EU Financial Regulation Glossary

The four-tier risk framework established by the EU AI Act to regulate AI systems proportionately. The tiers are: (1) Unacceptable risk — AI practices that are prohibited outright, including social scoring and certain uses of real-time biometric identification (Article 5, applicable from 2 February 2025); (2) High risk — AI systems in safety-critical or fundamental-rights-impacting domains listed in Annex I and Annex III, subject to conformity assessment and extensive compliance obligations (Articles 6-49, applicable from 2 August 2026); (3) Limited risk — AI systems with transparency obligations, such as chatbots that must disclose their AI nature (Article 50, applicable from 2 August 2025); (4) Minimal risk — all other AI systems, which are unregulated but may follow voluntary codes of conduct.

A legal person whose regular business is managing one or more alternative investment funds (AIFs), including hedge funds, private equity funds, real estate funds, infrastructure funds, and loan origination funds. AIFMs above the registration threshold must be authorised under the AIFMD (2011/61/EU), as amended by AIFMD II (2024/927). Authorisation grants access to the EU marketing passport for professional investors. AIFMs below EUR 100 million (or EUR 500 million for unleveraged closed-ended funds) may register rather than seek full authorisation.

A new EU supervisory authority established by Regulation (EU) 2024/1620 as part of the 2024 AML Package. AMLA will assume direct supervisory responsibility for the highest-risk obliged entities operating cross-border — including certain credit institutions, fund managers, and crypto-asset service providers — by 2028. It will also coordinate and support national AML/CFT supervisors across the EU, ensuring convergent application of the AML Regulation (AMLR) and the sixth Anti-Money Laundering Directive (AMLD6). AMLA is headquartered in Frankfurt and began operations in 2025.

A type of crypto-asset that is not an electronic money token and that purports to maintain a stable value by referencing another value or right or a combination thereof, including one or more official currencies. ARTs are subject to specific authorisation, reserve asset, and redemption requirements under Title III of MiCAR.

Directive (EU) 2022/2464, which significantly expands the scope and depth of mandatory sustainability reporting for large companies and listed SMEs in the EU. CSRD replaces the Non-Financial Reporting Directive (NFRD) and requires in-scope entities to report according to the European Sustainability Reporting Standards (ESRS), covering environmental, social, and governance (ESG) topics with double materiality (impact materiality and financial materiality). CSRD reporting is subject to mandatory limited assurance. The first reports under CSRD apply to large EU public-interest entities from financial year 2024.

A legal person or undertaking whose occupation or business is the provision of one or more crypto-asset services to clients on a professional basis, and that is authorised to provide crypto-asset services under MiCAR.

A principle requiring that an economic activity making a substantial contribution to one environmental objective does not significantly harm any of the other environmental objectives defined in the Taxonomy Regulation. DNSH criteria are also referenced in SFDR for sustainable investment assessments.

A type of crypto-asset that purports to maintain a stable value by referencing the value of one official currency. EMTs are regulated under both MiCAR (Title IV) and the E-Money Directive (EMD2), and may only be issued by credit institutions or authorised electronic money institutions.

Regulation (EU) 2024/1689, the world's first comprehensive legal framework for artificial intelligence. The AI Act establishes a risk-based classification system: prohibited AI practices (Article 5), high-risk AI systems subject to extensive obligations (Articles 6-49), limited-risk AI with transparency requirements (Article 50), and minimal-risk AI that is unregulated. For financial services, AI systems used in credit scoring, insurance pricing, and certain other decisions affecting natural persons are classified as high-risk under Annex III. High-risk obligations — including risk management, data governance, transparency, human oversight, and conformity assessment — apply from 2 August 2026.

Regulation (EU) 648/2012 governing OTC derivatives, central counterparties (CCPs), and trade repositories. EMIR imposes three primary obligations on counterparties dealing in OTC derivatives: mandatory clearing of standardised contracts through authorised CCPs, mandatory reporting of all derivative contracts to registered trade repositories, and risk mitigation techniques for non-cleared contracts (including margin requirements, portfolio reconciliation, and dispute resolution). EMIR REFIT (Regulation (EU) 2019/834) introduced proportional exemptions for small financial counterparties and non-financial counterparties below clearing thresholds.

