Regulatory Update: key focus areas Q4 2025

In this video, expert Danielle personally guides you through the key highlights of the latest regulatory developments. This video is currently only available in Dutch.

Review

Which legislation and regulations have recently entered into force? 

• On 8 July 2025, the new RTS on penetration testing entered into force.

Delegated Regulation (EU) 2025/1190 introduces technical standards for threat-led penetration testing (TLPT) within the scope of the European DORA framework. These rules set out how financial institutions, including banks, payment institutions, and asset managers, must periodically test their digital resilience. 

• On 15 July 2025, DNB published its new guide on managing climate and environmental risks. This guide provides practical guidance on managing these risks for insurers, pension funds, investment firms and institutions (IFs), and payment and e-money institutions. DNB expects institutions to integrate climate and environmental risks into their risk management, strategy, and governance. The guide aligns with European initiatives such as CRD VI and the CSRD and is actively used by DNB in supervisory discussions and SREP assessments. The guide does not apply to banks, which are subject to the ECB’s guide.

• On 26 August 2025, DNB published updated Good Practices for the SIRA process (Systematic Integrity Risk Assessment), including a feedback statement. The update includes strengthened expectations for identifying, assessing, and mitigating money laundering and sanctions risks, with an emphasis on data analysis, periodic review, and documenting risk appetite.

The following developments are covered in this article:

AFM tightens supervision of pension communication

The Dutch Authority for the Financial Markets (AFM) has announced that in 2025 and 2026, it will place additional focus on pension communication in the context of the Future Pensions Act. On 11 September 2025, the AFM published a report outlining its findings and expectations regarding how pension funds should communicate with members about compensation for active participants who may be disadvantaged by the transition to a new contribution system.

As pension providers are fully engaged in the transition to the new pension system, the AFM emphasises that communication with participants must be clear, balanced, and timely.

The AFM identifies four key principles for effective pension communication:

• clear language and concrete explanations of choices and their consequences;

• balanced communication about risks, returns, and uncertainties;

• reliable digital tools that actively support participants in making their choices; and 

• timely information about the impact of the system transition on accrued rights, contributions, and future benefits.

These focus areas align with the legal requirements set out in the Pensions Act and the Decree on the Implementation of the Pensions Act and the Mandatory Occupational Pension Scheme Act, which have been tightened under the Future Pensions Act to place greater emphasis on clear, choice-oriented, and transparent communication.

In 2025 and 2026, the AFM will conduct research into transition communication by pension providers. Based on these findings, a further guidance document with best practices for clear and reliable pension communication will be published in 2026.

Pension funds, insurers, and PPIs are encouraged to start assessing their communication now in light of the Wtp requirements and the AFM’s points of attention. Transparent, fair, and accessible information not only supports regulatory compliance but also strengthens participants’ trust in the new pension system.

New banking regulations: Implementation Act on Capital Requirements 2026 (CRD VI)

The Capital Requirements Implementation Act 2026 will enter into force on 11 January 2026. This Act incorporates the European requirements of the Capital Requirements Directive VI (CRD 6) into the Financial Supervision Act (Wft) and the Bank Act 1998. The aim is to further harmonise supervision, governance, and sustainability within the European banking sector.

For Dutch banks, the new rules mean, among other things:

• Authorisation for significant transactions

Harmonised European rules will be introduced for prior approval of mergers, acquisitions, and other material transactions. This changes the current DNB declaration of no objection regime.

• Expansion of fitness and propriety assessments

The definition of a key function will be broadened. Employees who have an impact on the bank’s risk profile must also be assessed for fitness and propriety in the future.

• Integration of sustainability 

Banks must integrate ESG risks (environmental, social, and governance) into their strategy, risk management, and remuneration policy. In addition, they must draw up an ESG transition plan with clear objectives for the coming years.

• Tighter regulations for foreign branches

Third-country banks seeking to operate in the Netherlands must obtain authorisation for their branches and comply with minimum capital, governance, and regulatory oversight standards.

• Cooling-off period for regulatory officials

Employees of DNB who have supervised an institution may only take up employment with that institution after a cooling-off period of at least three months.

The implementation of CRD VI requires banks to adjust their governance, risk management, and sustainability policies in a timely manner to meet the new European requirements. Institutions are encouraged to review now whether their transaction approval procedures are compliant, all key functions have been correctly identified and assessed, and sustainability risks have been structurally integrated into their policies and reporting.

• Digital euro: Upcoming European legislation

The European Union is developing a legal framework for the introduction of a digital euro – a digital form of central bank money issued by the European Central Bank (ECB). On 28 June 2023, the European Commission (EC) published a proposal for a regulation to establish the digital euro as legal tender within the euro area. The aim is to make the euro future-proof in an increasingly digital payment landscape.

