What regulatory deadlines are coming up in 2025? The financial services sector is facing a significant number of regulatory and standard updates, so Finextra has collated an overview of significant deadlines that are coming up this year.
January
EU – DORA will apply from 17 January
The EU’s highly anticipated Digital Operational Resilience Act (DORA) is designed to ensure operational resilience for the financial sector when faced with disruptions or incidents. The Act covers five core areas, which are governance, third-party risk mitigation,
resilience testing, incident reporting, and information sharing. It officially entered into force in January 2023 and institutions across the union need to be compliant by 17 January 2025.
February
EU – EU AI Act provisions become applicable on 2 February
On 2 February 2025, provisions for prohibited AI systems of the EU AI Act become applicable. These refer to bringing to market, putting into service or using AI systems which pose an unacceptable risk according to the AI Act’s definition.
March
UK – PS21/3 transition period ends 31 March
PS21/3 is a policy issued by the Bank of England, Financial Conduct Authority (FCA), and Prudential Regulatory Authority (PRA) designed to ensure the UK financial sector is operationally resilient. Rules and guidance came into force on 31 March 2022, and
the transition period officially ends on 31 March 2025.
July
Australia – CPS 230 will apply
from 1 July
CPS 230 is a policy issued by the Australian Prudential Regulation Authority (APRA) designed to bolster the management of operational risk in the banking, insurance and superannuation industries. After being pushed from January 2024, the new deadline to
comply for local companies and companies operating in Australia is 1 July 2025.
UK – Basel 3.1
implementation on 1 July
Developed by the Basel Committee on Banking Supervision (BCBS) in light of the 2007- 2009 global financial crisis, the Basel 3.1 framework is designed to strengthen the regulation, supervision and risk management of banks.
Initially planned for January, the UK PRA has decided to move the implementation date for Basel 3.1 to 1 July 2025.
US – Section 1071 deadline for Tier 1 banks on 18 July
Section 1071 of the Dodd-Frank Act refers to fair lending laws requiring lenders to collect, and report information about lending to women owned, minority-owned and small businesses to the Consumer Financial Protection Bureau (CFPB). The CFPB has previously
extended the deadlines, with the first one now being 18 July 2025 for Tier 1 institutions.
August
EU – next round of AI Act provisions become applicable 2 August
One year after the EU AI Act came into force, the second round of provisions becomes applicable on 2 August 2025. These provisions mean that the Act’s rules relating to notified bodies (Chapter III, Section 4), GPAI models (Chapter V), Governance (Chapter
VII), Confidentiality (Article 78), and Penalties (Articles 99 and 100) will start to apply.
September
EU – the deadline for MiFID II amendments
is set for 29 September
In the EU, the MiFID II / MiFIR review came into force on 28 March 2024. Allowing for an 18-month transition period, the transposition deadline for the MiFID II amendments will be 29 September 2025.
October
EU – instant payments requirements come into effect 9 October
While receiving instant payments across member states has been a requirement from January 2025, financial institutions need to ensure they are able to send instant payments to Euro area member states by 9 October 2025. Verification of payee additionally
becomes mandatory across member states on the same day.
November
Global – Swift’s MT/ISO 20022 CBPR+ coexistence period ends in November
After a little over two years of coexistence, the deadline for ISO 20022 CBPR+ is set for November 2025. By that date, all cross-border payment instructions need to be formatted in the new ISO 20022 standard and older MT messages will have to be either translated
or risk getting NAK’ed.
December
EU – BMR third country regime due to apply on 31 December
The BMR was set up in the aftermath of the 2012
LIBOR scandal to regulate financial benchmarks. The current third country provisions of the BMR is set to apply as of 31 December 2025.