/3005 on the transparency and integrity of environmental, social and governance (ESG) rating activities becomes applicable from 2 July 2026.

From this date, ESG rating providers operating in the EU must be authorised by ESMA or, if from a third country, use the endorsement, recognition, or equivalence mechanisms. Investment firms, banks, and institutional investors that use ESG ratings in investment decisions or disclosures must verify that their ESG data providers are compliant.

Impact on financial market participants:

Verify that ESG data providers used in SFDR-related disclosures, MiFID II sustainability preference assessments, or internal investment processes are authorised or compliant under the Regulation
Contracts with ESG rating providers may need to be renegotiated to include new transparency requirements

AML Package — Full Application: 10 July 2026

The EU's sixth Anti-Money Laundering Directive (AMLD6, Directive (EU) 2024/1640) and the directly applicable Anti-Money Laundering Regulation (AMLAR, Regulation (EU) 2024/1624) enter full application on 10 July 2026.

The new AML framework significantly modernises EU AML/CFT requirements. Key changes affecting financial institutions:

Directly applicable AML Regulation (AMLAR):

Uniform due diligence requirements across all Member States — no more national implementation variations
New risk-based beneficial ownership verification standards
Enhanced requirements for politically exposed persons (PEPs)
New rules on high-value asset dealers (including crypto-asset service providers under MiCAR, which are obliged entities under AMLAR)
Mandatory use of the EU AML/CFT Data Space for information sharing between obliged entities and FIUs (phased)

AMLD6 — new supervisory architecture:

Establishment of the EU Anti-Money Laundering Authority (AMLA), headquartered in Frankfurt, with direct supervisory powers over high-risk obliged entities and coordination powers over national FIUs
Enhanced powers for financial intelligence units
New whistleblowing protections for AML compliance officers

Who is in scope: Credit institutions, financial institutions, payment institutions, crypto-asset service providers, investment firms, insurance companies, auditors, notaries, tax advisers, real estate agents, and dealers in high-value goods.

Q4 2026: AI Act High-Risk Obligations

AI Act — High-Risk AI System Requirements: 2 August 2026

The EU Artificial Intelligence Act (Regulation (EU) 2024/1689) enters its most significant phase for financial services firms on 2 August 2026, when the obligations for providers and deployers of high-risk AI systems become applicable.

Financial services applications classified as high-risk under Annex III of the AI Act include:

Credit scoring systems — AI systems used to assess the creditworthiness of natural persons or to evaluate credit risk
Life and health insurance pricing and underwriting systems — AI used to determine eligibility, coverage, or pricing
AML/CFT transaction monitoring systems — AI used to detect suspicious transactions or terrorist financing activities

Obligations for providers of high-risk AI systems (Article 16):

Conformity assessment before placing the system on the market: verify compliance with the requirements in Chapter III, Section 2 (risk management, data governance, transparency, human oversight, robustness and accuracy)
Technical documentation (Annex IV): maintain comprehensive technical documentation covering the system's intended purpose, design, validation, and monitoring
CE marking and EU Declaration of Conformity: conformity assessment, registration in the EU AI database
Post-market monitoring: continuous monitoring of system performance in production

Obligations for deployers of high-risk AI systems (Article 26):

Use high-risk AI systems in accordance with the provider's instructions of use
Implement human oversight measures — designate natural persons responsible for human oversight
Where required, conduct a fundamental rights impact assessment before deploying the system
Monitor operation of the AI system and report serious incidents or malfunctions to the provider and, if applicable, to competent authorities

Practical steps for financial institutions:

Maintain an inventory of all AI systems in use — classify each against Annex III
For each high-risk system: request technical documentation and EU Declaration of Conformity from vendors
Designate AI system deployer responsibilities (Article 26) — governance structures must be in place by 2 August 2026
Assess whether your credit scoring, AML screening, or underwriting AI meets the data governance requirements (Article 10) — training data must be representative, free from errors and complete, with appropriate data governance processes

For a complete analysis, see our EU AI Act financial services guide.

2026–2027: Forward-Looking Milestones

CRR III / CRD VI — Basel III Final Rules Phasing In (2025–2032)

CRR III (Regulation (EU) 2024/1623) applies from 1 January 2025. Several provisions are subject to phase-in schedules running through 2032:

Output floor: 50% in 2025, scaling to 72.5% by 1 January 2030
Revised credit risk standardised approach (CRSA): applied from January 2025 — revised risk weights for real estate, infrastructure, SME exposures
FRTB (Fundamental Review of the Trading Book): application postponed to 1 January 2027 (Commission Delegated Act adopted June 2025)
CRD VI (Directive (EU) 2024/1619): Member States must transpose and apply from 11 January 2026 — new fit and proper requirements, enhanced ESG risk management for credit institutions

See our CRR III / CRD VI guide for detailed analysis.

SFDR 2.0 — Legislative Proposal Published, Application 2028+

The European Commission published its proposal to revise SFDR (Commission Proposal, November 2025) as part of the Savings and Investments Union package. The proposal simplifies disclosures, reduces compliance burden, and addresses greenwashing risks associated with the informal use of Article 8 and Article 9 as product labels.

The legislative process (Council and Parliament negotiations, co-decision procedure) will continue through 2026 and into 2027. SFDR 2.0 is not expected to enter into application before 2028. The current SFDR framework — including Article 8 and Article 9 classification, RTS templates, and PAI disclosure requirements — remains fully in force.

