ESMA releases 2024 Annual Report – Key developments, regulatory initiatives and strategic priorities

RegCORE Client Alert | Capital Markets Union

QuickTake

The European Securities and Markets Authority (ESMA) published its 2024 Annual Report in June 2025 (the Report), providing a comprehensive overview of its regulatory, supervisory and policy activities throughout 2024. This was a period of significant transition and regulatory intensification within the EU financial markets landscape. The Report highlights the adoption and implementation of a suite of new legislative acts, including the EU’s Digital Finance Package (notably MiCAR and DORA), EMIR 3, the MiFIR/MiFID II Review, the Listing Act and the AIFMD Review. This legislative activity, combined with a new European Parliament and Commission, prompted a recalibration of priorities towards market efficiency, competitiveness, technological innovation and sustainability. Despite resource constraints and a high volume of new legislative mandates, ESMA explained it had achieve a 91.3% completion rate of its priorities it had set itself in its 2024 Annual Work Programme.

As explored in this Client Alert, the Report also reiterates ESMA’s supervisory priorities for 2025 See also standalone coverage on ESMA’s priorities in its 2025 Annual Work Programme here and for 2026-2028 here.Show Footnote and should thus also be read together with our standalone coverage on individual developments raised in the Report as well as in similar annual reports published by the other European Supervisory Authorities (ESAs) as well as “Navigating 2025” setting out how these interact with plans of other authorities.Available here.Show Footnote

Key takeaways from the Report

The Report focuses on a number of headline issues that ESMA advanced during 2024. These include:

Capital Markets Union (CMU) and market efficiency

The Report places renewed emphasis on the evolution of the CMU and the emerging concept of the Savings and Investment Union (SIU), reflecting a strategic shift in the EU’s approach to capital markets integration. The Report highlights the European Commission’s ambition to recast the CMU as the SIU, aiming to create stronger, more unified and efficient EU financial markets that can better channel savings into productive investment and thus support European competitiveness and strategic autonomy. As set out in the Report, ESMA’s SIU position paper, published in May 2024, sets out a number of recommendations to strengthen EU capital markets, focusing on the needs of citizens, companies and the regulatory framework. These recommendations go beyond regulatory tweaks, advocating for a comprehensive transformation to make European capital markets more effective and attractive.

Another key initiative in 2024 was ESMA’s proposal to shorten the securities settlement cycle from T+2 to T+1, with a target migration date of 11 October 2027. This move is designed to enhance market efficiency, reduce counterparty risk and align the EU with global best practices. ESMA’s report on the costs and benefits of this change underscores the complexity of the transition and the need for dedicated governance involving ESMA, the European Commission and the European Central Bank (ECB).

Market efficiency is further addressed through the implementation of the MiFIR/MiFID II Review, which introduces concepts to support the operation of consolidated tape providers (CTPs) for bonds, shares, ETFs and OTC derivatives. The establishment of consolidated tapes is expected to reduce information asymmetry, improve price transparency and foster more integrated and competitive EU capital markets. ESMA’s work in 2024 included the delivery of technical standards and the launch of the first selection procedure for the bond CTP, as well as new standards for data quality, revenue redistribution and market data provision.

ESMA also continues to focus on reducing reporting burdens and streamlining data collection, aiming to leverage transaction reports for multiple regulatory purposes. This is part of a broader data strategy to optimise the use of financial market data, reduce compliance costs and enhance supervisory oversight.

The Report also acknowledges persistent challenges, such as the high cost of EU investment funds relative to international peers and the need for greater economies of scale. ESMA’s analysis points to market inefficiencies and fragmentation, reinforcing the urgency of the SIU agenda.

In terms of further implications for firms this may mean: 

• Strategic alignment: Some firms may wish to step up how they align their business models and compliance frameworks with the evolving objectives of the CMU and SIU, anticipating a more unified and competitive EU capital market environment. 
• Operational readiness for T+1 settlement: The transition to a T+1 settlement cycle by 11 October 2027 will require significant operational adjustments, including upgrades to post-trade systems, changes to internal processes and enhanced coordination with counterparties and infrastructure providers.
• Data and transparency requirements: The introduction of consolidated tapes and enhanced transparency regimes will likely increase the volume and granularity of data that firms must report and consume. Firms should invest in data management systems capable of meeting new standards for accuracy, timeliness and accessibility.
• Cost competitiveness: With ESMA highlighting the high costs of EU funds and the need for greater market efficiency, some firms should expect continued regulatory and supervisory pressure to reduce costs, improve transparency and achieve economies of scale.
• Engagement in governance and market structure reforms: A number of firms may actively want to participate in industry consultations and governance arrangements related to the implementation of T+1 settlement, consolidated tapes and other market structure reforms to ensure their operational realities and interests are considered.

