Key regulations: Technology and AI
Information management and processing
RDA&RR Principles
Scope: Global | Regulator: BCBS | Industry: Finance | Theme: Risks - Reporting | Date of publication: 09/01/2013
It establishes a framework for financial institutions to improve risk management and supervision. It proposes a series of principles that address aspects such as governance, data quality and information systems capacity. The objective is to ensure that organizations can effectively collect, analyze and report risk data, thus contributing to the stability of the financial system.
Click here to access the standard
Data Regulation
Scope: EU | Regulator: European Parliament and Council | Industry: Cross | Theme: Information Management and Processing | Date of publication: 13/12/2023
This Regulation establishes harmonized rules on access to and fair use of data. It aims to remove barriers to data exchange and promote interoperability and fair access to information generated by connected products and related services. It focuses on ensuring that users can access their data and share it with third parties, as well as protecting the rights of data subjects and the confidentiality of trade secrets. The Data Regulation also includes provisions on compensation for data access and establishes a framework for resolving disputes relating to data access and use. The Data Regulation is scheduled to enter into force on September 12, 2025.
Click here to access the standard
Digital Markets Directive (DMA)
Scope: EU | Regulator: Parliament and Council | Industry: Cross | Theme: Information Management and Processing | Date of publication: 14/07/2022
The Digital Markets Act subjects large digital platforms to a regulatory regime that imposes specific obligations, prohibits certain conduct, and imposes a strict penalty regime that is broadly similar to the regime applicable to breaches of competition rules s. It has generally been applicable since May 2, 2023.
Click here to access the standard
Cyber and other technological risks
Digital Operational Resilience Act (DORA) Regulation
Scope: EU | Regulator: European Parliament and Council | Industry: Finance | Theme: Risks - Cyber and other technological risks | Date of publication: 14/12/2022
DORA aims to improve operational resilience and cybersecurity in the financial sector, specifically in relation to Information and Communications Technology (ICT) related risks.
This regulation establishes specific requirements and obligations for ICT risk management, incident reporting, operational resilience testing, the establishment of cyber threat sharing arrangements and the monitoring of financial institutions' supply chain risk.
Click here to access the standard
NIS 2 Directive
Scope: EU | Regulator: European Parliament and Council | Industry: Cross | Theme: Risks - Cyber and other technological risks | Date of publication: 14/12/2022
This regulation extends the scope of the previous Directive 2016/1148 by including a wider number of sectors and types of institutions. It defines specific requirements for critical and relevant institutions, including security, risk management and incident reporting criteria. It also promotes cooperation between Member States and establishes a framework for cybersecurity-related oversight and crisis management, thus contributing to a more effective response to cyber threats.
Click here to access the standard
Information Security Management Systems Certification (ISO/IEC 27001)
Scope: Global | Regulator: ISO | Industry: Cross | Theme: Risks - Cyber and other technological risks | Date of publication: 25/10/2022
This document specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. The requirements are generic and are intended to be applicable to all organizations, regardless of their type, size or nature.
Click here to access the standard
Transaction banking
Payment Services Regulation (PSR)
Scope: EU | Regulator: Parliament and Council | Industry: Finance - Transaction banking | Theme: Payments |Date of publication: 19/03/2024
This Regulation establishes a more robust framework for immediate credit transfers in euro. The Regulation aims to increase the acceptance and efficiency of immediate credit transfers and to promote competition and innovation in the payments market. It introduces specific requirements to ensure the integration of the internal market and allows Member States whose currency is not the euro to apply equivalent rules for their immediate credit transfers. It also lays down measures to protect users and ensure the security of transactions, as well as sanctions for breaches of these new rules.
Click here to access the standard
Payment Services Directive (PSD3)
Scope: EU | Regulator: European Parliament and Council | Industry: Finance - Transaction banking | Theme: Payments | Date of publication: 28/06/2023
This Directive establishes a regulatory framework for payment services in the European Union's internal market. Its main objective is to improve the integration and efficiency of electronic payments while ensuring consumer protection and transaction security. The Directive introduces new categories of Payment Service Providers, such as payment initiation and account information service providers, and establishes transparency requirements and user rights. In addition, it seeks to harmonize conditions of competition between providers and to facilitate access to payment systems, thereby promoting a more competitive and secure single market. It also addresses issues related to risk management and data protection, and ensures that users are informed about their rights and the conditions of payment services.
