Domestic

CBI remarks at Consumer Protection Code Workshop

On 3 November 2025, the Deputy Governor (Consumer and Investor Protection) delivered remarks at the Central Bank of Irelands’ (CBI) workshop on the new Consumer Protection Code 2025 (CPC).

One of the CPC’s key enhancements is to broaden the concept of ‘vulnerability’, aligning it with the more sophisticated articulation of vulnerability in the revised G20/Organisation for Economic Co-operation and Development (OECD) High Level Principles on Financial Consumer Protection.

In relation to the CBI’s approach to implementing the new CPC, the following points were made:

• The CBI expects regulated firms’ implementation of the CPC to be well advanced, underpinned by clear plans, resources and senior level accountability - the care and attention to implementing the CPC is something that the CBI will take into account in future supervisory actions.
• The CBI recognises that the CPC introduces new requirements, and it will work with firms and stakeholders to build understanding of the requirements.
• The CBI will weave the requirements of the CPC throughout its supervisory work, consistent with its new integrated supervisory approach - in the immediate period ahead this will involve a particular focus on how firms have enhanced their supports for consumers (particularly those in vulnerable circumstances) across the themes of consumer/investor experience, digitalisation, and financial crime.
• The CBI will assess the effectiveness of the CPC through the substantive outcomes firms achieve by enhancing how it gathers and considers insights from consumers through research, new capabilities afforded to supervisors to monitor online activity and conducting business returns.
• Firms should build a better understanding of customers’ financial well-being, their needs and the challenges they face (including listening more closely to what their complaints are saying about their experience).

European

ESAs announce the designation of critical ICT third-party providers

On 18 November 2025, the European Supervisory Authorities (ESAs) published a list of critical information and communication technology (ICT) third-party providers (CTPPs) designated under the Digital Operational Resilience Act (DORA).

The designated CTPPs provide a range of ICT services, such as core infrastructure and business and data services, to financial entities of all types and sizes across the EU and the ESAs will continue to engage with CTPPs in the course of upcoming examination activities.

The full list can be accessed here.

ESRB recommendation on third-country multi-issuer stablecoin schemes published

On 21 November 2025, a recommendation of the European Systemic Risk Board (ESRB) on third-country multi-issuer stablecoin schemes (the recommendation) dated 25 September 2025 was published in the Official Journal of the EU.

The recommendation sets out a two-pronged approach:

• firstly, it advises the European Commission (the Commission) to clarify, by the end of 2025, that such issuance models are not permitted under Markets in Crypto-Assets Regulation (MiCA)
• secondly, if no clarification is provided, the ESRB recommends that relevant authorities implement safeguards, such as enhanced supervisory measures, strengthened international cooperation and legal reforms, by the end of 2026, with full implementation by the end of 2027

The ESRB will monitor the implementation of the recommendation and requires addressees to report on their actions and provide justification for any inaction.

ESMA publish statement to support the smooth implementation of MiCA data standards and format requirements

On 28 November 2025, European Securities and Markets Authority (ESMA) published a statement to support the implementation of MiCA data standards and format requirements. This statement is in relation to the technical specifications concerning the implementation of the following:

• the format of order book records for crypto-asset service providers (CASPs) operating a trading platform for crypto-assets as defined by the Commission Delegated Regulation (EU) 2025/416, supplementing MiCA
• the data standards requirements for all CASPs as defined by the Commission Delegated Regulation (EU) 2025/1140 specifying records to be kept of all crypto-asset services, activities, orders and transactions undertaken
• the way CASPs operating a trading platform for crypto-assets are to present transparency data as defined by the Commission Delegated Regulation (EU) 2025/417 of 28 November 2024
• the format and data standards requirements for the MiCA white papers as defined by the Commission Implementing Regulation (EU) 2024/2984 of 29 November 2024 with regard to forms, formats and templates for the crypto-asset white papers 
• the data necessary for the classification of crypto-asset white papers as defined by the Commission Delegated Regulation (EU) 2025/421 of 16 December 2024 specifying the data necessary for the classification of crypto-asset white papers and the practical arrangements to ensure that such data is machine-readable.

Date published: 22 December 2025

This publication provides an overview of certain legal and regulatory developments that may be of interest to certain entities. It does not purport to provide analysis of law or legal advice and is strictly for information purposes only.