EU Compliance for Fintech & Financial Services

The EU AI Act classifies AI systems by risk level and imposes obligations on providers and deployers. High-risk systems face mandatory conformity assessments, documentation, and human oversight requirements.

Max fine: €35M or 7% of global turnover

NIS2 expands cybersecurity obligations to essential and important entities across critical sectors. It mandates risk management, incident reporting, and supply chain security.

Max fine: €10M or 2% of global turnover

DORA creates a comprehensive framework for ICT risk management in the financial sector. It requires resilience testing, third-party risk management, and incident reporting.

Max fine: Varies by member state (effective, proportionate, dissuasive)

The EAA sets accessibility requirements for products and services to ensure people with disabilities can fully participate in the digital economy.

Max fine: Per member state

The Pay Transparency Directive requires employers to disclose salary ranges in job postings, report on gender pay gaps, and enable employees to compare pay. Targets the gender pay gap across the EU.

Max fine: Per member state (compensation + penalties)

The Whistleblower Directive protects persons who report breaches of EU law. It requires organisations with 50+ employees to establish internal reporting channels and prohibits retaliation.

Max fine: Per member state

MiCA creates a comprehensive regulatory framework for crypto-assets in the EU, covering issuers of asset-referenced tokens and e-money tokens, and crypto-asset service providers (CASPs).

Max fine: €5M or 3% of annual turnover (CASPs)

eIDAS 2.0 updates the framework for electronic identification and trust services, introducing the EU Digital Identity Wallet. It enables cross-border digital identity verification and expands recognised trust services.

Max fine: Per member state

CSRD expands mandatory sustainability reporting to large companies and listed SMEs. Companies must report according to European Sustainability Reporting Standards (ESRS) covering environment, social, and governance matters.

Max fine: Per member state (audit-based enforcement)

CS3D requires large companies to conduct due diligence on actual and potential adverse impacts on human rights and the environment in their operations and supply chains.

Max fine: At least 5% of net worldwide turnover

The EAA sets harmonised accessibility requirements across the EU for key products and services, ensuring people with disabilities have equal access to the digital economy and essential services.

Max fine: Per member state