Why is role-based continuing education becoming mandatory for executives?

Regulators are increasingly expecting demonstrable expertise by function. DORA, MaRisk, EU AI Act, and ESG shift responsibility directly onto the board, management, and supervisory board. General training is no longer sufficient.

What personal liability arises from DORA and the EU AI Act?

DORA obliges executives to ensure digital resilience. The EU AI Act extends liability to incorrect AI decisions. Not only system outages but also erroneous AI decisions can be liability-relevant.

Why is classic compliance training no longer sufficient?

Classic training is usually too general. Today, regulators check whether the competency required for a role is demonstrably available. Participation certificates without a role context offer no protection against liability.

What role does ESG (CSRD) play in liability and financing?

From 2026, ESG risks are subject to audit and rating. Lack of integration of climate and sustainability risks can lead to financing losses, reputational damage, and personal liability of management.

How does S+P Executive Education support liability protection?

S+P Executive Education offers role-based programs with practical tools, governance models, and certification. Executives receive reliable proof of their expertise for regulators, auditors, and the market.

MiFIR Review 2026: New RTS/ITS on Market Data, Transparency, and CTP

Written by Andreea Pop on 8. February 2026. Posted in Uncategorized.

The Financial Instruments Regulation (MiFIR) is the central element of European financial market regulation and is at the center of the current revision.

The new MiFIR review regulations have a special impact by increasing market transparency and strengthening the competitiveness of EU capital markets.

The application of the new regulations begins in stages from March 2024. A complete implementation is not expected until the second quarter of 2026.

The MiFIR Review was announced by the European Commission in February 2020. The final changes were published on March 28, 2024, in the EU Official Journal.
Initial measures will come into force in March 2024, with more to follow by 2027.

The aim of the MiFIR Review is to improve market transparency and efficiency and to sustainably strengthen the global competitiveness of EU capital markets.

1. Entry into Force and Commencement of Application

Delegated Regulation (EU) 2025/1156 (Market Data / Reasonable Commercial Basis): Comes into effect on November 23, 2025; applicable to trading venues, APAs, and SIs licensed before November 23, 2025 from August 23, 2026. Legal adjustments and transition periods arising from European and national legal requirements, particularly the Securities Trading Act (WpHG) and the Stock Exchange Act (BörsG), must be taken into account; integration of the new regulations into national law plays a central role.

Delegated Regulation (EU) 2025/1143 (APA/ARM/CTP Licensing & Organization): Comes into effect on November 23, 2025, without further deferred application in the closing provisions.

Delegated Regulation (EU) 2025/1246 (Amendment to Regulation (EU) 2017/583 and 2017/587 – Transparency for Non-equities and Equities): Comes into effect on November 23, 2025; individual articles are only applicable from March 2, 2026.

Delegated Regulation (EU) 2025/1155 (CTP Input/Output, Clock Synchronization, Revenue Sharing): Comes into effect on November 23, 2025; the Clock Sync Rules (Art. 11–16) are only applicable from March 2, 2026.

The application of the new regulations requires national laws to be adjusted to the new EU requirements. In this context, ESMA is tasked with developing technical regulatory standards (RTS) for the MiFIR review measures.

A medium-sized securities institution is only indirectly affected by these new MiFIR legal acts, as they primarily target data provisioning services (APA, ARM, CTP), the transparency framework, and the technical design of market data; however, they may indirectly impact the institution through obligations towards trading venues, APA/ARM, designated publishing entities, and future CTPs.

2. Relevance by Legal Act

2.1. Delegated Regulation (EU) 2025/1143 (APA/ARM/CTP-RTS)

Targets APAs, ARMs, and CTPs (Licensing, organizational, and governance requirements).
The APA acts as a central registry for transaction data publication; the ARM serves compliance with reporting obligations and the harmonization of reporting standards.
New Feature: Stricter requirements for data quality, error correction, and monitoring. From January 2022 (or as part of the new regulation), ESMA assumes direct responsibility for licensing and supervision.
Relevance: Institutions must adapt their internal processes, IT infrastructure, and outsourcing control to the new standards.

2.2. Delegated Regulation (EU) 2025/1155 (Input/Output Data, Clock Sync, Revenue Sharing)

Establishes uniform data formats (ISO-20022) and timestamp requirements.
The Designated Publishing Entity (DPE) is introduced as a new category to centrally control reporting processes in the FIRDS system.
The aim is to introduce consolidated data tickers (CT) for non-discriminatory and free access to market data.
Relevance: Institutions must adjust IT latencies and timestamp granularity. As members of trading venues, they must ensure that order systems provide the correct fields.

