Open search form Open menu
Search for a lawyer
Search
Financial Services
  • 06 Feb 2025
  • 15 min read

ESMA publishes its Programming Document 2026-2028

Written by

Dr. Michael Huertas

RegCORE Client Alert | Capital Markets Union

QuickTake

As explored in an earlier Client Alert,Available here.Show Footnote the European Securities and Markets Authority (ESMA) published its annual work programme (AWP) for 2025 on 1 October 2024. ESMA’s AWP sets out what the authority will focus on and how it will approach key strategic priorities and the implementation of new mandates.Available here.Show Footnote ESMA, like some of its sister authorities, also publishes a multi-year priority plan in what is known as a Single Programming Document (SPD). Both the AWPs and SPDs are of relevance to national competent authorities (NCAs) and more importantly to the relevant firms within the scope of ESMA’s and NCA’s regulatory and supervisory mandate. 

On 31 January 2025 ESMA published its SPD i.e., the 2026-2028 Programming Document.Available here.Show Footnote The SPD for 2024-2026 was published on 31 January 2024. Both SPDs build upon the longer-term ‘ESMA Strategy 2023-2028,’ published in October 2022.Available here.Show Footnote Markets and geopolitical realities have however certainly changed considerably since then.

As with ESMA’s 2025 AWP, the 2026-2028 SPD, which also hints at what will be in the SPD for 2027-2029, sets out what, how and by when ESMA will advance certain key priorities, publications (in particular technical standards and guidelines) as well as operationalisation of ESMA’s new mandates that extend or refine how it directly supervises various types of market participants.

Like with the 2025 AWP, the 2026-2028 SPD also in numerous instances indicates that ESMA will, within the aspects in its control, advance points raised in its Position Paper “Building More Effective and Attractive Capital Markets in the EU” (the ESMA CMU Position Paper).Available here – see standalone coverage on that position paper in “Deciphering the Draghi Report plus Lessons from the Letta Report and Policymakers Responses in the context of the Single Market for Financial Services” from our EU RegCORE.Show Footnote This is certainly the case concerning ESMA’s contribution to the completion of the EU’s Capital Markets Union (CMU), albeit now with the current (less catchy but perhaps more (national) politically palatable) rebrand as an “European Savings and Investment Union (E-SIU)”.

As in previous publications, ESMA’s SPD for 2026-2028 is structured to address the evolving market context, legislative and regulatory changes as well as technological advancements impacting the financial services sector and those financial market participants within its mandate. As a regulator, ESMA is the gatekeeper of parts of the Single Rulebook for financial services and is tasked with ensuring regulatory and supervisory convergence among NCAs and across markets. Accordingly, ESMA shapes how NCAs apply the legislative and regulatory requirements as well as ESMA’s expectations in the supervision of financial market participants within ESMA’s mandate. That being said, ESMA also directly supervises credit rating agencies (CRAs), trade repositories (TRs), securitisation repositories (SRs), data reporting service providers (DRSPs), certain benchmark administrators EU and systemically important third-country central counterparties (CCPs). As of 2025, ESMA will begin with the selection of consolidated tape providers (CTPs), supervised as DRSPs and ESMA will, in the context of the EU’s Regulation for a Digital Operational Resilience Act (DORA),DORA aims to enhance digital operational resilience across the financial sector. Supervised firms must focus on effective implementation, fostering cooperation among stakeholders and addressing emerging risks. ESMA will oversee Critical Third-Party Providers (CTPPs) to promote convergence and strengthen digital operational resilience. Firms should prepare for new tasks and powers conferred on ESMA related to DORA, including implementing a cyber-incident report system and developing supervisory convergence tools. On 1 October 2024, ESMA and its sister ESAs announced the appointment of Marc Andries as DORA Joint Oversight Director. This role will be responsible for implementing and running the oversight framework for CTPPs at a pan-European scale. Mr. Andries has held senior responsibilities in the areas of ICT project management, oversight and supervision, including at France’s NCAs.Show Footnote equally oversee designated critical third-party service providers (CTPPs) jointly with its sister European Supervisory Authorities (ESAs), the European Banking Authority (b) and the European Insurance and Occupational Pensions Authority (EIOPA).