Supervisory convergence and effective supervision

ESMA increased its supervisory convergence efforts across Member States by developing common high-level supervisory principles and conducting common supervisory actions (CSAs) on key topics such as marketing communications, data quality and ESG disclosures. ESMA equally published a comprehensive analysis of enforcement and sanctioning practices across the EU, highlighting the need for greater convergence in sanctioning and enforcement. ESMA is clear that the lack of additional resources available to it may translate into stricter prioritisation and potentially less regulatory forbearance for existing and new mandates. Firms should therefore not expect leniency due to ESMA’s (continued) supervisory overload. 

ESMA in 2024 equally intensified preparations for taking up its new supervisory mandates. This includes oversight of EU green bond verifiers, ESG rating providers, CTPs and enhanced its supervision of third-country central counterparties (CCPs). 

A more overarching central theme in the Report is ESMA’s transformation into a data-driven supervisor. The migration to a new ‘big data’ platform, the development of advanced risk dashboards and the integration of AI-powered tools are all designed to enhance market monitoring, risk detection and supervisory efficiency. The implementation of DORA and the focus on digital operational resilience further raise the bar for ICT risk management and incident reporting.

In terms of further implications for firms this may mean: 

• Cross-border consistency: As supervisory convergence intensifies, firms operating in multiple Member States should expect less tolerance for regulatory arbitrage and greater scrutiny of their compliance frameworks. The move towards common supervisory principles and outcome-based supervision will require firms to ensure that their internal controls, governance and risk management systems are robust, consistent and aligned with EU-level expectations.
• Direct Supervision: Entities falling under ESMA’s growing direct supervision mandate (e.g., CTPs, ESG rating providers) should expect a data-driven, risk-based and outcome-focused approach, with less tolerance for non-compliance. 
• Peer Reviews and CSAs: Firms should anticipate thematic reviews and sector-wide supervisory actions, particularly in areas of perceived risk (e.g., marketing communications, ESG disclosures, digital resilience).
• Adaptation to data-driven supervision: The shift towards data-driven and risk-based supervision means that firms must prioritise data quality, invest in their data management, reporting and ICT risk. The expectation is for high-quality, timely and accurate data submissions, as well as demonstrable operational resilience. Firms should prepare for more intrusive and technologically sophisticated supervisory interventions, including the use of SupTech and RegTech tools by ESMA and NCAs.

Sustainable finance and ESG integration

ESMA’s work on sustainable finance is intensifying, with a focus on simplifying the regulatory framework, enhancing the quality of ESG disclosures and combating greenwashing. ESMA contributed to the development of the EU sustainable finance regulatory framework, including recommendations to improve the investor journey, product categories and ESG data quality.

ESMA issued guidelines on the use of ESG and sustainability-related terms in fund names to mitigate greenwashing risks, requiring funds to allocate at least 80% of investments to assets meeting sustainability criteria. ESMA published a final report on greenwashing, set out recommendations for enhanced supervision and continued to coordinate supervisory actions on ESG disclosures. 

The first EU-wide climate stress test for the financial sector was conducted in collaboration with other European authorities, assessing the impact of climate scenarios and providing recommendations for financial institutions to enhance climate risk resilience.

In terms of further implications for firms this may mean: 

• Firms marketing ESG or sustainability-related products: must ensure that their disclosures are clear, substantiated and not misleading. The risk of enforcement action for greenwashing is rising and firms should expect both thematic reviews and targeted investigations. The integration of sustainability risks into governance, product design and client communications is now a regulatory expectation, not a best practice
• Product governance: The integration of sustainability risks into suitability assessments and product governance is now a supervisory priority. Firms must embed ESG considerations into their processes and be able to evidence compliance. 
• Data and disclosure: The increasing focus on data quality, taxonomy alignment and the use of the European Single Access Point (ESAP) will require firms to invest in data management and reporting capabilities.

Technological innovation and digital operational resilience

ESMA, together with the other ESAs, completed preparations for the entry into application of the EU’s Digital Operational Resilience Act (DORA) in January 2025, delivering technical standards and establishing a joint oversight framework for critical ICT third-party providers. 

The authority also delivered over 30 technical standards and guidelines under the Markets in Crypto-Assets Regulation (MiCAR), focusing on investor protection, market abuse prevention and the classification and regulation of crypto-assets. The establishment by ESMA of an EU-level monitoring tool for crypto markets and the focus on market integrity, transparency and investor protection in digital assets are key deliverables that ESMA highlights in the Report. 