2.3. Delegated Regulation (EU) 2025/1156 (Market Data on Reasonable Commercial Basis)

Specifies the provision of market data on a “reasonable commercial basis” (fee models, transparency).
Impact: Data users (trading, portfolio management) must check if price structures and licensing models change.
Compliance/Legal should evaluate whether new options exist for cheaper data acquisition and whether cost allocation still complies with MiFIR.

2.4. Delegated Regulation (EU) 2025/1246 (Amendments to RTS 2017/583 and 2017/587 – Transparency)

Adapts transparency rules for bonds, structured products, and equity instruments to the “transparency + consolidated tape” reform package.
Includes new LIS thresholds, liquidity classifications, and the management of waivers and deferrals.
Relevance: Adjustment of trading & best execution policy as well as pre-trade checks (algorithms, market making). Monitoring must be adjusted to the new RTS parameters.

2.5. Implementing Regulation (EU) 2025/1157 (Application Forms APA/ARM/CTP)

Establishes standard forms for the approval process with ESMA.
Relevant only if the institution itself seeks the status of an APA, ARM, or CTP (e.g., group-internal ARM).

Payment For Order Flow (PFOF) and Adjustments

The MiFIR Review will ban Payment for Order Flow (PFOF) across Europe. PFOF refers to a model where brokers forward customer orders to other market participants for a fee, potentially creating conflicts of interest. The aim of the ban is to strengthen market integrity and ensure that orders are executed based on objective criteria only. Companies must review existing commission structures and develop alternative models to avoid regulatory risks and strengthen market participants’ trust.

ESMA and the Implementation of the MiFIR Review

The European Securities and Markets Authority (ESMA) plays a key role by developing practical guidelines and supporting market participants and national authorities. It ensures that MiFIR regulations are uniformly interpreted and enforced across Europe. For companies, this means that in addition to formal requirements, they should integrate ESMA’s interpretive aids and technical standards into their internal processes. ESMA provides clarity through regular consultations and Q&A documents, enabling targeted adjustments to compliance structures.

3. Overview: New RTS/ITS and Resulting Need for Action

For a medium-sized securities institution, primarily
indirect obligations arise through roles
(trading participant, systematic internalizer, APA/ARM customer)
as well as through contracts and IT interfaces.
The legal acts themselves primarily address trading venues and data providers.

Topic	New Regulation / Need for Action
1. Market Data – Fees and Licensing Models (VO (EU) 2025/1156)	Market data contracts with exchanges, data vendors, and APA/CTP should be reviewed and renegotiated in relation to reasonable commercial basis, fee transparency, and usage rights. Internal cost and authorization concepts for market data (including future CTP feeds) should be adjusted. The EU-wide Consolidated Tape represents a central innovation of the MiFIR Review 2026.
2. Organization and Governance of APA/ARM/CTP (VO (EU) 2025/1143)	If operating an APA/ARM/CTP on your own or planning to do so, new requirements for governance, internal controls, conflicts of interest, outsourcing, and DORA evidence must be implemented. As an APA/ARM customer, outsourcing contracts and SLAs should especially be adapted regarding data quality, error correction, timestamps, and escalation processes.
3. CTP Input/Output & Clock Synchronization (VO (EU) 2025/1155)	IT systems must fulfill new requirements for timestamp granularity, permissible UTC deviations, latencies, and traceability. From March 2, 2026, verifiable clock synchronization must be ensured. In the case of SI status or own APA/ARM connection, data fields and formats should be aligned with CTP or APA specifications.
4. Transparency RTS for Equity and Non-Equity Instruments (VO (EU) 2025/1246)	Pre- and post-trade transparency rules should be adjusted to new liquidity classifications, LIS/SSTI thresholds, and changed deferral rules. Best execution policy and execution principles (including the use of future CTP data) should be updated. Static reference data (ISIN, CFI, liquidity class) should be reviewed.
5. Standardized Application Forms for APA/ARM/CTP (VO (EU) 2025/1157)	For own APA/ARM/CTP operations, approval and change notifications must be submitted using standardized ITS forms. Governance processes must ensure that reportable organizational or personnel changes are identified and reported in a timely manner.
6. Market Role & IT Alignment of a Medium-Sized Institution	Clear definition of the role as SI, APA/ARM operator, designated publishing entity (DPE), or pure data user. Securities firms can report reference data to the FIRDS system as DPEs. From an IT perspective, particularly clock synchronization, latencies, and interface requirements must be implemented.
7. Implementation in Compliance & Risk Management	Conduct an impact analysis and gap assessment against the existing MiFID/MiFIR control matrix. Develop an action plan with implementation deadlines (March 2, 2026 or August 23, 2026). Contracts and outsourcing arrangements should be systematically reviewed and categorized from a regulatory standpoint.
8. Adjustments for Institutions Without Data License	Even without a data license, transparency and best execution policies should be adjusted, timestamp and data quality requirements ensured, and market data contracts and internal cost distribution models adapted to the new requirements.
9. Additional Requirements for SI Status	Ensure that quotes and trades meet all input, data field, and latency requirements. Complete and timely reporting of all SI transactions to APA or CTP. Publication of transaction data via the APA registry to strengthen post-trade transparency.
10. Requirements as APA/ARM Customer or in-House APA/ARM/CTP	Outsourcing and SLA structures must be adapted to new RTS/ITS (KPIs, incident management, reporting, DORA). For own APA/ARM/CTP operations, complete organizational and technical implementation including revenue sharing (for CTP) must be ensured. The MiFIR review also requires detailed reporting of transaction details to a central reporting mechanism.