This Client Alert discusses the relevant issues and key legal and regulatory considerations for relevant market participants stemming from the 2026-2028 SPD. This Client Alert should be read together with other thematic deep dives on reforms and developments as well as our standalone analysis of all relevant 2025 work programmes from the European Commission, the ESAs as well as those of the Banking Union authorities (ECB-SSM and SRB). Readers may also find benefit in consulting “Navigating 2025”, a comprehensive playbook providing a more granular annual outlook from PwC Legal’s EU RegCORE on the forthcoming regulatory policymaking agenda, the supervisory cycle and assessment of any commonalities and trends across plans for 2025 and beyond.

Key takeaways from ESMA’s 2026-2028 SPD

As in previous years ESMA uses its 2026-2028 SPD to outline its strategic priorities and communicate a comprehensive roadmap plus resourcing plan for ESMA's activities and publications. Primarily, these publications take the form of Guidelines, Implementing Technical Standards (ITS) and Regulatory Technical Standards (RTS) that are mandated to be published along with other rulemaking instruments and statements (Q&As, Opinions and Supervisory Briefings) setting out ESMA’s supervisory expectations as addressed to NCAs and market participants. ESMA expects that firms stay abreast of these communications and expectations to ensure compliance and avoid potential enforcement actions.

While the ESMA’s SPD 2026-2028 general direction of travel is in keeping with previous AWPs and SPDs, the 108 pages of this current SPD details what it plans to do with respect to (a) strategic priorities and thematic drivers as well as (b) key regulated sectors and entities (both within its direct supervisory mandate as well as where ESMA coordinates the activities of NCAs):

The SPD 2026-2028’s strategic priorities and thematic drivers – which include:

1.   Effective markets and financial stability:

ESMA aims to contribute to the development of a meaningful, proportionate and effective Single Rulebook (certainly for the Chapters) within its remit. This includes ESMA assisting in:

  • Development of the CMU to a Savings and Investments Union (E-SIU): ESMA will support (i) the creation of an integrated Single Market in financial services by promoting global standards and (ii) the E-SIU’s efforts on re-focusing priorities from previous ESMA AWPs and CMU and action plans. 
  • Future-proofing the Single Market for financial services: ESMA will lead on the selection, authorisation, and supervision of consolidated tape providers, the establishment of a one-stop shop for financial disclosures in the European Single Access Point (ESAP) and the transition to a shorter settlement cycle (T+1), which ESMA has recommend is achieved by what it considers to be the “optimal date” of Monday 11 October 2027.While this date is one that both the EU and the UK will aim to move to, including in a bid to avoid the difficulties of such a substantial project going live in November or December or the first Monday in October as that would be the first Monday after quarter-end, 11 October 2027 is not only a U.S. public holiday (Columbus Day/Indigenous Peoples’ Day), however most US markets have historically and will presumably remain open for that day, but equally a Canadian public holiday (Thanksgiving Day), where most Canadian markets are closed but also a religious holiday (start of Yom Kippur). While September has historically had more down markets, October has historically been the month of global market crashes (The Bank Panic of 1907, the Stock Market Crash of 1929 and Black Monday 1987).Show Footnote The compression of the settlement cycle to T+1 aims to reduce risk in the system, which should translate into lower margin requirements, reduced costs and improve the competitiveness of EU markets. 
  • Risk monitoring and financial stability: ESMA will continuously monitor market developments and new financial activities to assess risks to investors, markets and financial stability. This includes bi-annual Trends, Risks and Vulnerabilities (TRV) reports and the ESMA Market Report series. ESMA also plans in line with the EMIR 3 reforms to focus on enhancing CCP resilience by updating the CCP rulebook, conducting CCP stress tests, promoting supervisory convergence, including by conducting peer reviews of CCP supervision by NCAs as well as establishing and chairing a Joint Monitoring Mechanism (JMM) to monitor clearing developments and interconnectedness risks.

