UK vs EU financial regulation after Brexit: what firms operating in both markets need to track
The UK began its post-Brexit regulatory life with rules that largely mirrored the EU. Since then, the two frameworks have diverged in ways that matter for dual-market firms. Here is where they have moved apart, where they remain aligned, and what that means for compliance monitoring.
This article is for informational purposes only and does not constitute legal advice. Consult a qualified legal professional for advice specific to your situation.
The onshoring assumption that no longer holds
When the UK left the EU single market at the end of 2020, its starting position in financial regulation was one of near-identical rules. The UK had implemented EU financial services directives into national law and had applied EU regulations directly for years. At the moment of exit, the UK converted that body of EU-derived law into domestic legislation through the European Union (Withdrawal) Act 2018. The result was a UK statute book that was, at the point of Brexit, almost a carbon copy of the EU framework.
That symmetry created a convenient assumption for firms operating in both markets: that tracking one set of rules was roughly equivalent to tracking both. That assumption was reasonable in 2021. It is not reasonable in 2026.
The five years since Brexit have seen meaningful divergence across multiple domains. In some areas the UK has moved faster than the EU. In others it has moved differently. In a few it has held closer to the EU baseline than the EU’s own member states. The cumulative effect is a dual-market compliance burden that is genuinely more complex than either market alone, not simply because there are two rulebooks but because the differences between them require active tracking rather than periodic reconciliation.
This article maps where the divergence has occurred, which areas remain materially aligned, and what dual-market firms need to monitor as a result.
How the UK regulatory framework is organised
Before mapping the divergence, it is worth establishing a structural difference that affects how the two frameworks are updated.
In the EU, financial regulation is produced through a multi-layered process involving the European Commission, the European Parliament, the Council of the EU, and the European supervisory authorities (ESAs): the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA), and the European Insurance and Occupational Pensions Authority (EIOPA). The output is a combination of directly applicable regulations, directives requiring national transposition, and technical standards produced by the ESAs and adopted by the Commission. For a full account of how this layering works, see How EU financial regulation actually works.
The UK framework operates differently. The Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) have primary rule-making authority within a framework set by Parliament through primary legislation. The regulators produce their own rulebooks, the FCA Handbook and the PRA Rulebook, which are updated through consultation papers and policy statements. There is no equivalent of the ESA technical standards pipeline. The FCA and PRA act directly, with their own consultation processes and implementation timelines.
This structural difference has a practical implication: EU regulatory changes are visible from the point of Commission proposal, often years before they apply. UK regulatory changes become visible when the FCA or PRA publish a consultation paper, which may be months rather than years before implementation. The monitoring approaches appropriate for each framework are therefore different by nature, not just by subject matter.
Investment services: MiFID II and the UK’s diverging path
The Markets in Financial Instruments Directive II (MiFID II) was transposed into UK law and retained as onshored legislation. The UK’s version, UK MiFID, was initially substantively identical to the EU version. Since then the two have moved apart.
The UK’s Edinburgh Reforms, announced in December 2022, signalled an intention to reform the onshored MiFID II framework materially. The FCA has since consulted on and implemented changes to a number of MiFID-derived requirements. Research unbundling, one of MiFID II’s most operationally significant requirements for asset managers, has been handled differently: the UK moved to allow bundled payments for research under certain conditions, while the EU maintained the unbundling requirement before later introducing its own amendments under the Capital Markets Union package.
The UK’s Consumer Duty, which took effect in July 2023, introduced a cross-cutting retail customer standard that does not have a direct EU equivalent. For firms serving retail clients in the UK, this creates obligations around product design, price and value, consumer understanding, and consumer support that sit alongside but are conceptually distinct from the MiFID investor protection framework. The EU equivalent protections are embedded in MiFID II and PRIIPS, structured differently.
For dual-market investment firms, the practical implication is that compliance with EU MiFID II does not mean compliance with UK MiFID, and vice versa. The overlap is substantial but the differences are real, and they are growing as the FCA’s reform programme continues and the EU’s own Capital Markets Union legislative agenda progresses.
Banking and prudential regulation: Basel divergence in practice
Prudential requirements for banks are the area where divergence has been most technically complex. Basel III, the international capital adequacy framework developed by the Basel Committee on Banking Supervision, has been implemented differently in the UK and the EU.
The EU implemented its version of Basel III through the Capital Requirements Regulation 3 (CRR3) and the accompanying Capital Requirements Directive 6 (CRD6), with application from January 2025. The UK’s implementation of Basel 3.1, as the PRA frames it, proceeded on a separate timeline with a phased implementation schedule.
The two implementations are not identical. The UK and EU have made different choices in areas where Basel III leaves national discretion, including the treatment of certain asset classes, the calibration of output floors, and the application of requirements to smaller firms. Banks operating in both jurisdictions with significant capital positions in each need to assess their requirements under both frameworks separately rather than assuming that meeting one satisfies the other.
Crypto-assets: MiCA versus the UK’s emerging regime
This is one of the sharpest points of divergence, and one of the most consequential for firms active in digital assets.