4. Specific Points for a Medium-Sized Securities Institution

Clarify Market Role
Check if the institution:
is a systematic internalizer in certain instruments,
operates APA/ARM (or via group),
acts as a designated publishing entity (DPE), which is particularly relevant for securities firms with extended reporting obligations and in reference data reporting to the FIRDS system under the MiFIR review,
has intensive use of market data (including future CTP feeds).
This determines the intensity of obligations under 2025/1143, 2025/1155, and 2025/1156.
IT and Timestamp Requirements
Ensure that order and trading systems adhere to the precision and deviation requirements for UTC according to the new clock rules (granularity, maximum permissible deviation, annual traceability review).
For high-frequency or algorithmic trading, stricter accuracy levels and latency requirements are pivotal.
Contract Management with APA, Trading Venues, Data Providers
Service levels, data quality, error correction processes, timestamp and format specifications in APA/ARM contracts and exchange rulebooks should be specifically checked for consistency with the new RTS/ITS.
Analyze market data contracts (including purchases of CTP data) for new “reasonable commercial basis” requirements and any cost reliefs or new reporting obligations.
Adjust Internal Policies/Processes
Best Execution Policy, Order Handling Policy and Transparency Controls should be adjusted to new transparency thresholds, waiver/deferral regimes, and the use of CTP data for market surveillance.
Data Quality and Incident Processes for reported data (trade reports, APA reports, possibly SI quotes) should be designed to support the error routines and communication paths described in 2025/1155 and 2025/1143.
DORA Linkage: For own (possibly APA/ARM-like) functionalities, ensure that the ICT controls and outsourcing processes already established under DORA also meet the specific requirements in 2025/1143 (if own licenses as data provisioning service are planned).

5. Practical To-Dos for Compliance/Risk

Impact Analysis – Mapping the new regulations to the institution’s roles (trading platform member, SI, data user, possibly APA/ARM).
Match the existing MiFIR/MiFID control matrix with new articles/appendices of the 2025 regulations.
Project Planning – IT project “Clock Sync and Latencies” (including monitoring, annual proof);
Adjust Transparency Engine (thresholds, liquidity, deferrals) and Best Execution Reports;
Contract review with market data suppliers, APA/ARM, trading venues.
Consideration of the new tasks and responsibilities for Compliance and Risk within the framework of the MiFIR Review, especially with regard to the regulatory requirements for data provisioning services and the increased supervision by BaFin and ESMA.

6. To-Do Checklist

6.1 Overview: Institution Roles

Institution Role	Typical Scenario	Relevant New Acts	Principal Obligations
Trading Participant (Member at Trading Venues, OTC with APA Use)	“Normal” medium-sized securities institution without its own data provisioning license; possibly also as a securities firm with reporting obligations for reference data and the ability to apply for DPE status	2025/1155, 2025/1156, 2025/1246	Transparency thresholds and market data use; latency and timestamp requirements; adjustment of best execution policy; new tasks within the framework of extended reporting obligations and responsibilities for data provisioning
Systematic Internalizer (SI) in certain instruments	SI status in bonds, FX or equity	2025/1155, 2025/1246	Latency and timestamp requirements; new data fields to CTP/APA; expanded transparency rules; additional tasks to comply with the new regulatory requirements
User of APA/ARM (no own service)	Outsourcing of transaction reporting and post-trade transparency	2025/1143, 2025/1155, 2025/1156	Adaptation of contracts and SLAs; assurance of data quality, error correction, and IT interfaces; use of APA as central register for real-time publications and ARM to fulfill reporting obligations and harmonization of reporting standards
Own APA/ARM/CTP in the Group	In-house ARM/APA/CTP; possibly also as a designated publishing entity (DPE) for reference data reporting to the FIRDS system	2025/1143, 2025/1155, 2025/1157	Full RTS/ITS implementation; use of standardized application forms; governance and DORA requirements; new tasks and responsibilities within the framework of supervision and licensing by BaFin and ESMA