2.   Effective supervision:

One of ESMA’s core objectives includes promoting a common, effective, risk-based, data-driven and outcome-focused supervisory and enforcement culture across EU supervisors and more efficiency in the regulatory framework (including reflecting and delivering upon recommendations from the Draghi and Letta Reports).See coverage available here.Show Footnote Key activities during the 2026–2028 period (and indeed in further SPDs and AWPs) include a focus on:

  • New mandates: ESMA will experience a significant evolution in the coming years as new entities will fall under its remit including Consolidated Tape Providers (CTPs), external verifiers of EU Green Bonds and ESG rating providers. ESMA will in addition have an enhanced role as regards EU CCPs. Together with the other European Supervisory Authorities, ESMA is also establishing a joint team to oversee critical ICT third-party providers and contribute to strengthen the resilience of the financial system to information security risk in line with DORA. Under CSDR Refit changes, ESMA will also participate in supervisory colleges of certain central securities depositories (CSDs). More crucially ESMA has a number of tasks on its to do list as part of the full operationalisation of the EU’s legislative, regulatory and supervisory framework, since 30 December 2024 under the Markets in Crypto-Assets Regulation (MiCAR) and since 17 January 2025 on DORA – details of which are discussed in dedicated coverage in a series of Client Alerts. 
  • Amendments to existing direct supervision: ESMA will make targeted amendments in how and whom it directly supervises Credit Rating Agencies (CRAs), Trade Repositories (TRs), Securitisation Repositories (SRs), Benchmark Administrators and certain Data Reporting Service Providers (DRSPs). These firms may face more rigorous and data-driven supervision, requiring ever more robust internal controls and compliance systems. ESMA also expects these firms to place a greater emphasis on mitigating supervisory risks, necessitating proactive risk management and compliance strategies.
  • Supervisory convergence: ESMA plans to step up its work with NCAs to further develop a common understanding of key risks and promote effective supervisory practices and more consistent enforcement actions across the EU.

3.   Retail investor protection:

Another core task of ESMA is achieving greater convergence and consistency in NCAs’ supervisory approaches and practices related to investor protection, particularly in light of technological developments and the evolution of the sustainable finance framework. This includes:

  • Monitoring retail investor trends: ESMA will make greater use retail risk indicators to identify potential causes of consumer and investor harm and review product-related consumer trends. ESMA will increased scrutiny on financial services firms’ marketing practices, especially those involving social media and innovative products and together with NCAs be clearer in requiring firms to adopt transparent and compliant marketing strategies.
  • Simplification of disclosures: ESMA will increase its efforts to ensure that financial services firms and market participants use simplified disclosures and clear language to enhance retail investor participation in capital markets. Furthermore, financial services firms must be prepared for potential regulatory changes under the Retail Investment Strategy (RIS)The EU’s RIS is a comprehensive framework aimed at enhancing the participation of retail investors in the financial markets. This strategy is designed to ensure that retail investors have access to a wide range of investment opportunities, while also being protected through robust regulatory measures. The primary objectives of the strategy include increasing transparency, improving financial literacy and ensuring that retail investors receive fair treatment. One of the key components of the RIS is the emphasis on transparency. This involves providing retail investors with clear and comprehensible information about investment products, including their risks and costs. The strategy mandates that financial institutions disclose all relevant information in a manner that is easily understandable, enabling investors to make informed decisions. Additionally, the strategy seeks to enhance the comparability of different investment products, allowing investors to evaluate their options more effectively. Improving financial literacy is another crucial aspect of the RIS. The EU recognises that a well-informed investor base is essential for the proper functioning of the financial markets. As such, the strategy includes initiatives aimed at educating retail investors about the basics of investing, the risks involved and the importance of diversification. These educational efforts are intended to empower investors to take control of their financial futures and make decisions that align with their long-term goals. Ensuring fair treatment of retail investors is also a central tenet of the strategy. This involves implementing measures to prevent conflicts of interest and ensuring that financial advisors act in the best interests of their clients. The strategy includes provisions for stricter oversight of financial advisors and the introduction of standards for professional conduct. By fostering a culture of integrity and accountability, the EU aims to build trust in the financial system and encourage greater participation from retail investors.Show Footnote, including new disclosure requirements and principles on cost transparency. 