An AI system classified as high-risk under the EU AI Act because it falls within one of the use cases listed in Annex III or is a safety component of a product covered by Annex I. High-risk AI systems must comply with requirements on risk management (Article 9), data governance (Article 10), technical documentation (Article 11), record-keeping (Article 12), transparency (Article 13), human oversight (Article 14), and accuracy, robustness, and cybersecurity (Article 15). In financial services, high-risk AI systems include those used for creditworthiness assessment and credit scoring (Annex III point 5(b)) and insurance risk assessment and pricing for life and health insurance (Annex III point 5(a)). Fraud detection AI is explicitly excluded from the high-risk classification.

An undertaking providing ICT services to financial entities. Under DORA, financial entities must manage ICT third-party risk through contractual arrangements that include specific provisions on data access, audit rights, exit strategies, and subcontracting. Critical ICT TPPs are subject to the EU oversight framework.

A binding act adopted by the European Commission on the basis of a draft submitted by a European Supervisory Authority (EBA, ESMA, or EIOPA). ITS specify uniform conditions for the application of EU legislative acts — typically prescribing formats, templates, and procedures — and are binding across all Member States. Unlike RTS (which are delegated acts under Article 290 TFEU), ITS are implementing acts under Article 291 TFEU and do not change substantive policy.

An institution which operates on a funded basis and is established separately from any sponsoring undertaking or trade for the purpose of providing retirement benefits in the context of an occupational activity. Governed by the IORP II Directive with cross-border portability and governance requirements.

Mechanisms available to AIFMs and UCITS management companies to manage redemption pressure and protect remaining investors during periods of market stress. AIFMD II requires managers to select at least two LMTs from a prescribed list (e.g., redemption gates, notice periods, swing pricing, anti-dilution levies).

The transitional arrangement under Article 143 of MiCAR (Regulation (EU) 2023/1114) that allows crypto-asset service providers already operating under national law before 30 December 2024 to continue providing services for a maximum of 18 months — until 1 July 2026 — while they apply for MiCAR authorisation. The exact duration may vary by Member State, as national legislators may set shorter transitional periods. After the transition period expires, entities must hold a MiCAR CASP authorisation or fall within an exemption (e.g., credit institutions, MiFID investment firms) to provide crypto-asset services in the EU.

The national authority designated by each EU Member State to supervise financial entities and enforce EU financial regulation. Key NCAs in the EU's major financial centres include the AFM and DNB (Netherlands), BaFin (Germany), CSSF (Luxembourg), CBI (Ireland), and AMF and ACPR (France). NCAs are the primary point of contact for authorisation applications, supervisory reporting, and enforcement proceedings. For certain institutions, the ECB acts as a supplementary or primary supervisor alongside the NCA.

A category of financial product subject to mandatory pre-contractual disclosure under the PRIIPs Regulation (Regulation (EU) 1286/2014). PRIIPs include investment funds (other than UCITS), structured deposits, structured products, and certain insurance-based investment products. Manufacturers and sellers of PRIIPs must produce a standardised Key Information Document (KID) of maximum three pages, covering product nature, risk/reward profile, costs, and performance scenarios. UCITS are exempt until their existing KIID regime is replaced. The EU Retail Investment Strategy (political agreement reached in 2025) will introduce a 'Product at a glance' dashboard and ESG section.

The most significant negative effects that investment decisions or financial advice have on sustainability factors relating to environmental, social, and employee matters, respect for human rights, anti-corruption, and anti-bribery matters. Financial market participants must disclose PAI statements under SFDR Article 4.

A delegated act adopted by the European Commission on the basis of a draft prepared by a European Supervisory Authority (EBA, ESMA, or EIOPA). RTS specify the conditions for the application of EU legislative acts and are binding in their entirety across all Member States. They sit in Level 2 of the EU regulatory framework.

A framework for testing the cyber resilience of financial entities by simulating the tactics, techniques, and procedures of real threat actors. Under DORA, significant financial entities must carry out TLPT at least every three years, using external testers and following the TIBER-EU framework.

A category of open-ended collective investment scheme authorised under the UCITS Directive (2009/65/EC) that may be marketed to retail investors across the EU using a single passportable authorisation. UCITS must invest primarily in transferable securities and money market instruments, comply with product diversification rules (the 5/10/40 rule), and produce a Key Investor Information Document (KIID). They are the dominant structure for retail investment funds in the EU, with assets exceeding EUR 12 trillion.