See our SFDR Article 8 vs Article 9 guide for a detailed analysis of current obligations and our SFDR 2.0 review guide for what's changing.

Solvency II Amendments — Application: 30 January 2027

Directive (EU) 2025/2 amending Solvency II (the long-term guarantee review) must be transposed by Member States before the 30 January 2027 application date. Key changes include recalibrated capital requirements for long-term equity investments, enhanced proportionality for smaller insurers, and updated sustainability requirements.

Complete Deadline Reference Table

Date	Regulation	Milestone	Who Is Affected
Jan 2026 (ongoing)	DORA	Active supervisory inspections; JET oversight of CTPPs	All DORA in-scope entities
Jan 2026 (ongoing)	CRR III	Output floor 50%; revised CRSA applied	Credit institutions, investment firms
11 Jan 2026	CRD VI	Transposition and application date	Credit institutions, Member States
16 Apr 2026	AIFMD II	National transposition deadline; new AIFM obligations take effect	AIFMs, depositaries, fund administrators
1 Jul 2026	MiCAR	Transitional period ends; CASP authorisation required	All crypto-asset service providers
2 Jul 2026	ESG Ratings Regulation	ESG rating providers must be authorised	ESG rating providers; investment firms using ESG ratings
10 Jul 2026	AML Package (AMLAR + AMLD6)	AMLAR directly applicable; AMLD6 fully transposed	All AML obliged entities
2 Aug 2026	AI Act	High-risk AI system obligations apply	AI providers and deployers in financial services
Late 2026	SFDR 2.0	Expected legislative proposal, no application yet	All financial market participants
1 Jan 2027	CRR III / FRTB	FRTB market risk provisions apply	Credit institutions with significant trading books
30 Jan 2027	Solvency II (amended)	Revised framework applies	Insurance and reinsurance undertakings

How financialregulations.eu Can Help

Our platform gives you instant, source-backed answers on every regulation in this calendar — AIFMD II, MiCAR, DORA, the AML Package, the AI Act, CRR III, ESG Ratings Regulation, and SFDR. You can:

Ask specific questions: What are the exact capital requirements for a MiCAR-authorised CASP providing custody services? Which AIFMD II Annex IV fields changed for delegation disclosures? What does the AI Act require for a credit scoring system deployed by a bank?
Review documents: Upload your AIFMD II compliance gap assessment, MiCAR authorisation application draft, or DORA ICT policy and get it analysed against the regulatory text
Cross-reference: Understand how regulations interact — DORA + MiCAR, AIFMD II + SFDR, AI Act + CRR III model risk

Start with 5 free queries — no credit card required

Frequently Asked Questions

What is the single most urgent deadline for fund managers in 2026?

The AIFMD II transposition deadline of 16 April 2026 is the most immediately pressing for alternative fund managers. From this date, Member States' national implementing legislation takes effect, and AIFMs must comply with the new AIFMD II requirements, including the loan origination fund regime, updated liquidity management tool requirements, enhanced delegation disclosures, and revised Annex IV reporting. Fund documentation must be updated before 16 April 2026.

Does MiCAR's 1 July 2026 deadline apply to all crypto entities operating in the EU?

It applies to entities that have been relying on national transitional provisions to continue providing crypto-asset services without a MiCAR authorisation. Some Member States set earlier deadlines — for example, entities in France operating under the PSAN regime or in the Netherlands under DNB registration faced earlier cut-offs. The 1 July 2026 date is the EU-wide backstop. Entities that have not submitted a complete application to their NCA well in advance of this date face material authorisation risk.

Is my firm in scope for DORA if we are an AIFM?

Yes. AIFMs authorised under AIFMD are explicitly listed in Article 2(1)(b) of DORA as in-scope financial entities. DORA applies to all ICT risk management, incident reporting, resilience testing, and third-party risk management activities of the AIFM. ICT vendors providing material ICT services to the AIFM are also subject to DORA's third-party risk requirements, regardless of where the vendor is located.

What AI systems used in financial services are considered high-risk under the AI Act?

Annex III, point 5(b) of the AI Act identifies AI systems used for evaluating the creditworthiness of natural persons or their credit score as high-risk. Annex III, point 5(f) covers AI systems used in life and health insurance. ESMA has published guidance indicating that AI systems used for transaction monitoring (AML/CFT) and certain algorithmic trading systems may also fall within scope depending on their specific use. Firms should map all AI systems against Annex III and seek legal advice where classification is uncertain.

When will SFDR 2.0 replace the current Article 8/Article 9 framework?

Not before 2028. The European Commission published its legislative proposal in November 2025. Co-decision between the Council and the European Parliament, followed by adoption and a transition period, means the earliest realistic application date is 2028. The current SFDR framework, including all Level 2 RTS disclosure templates, remains fully applicable in the interim. Firms should not delay current SFDR compliance on the expectation of forthcoming changes.

Does CRR III require immediate changes to risk models?

CRR III has applied since 1 January 2025. Banks should have already transitioned to the revised CRSA for credit risk and updated their capital calculations accordingly. The output floor at 50% applies in 2025, with a phase-in to 72.5% by 2030. The FRTB provisions for market risk (Fundamental Review of the Trading Book) were postponed to 1 January 2027 by Commission Delegated Act in June 2025, giving banks with significant trading books additional time to implement internal model approaches.