1. Central Bank Invites Applications for its Second Innovation Sandbox
On 23 September 2025, the Central Bank of Ireland (“Central Bank”) announced its call for applications to the second innovation sandbox programme (“2026 Sandbox”) at its 2025 payments seminar (“Seminar”).
As reported in the FIG Top 5 at 5 dated 11 September 2025, the theme of the 2026 Sandbox is “Innovation in Payments”.
The Central Bank considers it important that it deepens its understanding of the opportunities and risks of different technologies and innovations, with the ultimate goal being that the benefits of innovation will be realised for consumers of financial services while risks are managed effectively.
Speaking at the Seminar, Deputy Governor Vasileios Madouros highlighted the importance of payments in the economy, noting the role that innovation has to play, and that if “done well and safely”, can result in broader economic benefits. He further stated that in an environment of rapid innovation in payments, the Central Bank cannot afford to stand back.
The Deputy Governor went on to explain that it is in this context that the Central Bank decided on innovation in payments as the theme for the 2026 Sandbox.
The 2026 Sandbox will provide an opportunity for the Central Bank to further engage with the private sector as regards payments and will aim to:
- foster innovative solutions that will result in safer, faster and more inclusive payments for households and businesses; and
- give the Central Bank early insight into supervisory questions and emerging risks.
The Central Bank is interested in hearing from applicants at every stage of development and also highlighted its interest in receiving applications from partnerships.
On its dedicated innovation sandbox programme webpage, the Central Bank has set out information regarding the 2026 Sandbox, some of the areas address are as follows:
- the framework for the 2026 Sandbox - stating that it will operate on a cohort basis over six months with a structured programme of workshops, support by way of a dedicated sandbox relationship manage and access to a data platform to test and develop innovations;
- the problem statements for the 2026 Sandbox, covering areas such as:
- inclusive access to the digital economy;
- frictionless and transparent money movement;
- resilient and secure payments; and
- safe integration of emerging payment technologies;
- suitable applicants including information as to non-Ireland domiciled entities and selection criteria; and
- treatment of intellectual property and confidentiality of information.
Next Steps
The Central Bank advises potential applicants to read its guidance note as to the completion of the application form. Applications will be accepted until 5pm on 10 November 2025. The 2026 Sandbox will commence in January 2026.
2. ESAs Publish Report on Risks and Vulnerabilities in the EU Financial System
On 19 September 2025, the European Supervisory Authorities (“ESAs”) published their Autumn 2025 joint committee report (“Report”) on risks and vulnerabilities in the EU financial system.
The Report sets out that global trade and security developments have resulted in sudden structural changes and contributed to a deteriorating economic outlook and deepening geopolitical uncertainty. As a result, growth forecasts have been revised downwards.
Even in the face of such challenges, the Report highlights the resilience shown by the European financial system, noting that banks continue to generate solid profits and insurers are holding strong solvency positions.
It is in this context that the joint committee of the ESAs are advising national competent authorities (“NCAs”), financial institutions and market participants to take the following policy actions:
- Financial institutions should continue to incorporate geopolitical risk considerations into day to day business processes and risk assessments, taking into account that such risk are cross cutting and impact various aspects of financial institutions’ operations and risk exposures;
- Financial institutions need to have a risk management capacity that is capable of dealing with unexpected short and medium term challenges, such as market corrections, by maintaining adequate provisions and stress testing their liquidity positions;
- Address cyber risks more holistically and at a quicker rate and also ensure that the DORA framework is fully implemented, ensuring that sufficient resources are allocated to address cyber risks. Additionally, financial institutions and NCAs should be ready to deal with challenges stemming from the rapid advancement of various technologies, such as AI, while also taking advantage of the opportunities such technology offers;
- Monitor contagion risks from crypto assets against a background where, as this market expands, interlinkages will increase between crypto markets and the traditional financial sector; and
- The Report also addresses the role of financial institutions in supporting the savings and investment union (“SIU”), highlighting that:
- a sound supervisory system will be important to build the necessary trust with consumers in the market so as to fulfil the ambition of channelling savings to productive investments;
- the importance of understanding the non-bank financial intermediation sector due to the shift towards alternative investments seen in the US and the UK, particularly considering the liquidity characteristics and risk profiles of such investments; and
- the importance of the finalisation of the banking union.