ESMA advanced its data strategy, migrating all datasets and analytical tools to a new big data platform, enhancing data accessibility for national competent authorities (NCAs) and supporting integrated monitoring of crypto-asset markets. 

In terms of further implications for firms this may mean: 

• Operational resilience: DORA’s requirements on ICT risk management, incident reporting and third-party oversight will require significant investment in systems, controls and governance. Firms must be prepared for both regulatory scrutiny and potential joint examinations by ESAs.
• Crypto-assets and DeFi: The full application of MiCAR brings crypto-asset service providers, issuers and those with crypto-asset exposures into this new regulatory perimeter, with ESMA focusing its scrutiny on authorisation, market integrity and risk monitoring along with client disclosures. Firms in this space must ensure robust compliance frameworks and anticipate evolving supervisory expectations.
• AI and data use: Firms leveraging AI in investment services must ensure transparency, fairness and accountability, as highlighted by ESMA’s public statements. The use of AI will not exempt firms from MiFID II obligations.

Retail investor protection, market conduct and financial stability

The Report details ESMA’s initiatives to enhance retail investor protection, including the monitoring of costs and charges, the supervision of marketing practices and the issuance of warnings on social media (and (f)influencer-driven) investment recommendations, especially on crypto-assets, and provided guidance on the use of artificial intelligence in retail investment services. The focus on aggressive marketing, misleading sustainability claims and inadequate risk disclosures is particularly notable. 

In keeping with observations summarised above, ESMA equally published its seventh annual report on the performance and costs of retail investment products, highlighting persistent high costs in EU funds and the need for greater market competitiveness.

In flexing its own muscle, ESMA also stepped up its conduct of mystery shopping exercises and CSAs on marketing communications, identifying risks such as aggressive marketing and misleading sustainability claims. ESMA expressly enhanced its data-driven supervision, developing risk dashboards and indicators for early detection of risks and emerging market trends. 

On the financial stability front ESMA’s mandated led to it publishing its fifth EU-wide CCP stress test, confirming the resilience of EU and third-country CCPs to credit and liquidity risks, while identifying areas for improvement in concentration risk coverage. ESMA equally continued to monitor trends, risks and vulnerabilities in EU financial markets, publishing biannual reports and conducting in-depth research on topics such as real estate market exposures, social media sentiment and the growth of neo-brokers.

In terms of further implications for firms this may mean: 

• Marketing Practices: Firms must ensure their retail distribution strategies, marketing materials and client communications are fair, clear and not misleading, with particular attention to sustainability claims and risk disclosures. 
• Use of AI in retail investment services: is under scrutiny and firms must ensure transparency, fairness and accountability in AI-driven decision-making. The risk of regulatory intervention in cases of poor conduct or consumer detriment is high.
• Cost transparency: The high cost of EU funds relative to international peers is under scrutiny. Firms should expect continued pressure to reduce costs and improve transparency. 
• Cross-Border Services: The monitoring of cross-border investment services and complaints data signals a move towards more effective supervision of firms operating across Member States. 

Data infrastructure and reporting

ESMA’s data strategy aims to reduce reporting burdens, streamline data collection and enhance the use of supervisory data. The authority’s migration to a new data platform and the development of dashboards for NCAs are part of this effort. So too are the aims of streamlining reporting requirements to reduce the burden on market participants. Specifically, ESMA contributed to the development of the ESAP, aiming to simplify access to financial and sustainability data for investors, regulators and industry.

In terms of further implications for firms this may mean:

• Reporting simplification: While ESMA aims to reduce duplicative reporting, firms must ensure that their systems can adapt to new data requirements and leverage transaction data for multiple purposes. 
• Data quality: Enhanced data-driven supervision means that poor data quality will be quickly identified and may trigger supervisory action. 
• Operational efficiency: Firms should look for opportunities to align their internal processes with ESMA’s digitalisation efforts, potentially reducing compliance costs over time. 

ESMA’s organisational development, governance and stakeholder engagement

ESMA maintained strong engagement with EU institutions (including beyond the ESAs), international bodies and stakeholders and continued to invest in digitalisation and IT infrastructure during 2024. 

Equally, ESMA launched its first people strategy to attract and develop talent, enhance diversity and inclusion and support organisational agility. However, the Report notes that many new mandates have not been accompanied by additional resources, requiring ESMA to prioritise and redeploy staff. As highlighted above, this may result in a more risk-based and targeted approach to supervision, with a focus on areas of greatest systemic importance or consumer risk. 