4.   Sustainable finance:

ESMA remains committed to facilitating the EU’s transition towards a more sustainable economy, promoting high-quality sustainability disclosures and addressing greenwashing risks. This includes specifically:

  • Addressing greenwashing risks: ESMA will monitor and mitigate greenwashing risks in the funds industry and promote high-quality sustainability disclosures.
  • Enhancing ESG expertise: ESMA will support the development of supervisors’ ESG expertise through targeted training and capacity-building initiatives.

5.   ESMA’s effective use of data and technological innovation:

During 2026 to 2028, ESMA aims to deliver on its Data Strategy and enhance its role as a data hub plus data driven regulator, improve data access and quality and leverage technological innovations such as artificial intelligence (AI) and blockchain for supervisory purposes. Key initiatives include:

  • ESMA’s delivery of its “Data Strategy” and role as a data hub: is set to grow through the implementation of the subsequent phases of the ESAP for financial market information. ESAP aims to help enhance market transparency and promote investor protection. ESMA will, as part of its wider Data Strategy progress with implementing integrated reporting envisaged under the AIFMD and UCITS Directives. This serves to reduce compliance costs for market participants and enhance the quality of data for relevant authorities notably for UCITS where a new EU-wide reporting regime is to be established. Moreover, the creation of a CCP supervisory database under EMIR 3 and the expansion of ICT systems resulting from reforms from the MiFIR review will trigger compliance action points by financial services firms as well as ESMA’s own organisational set-up
  • Development of the ESMA Data Platform: This platform will integrate data from various sources to improve risk monitoring and supervisory convergence. Equally, as a result of RIS, ESMA may need to develop benchmarks and tools allowing the comparison of information on the cost and performance of investment funds, to facilitate retail investors’ access to information on whether investment products offer good value for money
  • AI-powered tools for supervision: ESMA will explore the use of AI for anomaly detection and market abuse prevention.

ESMA’s priorities in the SPD 2026-2028 for key regulated sectors and entities:

A.   Investment management:

ESMA will focus on the development of the Single Rulebook for the investment management sector, including AIFMD, UCITS, MMF Regulation and SFDR. Notable activities include:

  • Guidelines on fund suspensions: ESMA will develop guidelines for NCAs on the activation of fund suspensions. Enhanced stress testing and risk monitoring will require firms to strengthen their liquidity and leverage management practices.
  • Tackling greenwashing: A project on tackling greenwashing risk in the sustainable investment fund market will be finalised. Firms must comply with new guidelines on fund suspensions, greenwashing risk management and integrated supervisory data collection.

B.   Investment services:

ESMA will continue to develop the single rulebook for the investment services sector, focusing on retail investor protection and supervisory convergence. Key activities include:

  • Mystery shopping exercises: Increased coordination of mystery shopping exercises to assess services provided to retail clients. An increased focus on cross-border investment services will require firms to enhance their compliance with EU-wide supervisory practices.
  • Prudential regime for investment firms: Cooperation with the EBA on the development of the prudential regime for investment firms and new technical standards which may require some firms to review and possibly adjust their capital and risk management framework.

C.   Issuer disclosure standards:

ESMA will promote supervisory convergence in financial and sustainability reporting, the EU’s Prospectus Regulation framework and corporate governance. Enhanced disclosure requirements under the Prospectus Regulation and the Listing Act’s reforms will necessitate more comprehensive and transparent reporting. Some firms must equally further align their reporting practices with updated European Sustainability Reporting Standards (ESRS) and International Financial Reporting Standards (IFRS). ESMA’s key activities include:

  • Annual European common enforcement priorities (ECEP): Supervisory convergence through ECEP and subsequent reporting.
  • Support for digital reporting requirements: Implementation of new digital reporting requirements under the European Single Electronic Format (ESEF).