3. EIOPA Chair Delivers Speech on Supervision of AI
On 16 September 2025, Petra Hielkema, EIOPA Chairperson, delivered a speech (“Speech”) at a conference entitled, “Regulation and Supervision (PROGRES) 2025 - Closing Protection Gaps and Enhancing Inclusive Insurance Through Regulation”.
The theme of the Speech centred around the supervision of AI and how a balance can be achieved so as to harness the benefits of AI but to ensure that it is done in a way that is secure, sustainable and equitable.
Potential
Ms Hielkema discussed the potential of AI, highlighting various matters, some of which are as follows:
- EIOPA’s data shows that around half of non-life insurers and a quarter of life insurers are already leveraging AI across the value chain;
- unrestricted innovation comes at a cost, mainly the erosion of trust;
- the drawbacks of AI such as limited consideration of consumers' specific circumstances / the excessive standardisation of settlement procedures / AI can propose higher premiums and reduce access to insurance for high-risk or vulnerable clients;
- data privacy, security and ethical use of data;
- the risk of algorithmic bias, noting that when AI systems are trained on historical data that encompasses years of gender inequality, for example, such biases can be perpetuated and even increased; and
- the pressure that the rise of big data and technology is putting on mutualisation such that the risk pool can become fragmented potentially excluding those who are deemed to be high risk, noting that it must be ensured that personalisation does not erode collective protection. Ms Hielkema highlighted the existence of EIOPA’s consultative expert group on data use in insurance who are focused on exploring how data can be used promote fairness, inclusion, and innovation while safeguarding the principle of mutualisation.
Regulation
Ms Hielkema then turned her attention to the regulation and supervision of AI, highlighting matters such as:
- the fact that much AI infrastructure is concentrated in a few regions in the world, noting that access to these infrastructures is essential, not only to understand them but also to assess risks posed, emphasising that AI systems do not need to be developed locally but they do need to be supervised locally;
- the fact that the regulatory framework is not harmonised which presents challenges for globally active companies and for governments to oversee transnational AI systems;
- she discussed the AI Act, particularly highlighting that in the insurance sector, AI systems used for risk assessment and pricing in life and health insurance are deemed as high-risk under the AI Act - consequently, human oversight is a requirement. Further, Ms Hilekema reminded her audience that this not a new requirement for insurers, referencing the existing regulation under Solvency II and IDD;
- as regards the remainder of use classes of AI systems in insurance, that is, those not prohibited or high risk, they remain subject to sectoral legislation without new requirements save for the requirement that AI users must ensure AI literacy among their staff and inform customers when they are interacting with AI systems; and
- the principle of proportionality, which is core to the European insurance legislative framework, also applies to the use of AI by insurance undertakings.
EIOPA Opinion and IAIS Paper
Ms Hielkema highlighted and discussed the recent publication of EIOPA’s opinion on AI governance and risk management (“Opinion”) – for more information, see FIG Top 5 at 5 dated 21 August 2025. She stated that the “opinion clarifies existing governance and risk management principles while remaining flexible to allow tailoring for the specific characteristics of different AI systems. Most importantly, it follows a risk-based and proportionate approach, to balance the benefits and risks of AI systems thereby leaving room for innovation.”
Ms Hielkema then directed her attention towards the importance of international cooperation, particularly highlighting the publication by the International Association of Insurance Supervisors (“IAIS”), in July 2025, of its application paper on the supervision of artificial intelligence – noting that the application paper concluded that no change to the IAIS insurance core principles (“ICPs”) was needed to supervise AI but rather what is required is guidance for supervisors on how to supervise in real life on the basis of ICPs.
While discussing the IAIS application paper, Ms Hielkema also discussed the concepts of risk based supervision and proportionality, noting that by focusing on such concepts and approach, the application paper “seeks to find the sweet spot between promoting innovation and minimising risk.”
Ms Hielkema emphasised that EIOPA’s Opinion and the IAIS application paper are the “two most recent and important papers that give recommendations on how to supervise insurance based on existing legislation.”
Next Steps
Ms Hielkema highlighted that:
- EIOPA plans to develop more detailed analysis of specific AI systems or emerging issues related to their use in insurance, and to provide guidance where appropriate;
- the IAIS will continue to monitor developments and work on an internal toolkit for supervisors; and
- in order to better understand emerging practices in the area of Generative AI (“GenAI”), Ms Hielkema stated that EIOPA is currently carrying out a survey on the adoption of GenAI governance, and use cases in the insurance sector, with preliminary results showing that there is rapid uptake particularly in back office functions.
