EBA publishes its Annual Work Programme 2026

RegCORE Client Alert | Banking Union

QuickTake

Each year, typically in the fourth quarter, European Union authorities like the European Banking Authority (EBA) release their Annual Work Programmes (AWPs). These documents outline their priorities and resources for the upcoming calendar year. The EBA’s 2026 AWP is also linked to its multi-year plan, known as a Single Programming Document (SPD). Both AWPs and SPDs are important for national competent authorities (NCAs) and, crucially, for firms operating under the EBA’s and NCAs' regulatory and supervisory mandates.

On 1 October 2025, EBA published its AWP outlining the key priorities and initiatives for 2026.Available here.Show Footnote As in previous years, EBA’s AWP is structured to address the evolving market context, legislative and regulatory changes as well as technological advancements impacting the financial services sector and those financial market participants within its mandate. The EBA, in its role as regulator is the gatekeeper of certain parts of the Single Rulebook for financial services within its mandate and tasked with regulatory and supervisory convergence amongst NCAs and across markets. Accordingly, the EBA shapes how NCAs (both in and outside of the EU’s Banking Union) apply the legislative and regulatory requirements as well as expectations in the supervision of financial market participants within EBA’s regulatory mandate. 

The EBA’s agenda, encompassing both its current multi-annual work programme and its 2026 plan, is built upon three main priorities: (i) developing a simplified and efficient Single Rulebook; (ii) enhancing risk assessment and supervisory capacity; and (iii) fostering technological innovation and consumer protection. These priorities are supported by seven specific activities. The EBA’s 2026 programme emphasises regulatory efficiency, proportionality and the effective integration of technological advancements across the EU financial sector.

In addition to delivery of the EBA’s core priorities, the 2026 AWP marks a significant milestone, as the EBA assumes new oversight and supervisory responsibilities under (1) the Digital Operational Resilience Act (DORA),DORA aims to enhance digital operational resilience across the financial sector. Supervised firms must focus on effective implementation, fostering cooperation among stakeholders and addressing emerging risks. ESMA will oversee CTPPs to promote convergence and strengthen digital operational resilience. Firms should prepare for new tasks and powers conferred on ESMA related to DORA, including implementing a cyber-incident report system and developing supervisory convergence tools.Show Footnote where it will be overseeing designated critical ICT third-party service providers (CTPPs) jointly with its sister European Supervisory Authorities (ESAs), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA); (2) the Markets in Crypto-assets Regulation (MiCAR); (3) the European Market Infrastructure Regulation (EMIR), while (4) transferring the EBA’s existing anti-money laundering and countering the financing of terrorism (AML/CFT) functions to the EU’s new Anti-Money Laundering Authority (AMLA).

This Client Alert examines the relevant issues and key legal and regulatory considerations for market participants. It should be read alongside other thematic deep dives on reforms and developments, as well as our standalone analysis of all relevant 2026 work programmes from the European Commission, the ESAs and Banking Union authorities (ECB-SSM and SRB), AMLA,Available here.Show Footnote and as well as the EBA’s and ESMA’s efficiency, simplification and burden reduction reports published in October 2025. Readers may also find value in consulting publications from PwC’s Risk Network and PwC Legal’s “Navigating 2026", a comprehensive playbook offering a detailed annual outlook from PwC Legal’s EU RegCORE on the upcoming regulatory policymaking agenda, supervisory cycle and an assessment of commonalities and trends for 2026 and beyond.

Key takeaways from EBA’s 2026 AWP

As in previous years, the EBA uses its 2026 AWP to outline its strategic priorities and communicate a comprehensive roadmap and resourcing plan for its activities and publications. These publications primarily take the form of Guidelines, Implementing Technical Standards (ITS) and Regulatory Technical Standards (RTS), which the EBA is mandated to publish, along with other rulemaking instruments and statements (Q&As, Opinions and Supervisory Briefings). These documents set out the EBA’s supervisory expectations for NCAs and market participants on how to comply with the EU’s Single Rulebook for financial services.