6.2. To-Dos for a “Normal” Securities Institution (Without its Own Data Provisioning License)

Regulation & Policies

Adjust transparency policy (pre/post trade) to amended RTS 2017/583 and 2017/587 (new definitions, liquidity classes, LIS thresholds, deferral rules).
Align best execution policy and execution principles with the use of the future CTP data stream and new transparency parameters (e.g., reference prices, market quality).

IT & Data

Check if order/trading systems comply with timestamp granularity and UTC deviation limits according to the clock regime (including documentation of traceability).
Ensure that internal market data feeds and static data (ISIN, CFI code, liquidity class, LIS thresholds) are harmonized with the new tables/appendices of the amended RTS.
The new RTS require increased availability and structured provision of market data to ensure more transparent access to financial market data.

Market Data & Contracts

Review market data contracts with exchanges, data vendors, APA/CTP providers for “reasonable commercial basis” rules, fee transparency, and licensing conditions.
Review and, if necessary, adjust the internal cost and authorization model for market data (including future CTP feeds).
The new RTS require the disclosure of relevant information and increase transparency through the structured provision of market data.

6.3. Additional To-Dos if the Institution is a Systematic Internalizer (SI)

Transparency & CTP Input

Ensure that SI quotes and trades meet the input data fields and ISO-20022 compatible formats defined in 2025/1155 (pre- and post-trade data, depending on the asset class).
Technically implement and monitor latency requirements for pre- and post-trade data transmission (e.g., 50 ms for equities, 500 ms for non-equities).

Governance & Controls

Controls to ensure that all SI transactions in scope instruments are correctly and completely sent to trading venue/APA/CTP; alignment with FIRDS/transparency lists.
Adjust internal “quote governance” (quote pulls, quote updates) to new transparency and CTP data requirements.

6.4. To-Dos as APA/ARM Customer (Outsourcing Setup)

Contract and SLA Review

Review contracts with APA/ARM referencing the new RTS 2025/1143 and ITS 2025/1157 (organizational requirements, error correction, timestamp, outsourcing, fit-and-proper). It should be noted that the approved publication arrangement (APA) serves as a central register for the real-time publication of transaction data and the approved reporting mechanism (ARM) for compliance with MiFIR reporting obligations are paramount.
Ensure that SLAs contain clear KPIs for latencies, data quality, correction deadlines, and communication paths in case of errors or failures. New tasks and responsibilities as an APA/ARM customer arise in particular from the expanded regulatory requirements and increased supervision by authorities such as BaFin and ESMA.

Operational Processes

Design internal reporting lines (front-to-report) so that all mandatory fields for APA/ARM and future CTP forwarding are available (including MIC, trading venue identifiers, deferral flags). In addition, there is an obligation to publish transaction data such as price and volume in a central register (APA) in real time as much as possible to ensure post-trade transparency.
Define error and incident process with APA/ARM (e.g., deadlines for corrections, escalations, documentation of root cause analyses).

6.5. To-Dos if Own APA/ARM/CTP Exists or is Planned in the Group

Approval & Organization

Complete implementation of approval and organizational requirements under 2025/1143 (organizational chart, ownership structure, governance, fit & proper, internal controls, DORA evidence). Under the MiFIR review, the new tasks and responsibilities for data provisioning services must be observed, including the role of the designated publishing entity (dpe) in licensing and organization.
Use the new standard forms and notification sheets from 2025/1157 for approval, changes in the management body, and ongoing communication with ESMA/national authority.