4. Commission Adopts Delegated Decision Renewing Solvency II Equivalence for Brazil, Japan and Mexico
On 17 September 2025, the European Commission (“Commission”) adopted a delegated decision (“Decision”) on the renewal of the determination that the solvency regimes in Brazil, Japan and Mexico, applicable to undertakings with their head office in those third countries, are provisionally equivalent to the regime contained in Title I, Chapter VI of the Solvency II directive.
In 2015, two Commission delegated decisions granted provisional equivalence under article 227 of Solvency II to Brazil, Mexico and Japan, these decisions are due to expire on 1 January 2026. Article 227 of Solvency II relates to the equivalence for third-country insurers that are part of groups headquartered in the EU.
Article 227(6) of Solvency II provides for provisional equivalence to be renewed for further periods of ten years in circumstances where certain criteria in article 227(5) continue to be met.
In 2024, the Commission was assisted by the European Insurance and Occupational Pensions Authority (“EIOPA”) in concluding that the conditions, upon which the 2015 decisions were based, continue to be met for Brazil, Mexico and Japan.
Accordingly, the Decision renews provisional equivalence for Brazil, Japan and Mexico for a further period of 10 years from 1 January 2026 to 31 December 2035.
Next Steps
The Decision will enter into force 20 days following its publication in the official journal of the European Union.
5. European Legislative Updates: (1) Delegated Regulation Postponing Application Date of Own Funds Requirements for Market Risk under CRR Published in OJEU (2) Council Publishes Text of Proposed Regulation to Change Settlement Cycle Under CSDR (3) Delegated and Implementing Regulations on RTS and ITS under MiCA Published in OJEU
1. Delegated Regulation Postponing Application Date of Own Funds Requirements for Market Risk Under CRR Published in OJEU
On 19 September 2025, Commission Delegated Regulation (EU) 2025/1496 (“Regulation”) was published in the official journal of the European Union (“OJEU”).
The Regulation amends the capital requirements regulation (“CRR”) as regards the application date of the own funds requirements for market risk, postponing that date by one additional year to 1 January 2027. On that date, the market risk requirements reflecting the Basel Committee on Banking Supervision's fundamental review of the trading book will apply as a binding capital standard in the EU, as per amendments made to CRR by the CRR III regulation.
The Regulation was adopted by the European Commission in June 2025, for more information see FIG Top 5 at 5 dated 19 June 2025.
Next Steps
The Regulation entered into force on 20 September 2025, being one day following its publication in the OJEU, and will apply from 1 January 2026.
Council Publishes Text of Proposed Regulation to Change Settlement Cycle Under CSDR
On 17 September 2025, the Council of the European Union (“Council”) published the text of the proposed regulation (“Regulation”) amending regulation (EU) No 909/2014 (“CSDR”) as regards a shorter settlement cycle in the EU for transactions in transferable securities.
The European Parliament (“Parliament”) and the Council reached political agreement on the matter in June 2025.
The Regulation will amend CSDR by shortening the settlement cycle on securities, such as shares or bonds executed on EU trading venues, from two business days (“T+2”) to one after the trading takes place (“T+1”). For more information, see FIG Top at 5 dated 3 July 2025.
Next Steps
The Regulation will now move to the formal adoption stage by the Council, after which, the Regulation will enter into force 20 days following its publication in the official journal of the European Union and will apply from 11 October 2027.
3. Delegated and Implementing Regulations on RTS and ITS Under MiCA Published in OJEU
On 15 September 2025, two regulations under the regulation on markets in crypto assets (“MiCA”) were published in the official journal of the European Union (“OJEU”), as follows:
- Commission Delegated Regulation (EU) 2025/1125 with regard to regulatory technical standards specifying the information in an application for authorisation to offer asset-referenced tokens (“ARTs”) to the public or to seek their admission to trading; and
- Commission Implementing Regulation (EU) 2025/1126 laying down implementing technical standards as regards the establishment of standard forms, templates and procedures for the information to be included in the application for authorisation to offer ARTs to the public and to seek their admission to trading.
Both regulations were adopted by the European Commission in June 2025, for more information, see FIG Top 5 at 5 dated 12 June 2025.
Next Steps
The above regulations will enter into force on 5 October 2025, being 20 days following publication in the OJEU.