Building upon its multi-annual priorities and those set out in its 2025 AWP, the 2026 AWP details how the EBA will deliver on the following three key priorities and seven core activities, summarised below:

Three core priorities in the 2026 AWP

1. Single Rulebook: contributing to an efficient, resilient and sustainable Single Market 

The EBA’s first priority is to continue developing and simplifying the Single Rulebook for EU financial services, with a renewed focus on simplification and efficiency. This involves proposing ways to reduce regulatory complexity, strengthen coordination among public authorities and calibrate the framework's impact to preserve financial system resilience and international credibility. The EBA will use a new methodology to assess the materiality and priority of Level 2 and Level 3 mandates, aiming to streamline deliverables and identify tasks for potential deprioritisation. Key initiatives include:

• Simplification and efficiency: The EBA will apply a new methodology to assess the materiality and priority of Level 2 (L2) and Level 3 (L3) mandates, with a view to streamlining the regulatory framework and advising on legislative reviews. While the EBA highlights the role of L2 and L3 measures in building a coherent single prudential framework, it now acknowledges the need for a comprehensive reassessment of their appropriateness and necessity. This methodology evaluates measures based on materiality, complexity, stakeholder sensitivity, scope, burdensomeness and usefulness. The EBA estimates that up to 20% of existing measures could be deprioritised, but stresses that any final decision to abandon mandates rests with the EU co-legislators. The EBA intends to use this methodology in future policy discussions, aiming to reduce reporting costs by 25% and enhance the clarity and efficiency of rule design. This initiative will also include a review of capital, buffer, MDA, own funds, leverage and TLAC/MREL requirements, as well as a reflection on the regime for small, non-complex institutions (SNCIs) — though the EBA rejects calls for a separate regime, favouring a single, proportionate approach. These priorities should also be read in conjunction with the EBA’s and ESMA’s efficiency, simplification and burden reduction equally published in October 2025 analysed in a standalone Client Alert.
• Banking Package implementation: The EBA will progress with mandates under the EU Banking Package, particularly regarding credit and operational risk. It will also finalise standards for third-country branches (see below) and ancillary services undertakings. Work on market risk is paused, aligning with the European Commission’s decision to postpone the Fundamental Review of the Trading Book (FRTB).
• Third Country Branches (TCBs) and cross-border supervision: The EBA will deliver several important measures concerning TCBs, including RTS on booking arrangements, guidelines on capital endowment and minimum common reporting. These measures will have direct implications for non-EU firms operating in the EU via branches, as well as for EU firms with cross-border activities.See also further analysis available here.Show Footnote
• Payment services and CMDI: The EBA anticipates over 50 new mandates under the revised Payment Services Directive (PSD3), Payment Services Regulation (PSR) and the Financial Data Access Act (FIDAR) and will develop a roadmap to manage these efficiently. The EBA will also prioritise mandates under the Crisis Management and Deposit Insurance (CMDI) package, including new requirements for deposit guarantee schemes and early intervention measures.
• Reforming supervisory convergence through rulemaking: The EBA will intensify efforts to promote consistent supervisory outcomes, expanding peer reviews (including on Markets in Crypto-Assets Regulation (MiCAR) white papers and resolution planning) and supporting convergence in DORA and MiCAR implementation. The EBA is advocating for a shift towards more ex ante supervisory convergence, seeking to provide earlier and more top-down guidance to NCAs during the policy development process. This includes a restructuring of EBA subcommittees and a long-term ambition to rely more on directly applicable Regulations and ITS/RTS, rather than Directives and Guidelines. The EBA’s leadership in this area is intended to foster greater consistency and efficiency in supervisory practices across the EU.

2. Risk assessment: developing capacity for effective analysis, supervision and oversight

The second priority is to strengthen the EBA’s risk assessment and supervisory capabilities, particularly considering new mandates under DORA, MiCAR and EMIR. The EBA will:

• EU-wide risk assessments and stress testing: Preparations for the 2027 EU-wide stress test will focus on streamlining methodologies, reducing data collection costs and integrating climate and non-bank financial intermediation (NBFI) risks. The EBA will also enhance its analysis of geopolitical, market and operational risks, including the impact of ICT incidents and cyber threats, which also aims in contributing to the operationalisation of the pan-European systemic cyber incident communication and coordination framework (EU-SCICF).Please see further analysis on the EU-SCICF here.Show Footnote
• Oversight and supervision: The EBA, together with ESMA and EIOPA, will ramp up joint oversight of CTPPs under DORA, conduct thematic reviews and engage in direct supervision of significant asset-referenced and e-money token issuers under MiCAR. The EBA will also establish a central validation function for initial margin models under EMIR.
• Data, tools and methodologies: The EBA will advance its integrated reporting framework, aiming to reduce reporting costs by 25% through harmonisation, simplification and the development of a public EU-wide data request repository. The EBA will leverage the EUCLID platform for new data collections and enhance its data infrastructure to support risk assessment and policy development.

3. Innovation: enhancing technological capacity for all stakeholders

The third priority is to foster technological innovation across the financial sector, with a particular focus on consumer protection. The EBA’s initiatives include:

• Innovation monitoring and knowledge-sharing: The EBA will monitor developments, market trends, risk and opportunities in artificial intelligence (AI) (in particular general purpose AI as well as third-party applications), machine learning (ML), crypto-assets, distributed ledger technology (DLT) and the digital euro. The EBA will chair the European Forum for Innovation Facilitators (EFIF)See analysis of the EFIF and its work here.Show Footnote in 2026 and support the Supervisory Digital Finance Academy (SDFA).
• AI and ML: The EBA will contribute to the implementation of the AI Act in the banking and payments sector, assess AI market trends and risks and support competent authorities in analysing AI plus ML use cases and third-party dependencies.
• Crypto, DLT and value chain evolution: The EBA will monitor decentralised finance (DeFi), commercial bank-issued tokens and the role of BigTech in EU finance and will follow up on white labelling practices and consumer disclosures.
• Consumer protection: The EBA will address issues of over-indebtedness, de-risking and financial education, assess compliance with the Credit Servicers Directive and Consumer Credit Directive (each of which also assessed in standalone Client Alerts) and monitor payment fraud trends to support fraud reduction objectives. The EBA will also work to improve consumer understanding of digital financial products and services.

Seven key activities in the 2026 AWP

The EBA's 2026 AWP is structured around seven overarching activities, each supporting the Authority's strategic priorities and operational objectives:

1. EBA’s contribution to policy development: This activity focuses on developing and maintaining an effective, simple, efficient and proportionate Single Rulebook for banking and financial activities in the EU. Key deliverables include technical standards, guidelines and reports across prudential regulation, governance, payment services, crisis management, sustainable finance and innovation monitoring.
2. EBA’s efforts on supervisory convergence and enforcement under existing approach: Ahead of the proposed reforms above, the EBA promotes consistent and effective application of the Single Rulebook by fostering convergence in supervisory and resolution practices. This includes setting EU Strategic Supervisory Priorities, conducting peer reviews, benchmarking exercises, Q&A processes and providing training for competent authorities. The EBA’s 2026 programme places renewed emphasis on expanded peer review activities covering MiCAR white papers, resolution planning, ICT risk and the treatment of mortgage borrowers in arrears. Other peer reviews in existing focus areas will in 2026 focus on the supervision of Pillar 3 transparency requirements, ICT risk, PSD2 authorisation, Ongoing monitoring of the implementation of the interest rate risk in the banking book (IRRBB), liquidity coverage ratio (LCR) and net stable funding ratio (NSFR). The EBA will also follow up on previous peer review recommendations and prepare for future reviews in areas such as liquidity supervision, Environmental, Social and Governance (ESG) risk integration and investment firm supervision. The EBA will continue its support for the operationalisation of resolution tools and liquidity/funding strategies in resolution, with a focus on testing and addressing obstacles to the effective use of bail-in and transfer tools.
3. EBA’s regular risk and financial stability analysis: The EBA identifies and monitors risks and vulnerabilities in the EU banking and financial sector, coordinates EU-wide stress tests and develops state-of-the-art tools and methodologies for risk and policy analysis. Deliverables include risk assessment reports, thematic notes and the integration of climate and environmental risks into stress testing.
4. EBA’s direct oversight and supervision: In 2026, the EBA will expand its direct oversight and supervisory responsibilities, particularly under DORA (for CTTPs), MiCAR (for significant asset-referenced and e-money token issuers) and EMIR (for initial margin model validation). Activities include engagement with supervised entities, risk assessments and the development of supervisory tools.
5. EBA’s use of data: The EBA aims to develop a simple and efficient reporting framework, ensure the quality and timeliness of reported data and facilitate market discipline through transparency. This involves maintaining technical standards for reporting, evolving the EUCLID platform and supporting integrated reporting initiatives to reduce reporting costs and redundancies.
6. EBA’s governance: This activity supports the EBA’s governing bodies and management, coordinates stakeholder engagement and ensures accountability. It includes planning and monitoring the execution of the work programme, providing legal advice, managing internal control and risk frameworks and overseeing communication strategies.
7. EBA’s operations and resource allocation: The EBA will continue to ensure the efficient delivery of its daily operations, including finance, procurement, human resources, IT and corporate support. Operational priorities include the execution of the IT strategy, implementation of cybersecurity frameworks and optimisation of internal processes to support the EBA’s expanding mandate. The EBA’s resource plan for 2026 reflects the transfer of AML/CFT functions to AMLA and the need for additional staff to deliver new oversight and supervisory tasks under DORA, MiCAR and EMIR. The EBA will be supported by 274 staff, with targeted increases in oversight and supervision functions, particularly for DORA, MiCAR and EMIR-related activities. The EBA has requested a modest increase in EU contributions, offset by industry fees and the mutualisation of overhead costs. The EBA will continue to invest in IT infrastructure, data management and operational support to enable its expanded mandate.