D. Market integrity:

ESMA will step up its focus on monitoring market developments, enhancing coordination under the Market Abuse Regulation (MAR) and the Short Selling Regulation (SSR). Firms must ensure robust market surveillance and compliance with MAR and SSR requirements. Increased scrutiny by ESMA and NCAs on social media and AI in trading may require some firms to adopt advanced monitoring and compliance tools.

Outlook and next steps

In light of ESMA’s 2025 AWP but also the communicated outlook set out in the 2026-2028 and the 2027-2029 SPDs, financial services firms and market participants must prepare for a more rigorous and harmonised regulatory environment. The stronger emphasis on supervisory convergence and the implementation of new legislative frameworks such as DORA and MiCAR may necessitate significant adjustments in compliance strategies for some firms and market participants. 
Accordingly, stakeholders may wish for forward plan for ESMA’s actions and in particular increased scrutiny for existing but also new mandates from both ESMA and NCAs, in particular in areas such as digital operational resilience, sustainable finance and retail investor protection. Firms should also expect more frequent and more rigorous use of ESMA-coordinated common supervisory actions, including joint on-site inspections and collaborative efforts within Colleges of Supervisors.

Given the above, it is imperative that all firms (not just those subject to direct ESMA supervision) proactively engage with these legislative, regulatory and supervisory developments, ensuring that their internal controls, governance structures and IT systems are robust and compliant with the evolving standards and expectations.

About us

PwC Legal is assisting a number of financial services firms and market participants in forward planning for changes stemming from relevant related developments. We have assembled a multi-disciplinary and multijurisdictional team of sector experts to support clients navigate challenges and seize opportunities as well as to proactively engage with their market stakeholders and regulators.

In order to assist firms in staying ahead of their compliance obligations we have developed a number of RegTech and SupTech tools for supervised firms. This includes PwC Legal’s Rule Scanner tool, backed by a trusted set of managed solutions from PwC Legal Business Solutions, allowing for horizon scanning and risk mapping of all legislative and regulatory developments as well as sanctions and fines from more than 2,500 legislative and regulatory policymakers and other industry voices in over 170 jurisdictions impacting financial services firms and their business.

Equally, in leveraging our Rule Scanner technology, we offer a further solution for clients to digitise financial services firms’ relevant internal policies and procedures, create a comprehensive documentation inventory with an established documentation hierarchy and embedded glossary that has version control over a defined backward plus forward looking timeline to be able to ensure changes in one policy are carried through over to other policy and procedure documents, critical path dependencies are mapped and legislative and regulatory developments are flagged where these may require actions to be taken in such policies and procedures.

The PwC Legal Team behind Rule Scanner are proud recipients of ALM Law.com’s coveted “2024 Disruptive Technology of the Year Award”. 

If you would like to discuss any of the developments mentioned above, or how they may affect your business more generally, please contact any of our key contacts or PwC Legal’s RegCORE Team via de_regcore@pwc.com or our website.

Contact us

Dr. Michael Huertas

Partner Frankfurt am Main
Financial Services

Tel.  +49 160 97375760

Email  E-Mail

Show profile

Other Expert Articles and Blogs

Financial Services
Back to the drawing board? European Commission rejects DORA subcontracting RTS
  • 05 Feb 2025
  • 9 min read
Financial Services
European Commission and ESMA publish Guidance on non-MiCAR compliant ARTs and EMTs
  • 24 Jan 2025
  • 7 min read
Financial Services
MiCAR – Final RTS specifying certain requirements in relation to the detection and prevention of crypto-asset related market abuse
  • 22 Jan 2025
  • 15 min read
All Expert Articles and Blogs