ESMA’s strategic priorities for 2025

Looking ahead, ESMA uses the Report to reiterate its 2025 strategic priorities, which include:

• Advancing the SIU and further integration of EU capital markets;
• Enhancing supervisory convergence and effective (indirect but equally direct) supervision, including new mandates and powers to be exercised by ESMA and NCAs under DORA and MiCAR;
• Supporting the transition to sustainable finance and improving ESG data quality and disclosures;
• Strengthening operational resilience and cybersecurity across financial markets; and
• Promoting data-driven supervision and reducing reporting burdens through digital innovation.

Outlook

The Report underscores ESMA’s commitment to regulatory efficiency, market integrity, investor protection and innovation. ESMA’s work in 2024 has laid the groundwork for a more unified, resilient and sustainable EU financial market. However, the layering of new as well as cumulative impact with existing regulations and supervisory expectations increases compliance complexity and costs for firms in light of evolving risks and resource constraints. Many may want to invest in regulatory change management and horizon scanning capabilities. The same is true for firms embracing sustainability and digitalisation as strategic priorities: These are now very much not just compliance issues but strategic imperatives. Firms that fail to adapt may face not only regulatory sanctions but also competitive disadvantage(s).

ESMA’s repeat and candid discussion on its resource constraints and the need to reprioritise its work programme is perhaps a double-edged sword for firms. On one hand, it may mean that some areas receive less immediate attention; on the other, it increases the likelihood that high-risk or high-profile issues will be pursued aggressively. Firms should expect ESMA and NCAs to prioritise supervisory resources towards high-risk firms, products and/or market segments. This may mean more intensive scrutiny for systemically important or innovative firms and a greater reliance on data-driven risk assessments to determine supervisory priorities.

In a similar manner, while ESMA’s driving of regulatory and supervisory convergence is welcome for market integrity, there is a risk that convergence that advances a “one-size-fits-all” approach may not adequately account for firm size, business model and/or risk profile. Some firms may wish to engage with ESMA and NCAs to advocate for proportionality where appropriate. Equally, even with greater convergence efforts and Europeanisation/centralisation of ESMA’s evolving mandate, NCAs will still retain significant discretion, particularly in enforcement and sanctioning powers. Firms must be alert to both EU-level and national developments and ensure consistent compliance across jurisdictions.

In terms of ESMA becoming more quick to bear its own teeth (outside of “just” CSAs), the publication of consolidated enforcement data and the focus on sanctions convergence suggest a more transparent and potentially more punitive enforcement environment. Some firms may wish to review their past compliance issues and remediate proactively.

In conclusion, the Report signals a step-change in the regulatory and supervisory environment for EU financial markets that are becoming more complex, data-driven and outcomes-focused. ESMA uses the Report to recommunicate its expectations that firms respond with enhanced compliance frameworks, greater investment in data and technology and a proactive approach to sustainability and investor protection. The direction of travel is clear: higher standards, greater transparency and a more integrated and intrusive supervisory regime. Firms that anticipate and adapt to these changes will be best placed to thrive in the evolving EU financial landscape.

About us

PwC Legal is assisting a number of financial services firms and market participants in forward planning for changes stemming from relevant related developments. We have assembled a multi-disciplinary and multijurisdictional team of sector experts to support clients navigate challenges and seize opportunities as well as to proactively engage with their market stakeholders and regulators.

Moreover, we have developed a number of RegTech and SupTech tools for supervised firms, including PwC Legal’s Rule Scanner tool, backed by a trusted set of managed solutions from PwC Legal Business Solutions, allowing for horizon scanning and risk mapping of all legislative and regulatory developments as well as sanctions and fines from more than 2,500 legislative and regulatory policymakers and other industry voices in over 170 jurisdictions impacting financial services firms and their business.

Equally, in leveraging our Rule Scanner technology, we offer a further solution for clients to digitise financial services firms’ relevant internal policies and procedures, create a comprehensive documentation inventory with an established documentation hierarchy and embedded glossary that has version control over a defined backward plus forward looking timeline to be able to ensure changes in one policy are carried through over to other policy and procedure documents, critical path dependencies are mapped and legislative and regulatory developments are flagged where these may require actions to be taken in such policies and procedures.

The PwC Legal Team behind Rule Scanner are proud recipients of ALM Law.com’s coveted “2024 Disruptive Technology of the Year Award” and the “2025 Regulatory, Governance and Compliance Technology Award in 2025”.

If you would like to discuss any of the developments mentioned above, or how they may affect your business more generally, please contact any of our key contacts or PwC Legal’s RegCORE Team via de_regcore@pwc.com or our website.