Click here to access the standard
Financial Data Access Regulation (FIDA)
Scope: EU | Regulator: Parliament and Council | Industry: Finance | Theme: Digital Transaction| Date of publication: 28/06/2023
The proposed European Union regulation on access to financial data (FIDA) establishes a framework for customers to share their financial data with third parties in a secure and controlled manner, promoting innovation in the financial sector. By extending the principles of the PSD2 Directive, this regulation allows access to a wider range of financial data, with the aim of encouraging competition and providing more personalized financial services. It also introduces changes to several financial supervisory regulations to ensure interoperability and data protection, supporting digital transformation in line with EU security and privacy standards.
Click here to access the standard
Crypto-assets Market Regulation (MiCAR)
Scope: EU | Regulator: European Parliament and Council | Industry: Finance - Transaction banking | Theme: Digital currencies| Date of publication: 09/05/2023
The Regulation on Markets in Crypto-assets establishes for the first time an EU-wide framework for the crypto-asset sector. It regulates asset-backed tokens, e-money tokens, nd crypto-assets other than asset-backed tokens.
Click here to access the standard
Payment Services Directive in the internal market (PSD2)
Scope: EU | Regulator: European Parliament and Council | Industry: Finance - Transaction banking | Theme: Payments| Date of publication: 23/12/2015
This Directive aims to modernize the legal framework for payment services in the European Union. The Directive sets out rules to promote competition and innovation in the payments sector, while ensuring a high level of protection for consumers. Key provisions include stricter security requirements for electronic transactions, the creation of a framework for third party access to customer accounts (open banking), and greater transparency on the costs of payment services.
Click here to access the standard
Regulation on the Single Euro Payments Area (SEPA)
Scope: EU | Regulator: European Parliament and Council | Industry: Finance - Transaction banking | Theme: Payments | Date of publication: 14/03/2012
The SEPA initiative covers all EU member states as well as Iceland, Liechtenstein, Norway, Switzerland and Monaco. SEPA, which came into force in 2014, created a single market for retail payments in euro, allowing payment service users to make cashless euro payments to beneficiaries anywhere in the SEPA area, under the same basic conditions, using a single payment account and a single set of payment instruments. In simple terms, anyone who holds a payment account with a bank or other payment service provider (PSP) in one of the SEPA countries will be able to send euro-denominated payments to, and receive euro-denominated payments from, accounts in any other SEPA country, regardless of where in SEPA they are located.
Click here to access the standard
Artificial Intelligence
Principles for Artificial Intelligence
Scope: Global | Regulator: OECD | Industry: Cross | Theme: Artificial Intelligence | Publication date: 03/05/2024
This Framework focuses on two pillars. On the one hand, it outlines a set of principles for the responsible management of reliable AI: (i) inclusive growth, sustainable development and well-being; (ii) human-centered values and equity; (iii) transparency and explainability; (iv) robustness, safety and security; and (v) accountability. It also makes recommendations for integrating AI into national policies and encourages international cooperation among governments for safe AI.
Click here to access the standard
The use of AI and ML by market intermediaries and asset managers
Scope: Global | Regulator: IOSCO: Industry | Finance - Asset Management | Theme: Artificial Intelligence |Date of publication: 01/09/2021
The proposed guidance is intended to assist members in regulating and supervising the use of AI and money laundering by market intermediaries and asset managers. It also describes how regulators are addressing the challenges posed by AI and money laundering and the guidance issued by supranational bodies in this area.
Click here to access the standard
Artificial Intelligence Regulation (AI Act)
Scope: EU | Regulator: European Parliament and Council | Industry: Cross | Theme: Artificial Intelligence | Date of publication: 13/06/2024
This Regulation establishes a harmonized regulatory framework for Artificial Intelligence in the European Union. It classifies AI systems according to their level of risk: unacceptable, high, limited or minimal, and imposes different requirements depending on the risk involved. It prohibits uses such as social scoring and establishes specific measures for high-risk systems, such as human supervision and data quality. The Regulation seeks to ensure security and protect fundamental rights in the adoption of AI in the EU.