Data & Systems

Technical implementation of the requirements for input/output data, protocol quality, latencies, and error handling set out in 2025/1155 (including transaction ID handling, customer communication). For technical implementation and reporting, approved publication arrangement (APA) and approved reporting mechanism (ARM) are to be used as central systems for the publication and reporting of transaction data.
Implementation of the revenue-sharing mechanism for CTP revenues (equity/ETF) according to the weightings and processes in 2025/1155, if a CTP is operated in the group. The new tasks also include compliance with expanded reporting obligations and harmonization of reporting standards in accordance with the MiFIR review requirements.

Frameworks and Standards for CTP

A Climate Transition Plan (CTP) is now a central element of any future-oriented corporate strategy. The goal of a CTP is to define concrete measures and a clear strategy to reduce one’s own greenhouse gas emissions and achieve net-zero emissions in the long term. Companies have a special responsibility in the context of climate protection and compliance with international agreements such as the Paris Agreement to support limiting global warming to 1.5 °C. Climate protection is an integral part of corporate strategy because adherence to such agreements and international climate commitments is crucial for the implementation of sustainable climate goals. The European Commission has created a binding framework with the European Sustainability Reporting Standard (ESRS) that provides companies with detailed requirements for reporting on their climate transition plans.

The ESRS Standard specifies how companies must transparently and comparably document their climate goals, emission reduction measures, and progress towards climate neutrality. A climate transition plan is a strategic tool that supports the transition to a climate-friendly economy and pursues the limitation of warming as its central goal. This not only builds trust with investors and stakeholders but also facilitates the integration of climate goals into the business model and strategic management. Companies without a CTP are at a higher risk compared to others of facing future regulatory requirements, limited access to capital, as well as social and reputational challenges. Companies developing a CTP according to recognized frameworks like the ESRS position themselves as responsible actors in the European market and actively contribute to achieving the EU’s climate goals.

Problems and Challenges

The implementation of the new MiFIR requirements and the development of an effective Climate Transition Plan (CTP) pose significant challenges for companies and financial institutions. A central problem is the adaptation of existing business models to the new regulatory requirements – particularly regarding transparency, data availability, and reporting. Collecting, assuring the quality of, and integrating the required data for reporting on climate actions and financial products require significant investments in IT, processes, and know-how.

In addition, companies must ensure that all measures and changes are in line with the current MiFIR requirements and recognized by regulatory authorities. The complexity of the new regulations and the multitude of interfaces between CTP, MiFIR, and other European regulations increases the need for coordination within the organization and with external partners. Only through proactive engagement, continuous training, and close collaboration with regulatory authorities and market participants can these problems be successfully managed.

Conclusion and Outlook

The MiFIR Review and the introduction of Climate Transition Plans mark a decisive step towards a more sustainable, transparent, and future-proof financial market architecture in Europe. The new requirements demand a high degree of adaptability and responsibility from companies and investment firms. The ESMA and national regulatory authorities accompany this change with clear guidelines and consistent monitoring of implementation.

For the future, this means: Those who react early to the new requirements, adapt their business models, and seize the opportunities of digitization and sustainability will succeed in the European capital market. The close cooperation between market participants, regulatory authorities, and the European Commission is key to creating a transparent, efficient, and sustainable financial market that can meet the challenges of climate change and regulatory transformation.

Sources

1. Market Data & Commercial Conditions

Delegated Regulation (EU) 2025/1156

Content: Provision of market data on a reasonable commercial basis (Market Data / Reasonable Commercial Basis).
Important Deadlines: Effective from November 23, 2025. For already approved trading venues (APA/SI), the application does not apply until August 23, 2026.
Direct link: EUR-Lex – 2025/1156

2. APA/ARM/CTP Licensing & Organization

Delegated Regulation (EU) 2025/1143

Content: Requirements for licensing and organizational requirements for data provisioning services.
Important Deadlines: Effective from November 23, 2025 (direct application without delay).
Direct link: EUR-Lex – 2025/1143

3. Transparency Rules (Equities & Non-Equities)

Delegated Regulation (EU) 2025/1246

Content: Amendments to RTS (2017/583 & 2017/587) regarding pre- and post-trade transparency.
Important Deadlines: Effective from November 23, 2025. Note: Individual articles will only come into effect from March 2, 2026.
Direct link: EUR-Lex – 2025/1246

4. CTP Specifications & Clock Synchronization

Delegated Regulation (EU) 2025/1155

Content: Input/Output data for the Consolidated Tape Provider (CTP), revenue sharing, and clock synchronization.
Important Deadlines: Effective from November 23, 2025. The technical rules for clock synchronization (Art. 11–16) apply from March 2, 2026.
Direct links:
- Main Document (2025/1155)
- Related Legal Act / Supplement