The above should also be read in conjunction with the proposed deprioritisation of key policy areas in 2026.

EBA’s deprioritisation of policy areas in 2026

The EBA has indicated that approximately 20% of its current L2 and L3 measures could be deprioritised, but the final decision to formally abandon or postpone these measures rests with the EU co-legislators. These measures have been identified based on the EBA’s new methodology, which considers materiality, complexity, stakeholder-sensitivity, scope, burdensomeness and usefulness. The deprioritised measures include the following along with a summary of the EBA’s stated rationale:

• Maintenance of credit risk lists (including eligible public-sector entities) – External Credit Assessment Institutions (ECAI) mapping: This is a resource-intensive, ongoing task with limited added value, as the lists are now stable and changes are infrequent. The process is burdensome for both the EBA and firms and the regulatory benefit is marginal compared to the effort required.
• Monitoring report on capital treatment of STS synthetics: The market for simple, transparent and standardised (STS) synthetic securitisations is relatively small and stable. Ongoing monitoring yields diminishing returns and the information can be captured through other supervisory channels.
• Monitoring report on the treatment of NPL in securitisation: Similar to STS synthetics, the NPL securitisation market is not rapidly evolving. The regulatory framework is now well established and further monitoring reports are unlikely to yield significant new insights. 
• Monitoring of Pillar 3 disclosures: With the harmonisation and digitalisation of Pillar 3 disclosures, ongoing manual monitoring is less necessary. The EBA is moving towards automated data collection and analysis, reducing the need for separate monitoring exercises.
• Guidelines on specific publication requirements: These guidelines are considered to add complexity without significant benefit, as most publication requirements are already addressed in primary or secondary legislation. The marginal utility of further guidance is low.
• Data support to regulatory work and technical advice to the European Commission: This support is resource-intensive and often duplicative of other data collection and analysis efforts. The EBA is prioritising core regulatory and supervisory activities over ad hoc technical advice.
• Data support to supervisory benchmarking: With the move towards integrated and automated reporting frameworks, the need for separate data support for benchmarking is reduced. The EBA is focusing on streamlining data processes. 
• Training of NCA and EBA users on data and analysis tools: While training is important, it is not a core regulatory deliverable. The EBA is shifting responsibility for training to national authorities or integrating it into broader capacity-building initiatives. 
• Guidelines on prudential and AML/ Financial Intelligence Units (FIU) authorities’ cooperation for third country branches (TCB): Given the transfer of the EBA’s AML/CFT responsibilities to AMLA and the existence of other cooperation frameworks, additional guidelines are seen as duplicative and of limited incremental value. 
• RTS on the exclusion of losses: This RTS is considered low materiality and stakeholder-sensitivity. The exclusion of losses is a niche issue and existing rules are deemed sufficient for most cases.
• RTS on categorisation within the specialised lending exposure class: The categorisation of specialised lending exposures is already well defined in the current framework. Further technical standards would add complexity without clear benefit. 
• Guidelines on artificial cash flow and discount rate: These guidelines address a highly technical and narrow area. The EBA has assessed that the regulatory and supervisory impact is limited and the burden of developing and implementing such guidelines outweighs the benefits.
• RTS on rules and procedures on conflict of interests: Conflict of interest rules are already embedded in primary legislation and existing guidelines. Additional RTS would be duplicative and add unnecessary complexity. 
• RTS on dilution risk: Dilution risk is a specialised topic with limited impact on the broader prudential framework. For most institutions, dilution risk is not a material driver of credit risk capital requirements. The EBA has determined that further technical standards are not a priority. Market participants (in particular those CRR firms with significant factoring or receivables financing business) must continue to apply the current provisions under the CRR and relevant EBA guidelines, which already require banks to assess and hold capital for dilution risk where material (see CRR Articles 128, 153 and 154). The deprioritisation signals that, unless a firm has significant exposures to assets subject to dilution risk (e.g., large trade receivables portfolios), this area will not be a focus of regulatory scrutiny. However, in the absence of further harmonised technical standards, there may be some divergence in how NCAs interpret and supervise dilution risk across Member States.

