Compliance calendar
EU regulatory deadlines 2024–2028 — at a glance.
Every binding application and transposition deadline on a European financial institution's desk today — with its legal source, linked to the relevant briefing. We keep what is law strictly apart from what is merely proposed.
- 7
- deadlines in force
- 7
- upcoming through 2028
- 10
- frameworks covered
Upcoming
Binding cut-offs that sit in the Official Journal and that you plan for today. The run-up publications (delegated acts, technical standards, guidelines) keep arriving before each one.
- CRD VIUpcoming
CRD VI: transposition + application
CRD VI must be transposed by 10 January 2026; most provisions apply from 11 January 2026 — including the new third-country branch rules and the sharpened fit-and-proper requirements.
- MiCAUpcoming
MiCA: grandfathering ends (at the latest)
The transitional provision (Art. 143 MiCA) lets incumbents keep operating under prior national law until 1 July 2026 at the latest — unless the member state shortens the window. The exact cut-off sits in national law, not in MiCA itself.
- AI ActUpcoming
AI Act: high-risk (Annex III) + transparency
The decisive date for financial institutions: from 2 August 2026 the high-risk obligations for Annex III systems (credit scoring of natural persons, life/health insurance pricing) and the Art. 50 transparency duties take effect. The Digital Omnibus would push this to 2 December 2027 — not yet adopted, so August 2026 stands.
- Solvency IIUpcoming
Solvency II review applies
The amending directive (Directive (EU) 2025/2) applies from 30 January 2027: more proportionality for smaller undertakings, new long-term-guarantee rules and adjusted reporting. The Level 2 and Level 3 measures appear before then and continuously.
- AMLRUpcoming
AMLR: single rulebook applies
The single anti-money-laundering rulebook (AMLR, Regulation (EU) 2024/1624) applies from 10 July 2027 — directly applicable, EU-harmonised customer due diligence, UBO identification and reporting duties for all obliged entities, including CASPs.
- AI ActUpcoming
AI Act: high-risk Annex I products
Third step of the high-risk rules: from 2 August 2027 the obligations apply to AI that is a safety component of regulated products (the Annex I route), plus the extended transition for GPAI models placed on the market before August 2025.
- AMLAUpcoming
AMLA: direct supervision begins
The new EU Anti-Money-Laundering Authority (AMLA), seated in Frankfurt, starts direct supervision of selected high-risk, cross-border institutions in 2028 — the selection round runs beforehand.
Already in force
These acts are applicable. The work shifts from transposition to enforcement, examination and the continuous flow of Level 2 / Level 3 measures.
- MiCAIn force
MiCA: CASP rules apply
The Markets in Crypto-Assets Regulation has applied to crypto-asset service providers since 30 December 2024 — authorisation, conduct and organisational duties. The grandfathering window for incumbents runs in parallel (see July 2026).
- Travel RuleIn force
Travel rule (transfer of funds) applies
Since 30 December 2024 the transfer-of-funds regulation requires originator and beneficiary data on every crypto transfer — alongside MiCA, with special rules for self-hosted wallets.
- CRR IIIIn force
CRR III applies (output floor)
The EU implementation of Basel III has applied since 1 January 2025, including the output floor that caps the capital benefit of internal models. The accompanying directive, CRD VI, follows in January 2026.
- DORAIn force
DORA applies
The Digital Operational Resilience Act has applied since 17 January 2025 to banks, insurers and CASPs. Now in the enforcement phase: the register of information, incident reporting and — for significant institutions — threat-led penetration testing (TLPT).
- AI ActIn force
AI Act: prohibited practices + AI literacy
First step of the AI Act: since 2 February 2025 the prohibited AI practices (Art. 5) and the staff AI-literacy duty (Art. 4) apply.
- AI ActIn force
AI Act: GPAI, governance, penalties
Second step: since 2 August 2025 the obligations for general-purpose AI models (GPAI, Chapter V), the governance structure (AI Office, AI Board) and the penalty provisions apply. Deployers should proactively request providers' GPAI documentation.
- NIS2In force
NIS2: German transposition in force
Germany transposed NIS2 via the NIS2 Implementation and Cybersecurity Strengthening Act (NIS2UmsuCG), in force since 6 December 2025. National transposition is staggered across the EU — for banks DORA, as lex specialis, displaces the ICT-security layer.
In flux — no fixed date yet
These dossiers are moving. We deliberately list them without a date until they are law — and track their status weekly.
Digital Omnibus on AI — proposed delay
Would move the Annex III high-risk deadline from 2 August 2026 to 2 December 2027 (COM(2025) 836, procedure 2025/0359(COD)). As of June 2026: provisional political agreement, but not yet adopted or published in the Official Journal — until then 2 August 2026 remains the operative date.
Read the briefingCSRD/ESRS after the Omnibus
The Omnibus package postponed the reporting timeline and narrowed scope; the revised ESRS are still in draft. Which wave reports when, and against which standard, is in flux — we deliberately do not assign a fixed date yet.
Read the briefingSFDR review (SFDR 2.0)
The Commission has signalled a fundamental overhaul of the disclosure regulation; a formal legislative proposal is not yet adopted. Until then the existing duties on Art. 8/9 products and PAI apply unchanged.
Read the briefingAs of 3 June 2026. Dates follow the acts published in the Official Journal of the EU; proposed but unadopted changes are marked as such and left undated. National transposition deadlines may differ by member state. Not legal advice.
Never miss one of these deadlines.
Horizon Scanner detects every change on the day it is published and routes it to the team that owns it — with an audit trail.