Key elements

The digital euro, like cash, will be widely usable for payments between consumers and businesses. For Dutch banks and payment institutions, the regulation is particularly relevant because:

• they will be obliged to accept digital euro payments once it is introduced;

• they will be allowed to offer digital euro services without a separate licence, provided they already hold a licence as a bank or payment service provider;

• the ECB will set limits on the amount of digital euros that can be held, to prevent them from being used as a savings product;

• the digital euro is explicitly intended as a complement to cash, not a replacement for it.

Current status and next steps

The development of the digital euro is progressing along two parallel processes. On the one hand, the ECB has been working since November 2023 on the technical infrastructure, security, privacy aspects, and user experience. This preparation phase will run until the end of 2025, after which a decision will be made on whether to move to an implementation phase. At the same time, the European Commission, the Council, and the European Parliament are negotiating the regulation that will serve as the legal basis for its introduction. Political agreement is expected in 2026.

Only once the legislation has been adopted and the preparatory phase has been successfully completed can the ECB decide to issue the digital euro. The digital euro could then be introduced in stages across the euro area around 2028–2029.

Impact for financial institutions?

The digital euro has the potential to reshape the structure of European payment systems fundamentally. Dutch banks and payment institutions would be well advised to start assessing now what the implications are for their systems, risk management, and customer processes. 

The digital euro is intended as an additional means of payment alongside cash and bank deposits, allowing consumers and businesses to retain choice while making payments more straightforward, safer and more accessible.

• EU explores simplification of financial transaction reporting (MiFIR, EMIR and SFTR)

The European Securities and Markets Authority (ESMA) is exploring ways to simplify the transaction reporting obligations under MiFIR, EMIR and SFTR. The aim is to reduce the administrative burden for financial institutions and improve data quality. The proposed changes are not expected to take effect before early 2028.

The proposals are relevant for all institutions that report transactions under European financial markets regulation, including:

• MiFIR (transaction reporting by trading venues and investment firms),

• EMIR (derivatives reporting and risk management), and

• SFTR (reporting of securities financing transactions).

Objective and scope of the initiative

On 23 June 2025, ESMA published a consultation to gather input on ways to simplify the reporting framework. This initiative is part of the broader EU programme to reduce the reporting burden by 25% for companies and by 35% for SMEs. In its proposal, ESMA highlights issues such as duplicate reporting, inconsistent definitions, separate reporting channels and high IT costs.

To address these issues, ESMA outlines two main approaches:

1. Removal of overlaps: better allocation of reporting obligations across existing frameworks, for example, exchange-traded transactions under MiFIR and OTC derivatives under EMIR. A distinction could also be made between transactions (MiFIR) and post-trade events (EMIR).

Advantage: relatively quick to implement. 
Disadvantage: some overlap would remain.

1. The ‘report once’ principle: one-time reporting through a harmonised EU template applicable to MiFIR, EMIR and SFTR (and potentially other frameworks such as REMIT or Solvency II).

Advantage: maximum reduction of administrative burden and improved data consistency.

Disadvantage: high implementation costs and a long lead time (estimated at 5–7 years).

ESMA is also exploring the use of new technologies, such as DLT and smart contracts, alongside centralised data collection to enhance efficiency further. The consultation ran until 19 September 2025, with the final report expected in early 2026. On that basis, legislative proposals may follow, which, depending on the option chosen, could enter into force around 2028.

For Dutch banks, investment firms, clearing institutions and other reporting entities, this initiative could eventually lead to fewer duplicate reports and lower compliance costs. Institutions are encouraged to follow the consultation closely, review their internal reporting processes and prepare in good time for possible technical and organisational changes to their reporting chains.

Outlook

Which upcoming legislation and regulations should you also take into account? 

In our next Regulatory Update article, we will take a closer look at, among others, the following developments:

• Implementation Act on the Prevention of Money Laundering and Terrorist Financing
• Bill to implement the EU Pay Transparency Directive for men and women

Request a Regulatory Update

We hope this article has provided you with a comprehensive overview of recent developments. Because legislation and regulations are continually evolving, you want to ensure nothing escapes your attention. Feel free to request a tailored Regulatory Update (available in Dutch or English). 

This quarterly report provides a clear overview of current developments, upcoming regulatory changes, and relevant publications and consultations, fully tailored to your organisation and activities. Our experienced consultants highlight key points, answer questions about interpreting legislation, and provide guidance on next steps and practical implementation. They can also help you develop a detailed action plan to align your policies and procedures with the latest regulatory requirements. 

This ensures you stay prepared for new regulations and maintain control over their impact on your organisation. 

Feel free to contact us for more information.