In respect of the above, firms should monitor further communications from the EBA and the European institutions for confirmation of which measures will be officially deprioritised.

Outlook and next steps

The EBA’s 2026 AWP signals a period of significant change for the EU financial regulatory landscape, with a strong focus on simplification, supervisory convergence and technological innovation. Financial institutions should prepare for new and evolving requirements in prudential regulation, payments, digital finance and operational resilience and should engage proactively with the EBA’s consultations and supervisory initiatives. The EBA’s comprehensive approach aims to ensure a resilient, efficient and sustainable single market for financial services, responsive to emerging risks and technological developments.

Supervised firms should proactively engage with these evolving regulatory landscapes by conducting thorough internal reviews of their current compliance frameworks. This includes updating policies and procedures documents including internal models to align with on-going reforms, enhancing data infrastructure to meet new reporting standards and integrating ESG risk assessments into their overall risk management strategies. Firms should also invest in training and development programs to ensure that their staff are well-versed in the new regulatory requirements and capable of implementing necessary changes effectively. By taking these steps, financial institutions can not only ensure compliance but also position themselves as leaders in a rapidly evolving financial ecosystem.

About us

PwC Legal is assisting a number of financial services firms and market participants in forward planning for changes stemming from relevant related developments. We have assembled a multi-disciplinary and multijurisdictional team of sector experts to support clients navigate challenges and seize opportunities as well as to proactively engage with their market stakeholders and regulators.  

Moreover, we have developed a number of RegTech and SupTech tools for supervised firms, including PwC Legal’s Rule Scanner tool, backed by a trusted set of managed solutions from PwC Legal Business Solutions, allowing for horizon scanning and risk mapping of all legislative and regulatory developments as well as sanctions and fines from more than 2,500 legislative and regulatory policymakers and other industry voices in over 170 jurisdictions impacting financial services firms and their business.  

Equally, in leveraging our Rule Scanner technology, we offer a further solution for clients to digitise financial services firms’ relevant internal policies and procedures, create a comprehensive documentation inventory with an established documentation hierarchy and embedded glossary that has version control over a defined backward plus forward looking timeline to be able to ensure changes in one policy are carried through over to other policy and procedure documents, critical path dependencies are mapped and legislative and regulatory developments are flagged where these may require actions to be taken in such policies and procedures.   

The PwC Legal Team behind Rule Scanner are proud recipients of ALM Law.com’s coveted “2024 Disruptive Technology of the Year Award” as well as the “2025 Regulatory, Governance and Compliance Technology Award”.

If you would like to discuss any of the developments mentioned above, or how they may affect your business more generally, please contact any of our key contacts or PwC Legal’s RegCORE Team via de_regcore@pwc.com or our website.