The rules shaping risk in 2025
Concise, practitioner-grade explainers of the regulations that drive KYB, AML, ESG, cyber and AI risk programmes.
AMLD6 — 6th Anti-Money Laundering Directive
Transposed across EU member states; AMLR/AMLA package phasing in 2025–2027
AMLD6 broadens the scope of money-laundering offences, harmonises predicate offences across EU member states and toughens corporate criminal liability for AML failings.
DORA — Digital Operational Resilience Act
Applicable from 17 January 2025
DORA sets uniform requirements for the digital operational resilience of EU financial entities, including ICT risk management, incident reporting, resilience testing and oversight of critical third-party providers.
GDPR — General Data Protection Regulation
Applicable since 25 May 2018
GDPR governs the processing of personal data of individuals in the EU/EEA, with strong rights for data subjects and accountability obligations for controllers and processors.
EU AI Act
Phased application 2025–2027; prohibitions live from Feb 2025
The AI Act is the EU's risk-based framework for AI systems, banning unacceptable-risk uses and imposing strict obligations on high-risk and general-purpose AI providers and deployers.
CSRD — Corporate Sustainability Reporting Directive
First reports in 2025 for FY2024 (large listed companies); phased to 2028
CSRD requires in-scope companies to report sustainability information under the European Sustainability Reporting Standards (ESRS), with limited assurance from day one.
MiCA — Markets in Crypto-Assets Regulation
Stablecoin rules from June 2024; CASP rules from 30 December 2024
MiCA harmonises authorisation and conduct rules for crypto-asset issuers and service providers across the EU, with bespoke regimes for asset-referenced and e-money tokens.
Never miss a regulatory deadline
Monthly briefing on AMLD6, DORA, MiCA, EU AI Act and the rules shaping risk programmes.