The EU’s Markets in Crypto-Assets Regulation (MiCA), Regulation (EU) 2023/1114, is a comprehensive framework covering crypto-asset issuers, stablecoin issuers, and crypto-asset service providers. It has been in full application since December 2024 and provides a single EU-wide authorisation regime with passporting rights. MiCA’s scope, its requirements for crypto-asset service providers (CASPs), and its specific provisions for asset-referenced tokens and e-money tokens are covered in detail in What is MiCA and who does it affect.
The UK does not have a MiCA equivalent. Instead, the FCA has been developing a domestic crypto-asset regulatory regime incrementally. The Financial Services and Markets Act 2023 gave HM Treasury the power to bring crypto-asset activities within the regulatory perimeter. The FCA has consulted on a regime covering crypto-asset service providers, stablecoin issuers, and market abuse, but the final rules have not been published as of the date of this article and implementation timelines have shifted.
For a firm that wants to operate across both the EU and the UK in crypto-assets, this means obtaining MiCA CASP authorisation for EU activities and navigating a parallel FCA authorisation process for UK activities, under rules that are still being finalised in the UK and that will not be the same as MiCA even when complete. The substance of the UK regime is expected to draw on some MiCA concepts but will differ in structure and detail.
The practical consequence is that a MiCA-authorised firm is not authorised in the UK. The two authorisations are independent. A firm planning to operate in both markets needs to resource both processes separately.
Digital operational resilience: DORA and the UK’s equivalent
DORA, the Digital Operational Resilience Act, Regulation (EU) 2022/2554, established a comprehensive ICT risk management framework for EU financial entities from January 2025. It covers ICT risk management, incident reporting, digital operational resilience testing, and ICT third-party risk management, including a direct oversight regime for critical ICT third-party providers.
The UK’s equivalent framework is the FCA and PRA’s operational resilience policy, which has been in force since March 2022. The UK framework requires firms to identify important business services, set impact tolerances for those services, and demonstrate that they can remain within those tolerances during disruption. It has a different conceptual architecture from DORA: DORA is built around ICT risk management at a granular technical level, while the UK framework is built around service resilience outcomes.
The FCA and PRA have also consulted on a critical third-party regime for firms providing material services to UK financial entities, which would introduce direct regulatory oversight of those providers. The UK’s critical third-party regime and DORA’s critical third-party provider framework share the same policy intent but operate under different rules with different supervisory authorities.
For technology firms that provide services to regulated financial entities in both the EU and the UK, this creates dual compliance obligations. DORA’s requirements for contractual arrangements with third parties, incident reporting timelines, and resilience testing are specific. The UK FCA and PRA requirements are structured differently. A firm that provides cloud infrastructure or data services to banks in both markets cannot assume that compliance with one framework satisfies the other.
Payments: the PSD2 baseline and what is changing in each jurisdiction
Both the UK and the EU built their payments regulation on the foundation of the Payment Services Directive 2 (PSD2), which the UK onshored at Brexit. Since then both have been in reform processes, but on different paths.
The EU is replacing PSD2 with PSD3 and the Payment Services Regulation (PSR), which together strengthen open banking rights, adjust strong customer authentication requirements, and introduce enhanced anti-fraud obligations. PSD3 is a directive requiring national transposition; the PSR is a directly applicable regulation. Both are expected to apply from 2026 onwards.
The UK is not implementing PSD3. The FCA has been consulting on a new payments regulation framework under the powers granted by the Financial Services and Markets Act 2023. The UK’s open banking framework is overseen separately through the Joint Regulatory Oversight Committee and the Open Banking Implementation Entity. The FCA has consulted on reforms to payment services and e-money regulation that will diverge from both the current onshored UK version and the incoming EU framework.
For dual-market payments firms, this means tracking two separate legislative processes, both of which are producing substantive changes to requirements on similar timelines but producing different outputs. The strong customer authentication requirements, the open banking access rights, and the fraud liability rules that will apply in the UK will not be the same as those that apply under PSD3 and the PSR. Both sets of requirements need to be tracked independently.
Sustainable finance: SFDR, TCFD, and a fundamental structural difference
Sustainable finance disclosure represents one of the clearest examples of structural divergence between the two regimes.
The EU’s Sustainable Finance Disclosure Regulation (SFDR), Regulation (EU) 2019/2088, requires fund managers and financial advisers to classify financial products by their sustainability characteristics: Article 6 for products with no sustainability focus, Article 8 for products that promote environmental or social characteristics, and Article 9 for products with sustainable investment as their objective. The associated delegated regulation specifies the disclosure templates, the principal adverse impact indicators, and the content of product-level and entity-level reports.
The UK has not implemented SFDR. Instead, the FCA introduced the Sustainability Disclosure Requirements (SDR) and investment labels regime, which took effect from 2024. The UK regime uses a different classification structure: four product labels (Sustainability Focus, Sustainability Improvers, Sustainability Impact, and Sustainability Mixed Goals) rather than the EU’s Article 6, 8, and 9 structure. The UK regime also introduced anti-greenwashing rules that apply across all products, not just those using sustainability labels.
For fund managers distributing in both the EU and the UK, the practical consequence is that an EU Article 8 or Article 9 fund is not automatically eligible for a UK sustainability label. The two regimes have different criteria, different disclosure requirements, and different regulatory expectations. A fund classified one way under SFDR may require separate assessment and potentially separate product documentation for UK distribution.
Where alignment remains
It would be misleading to describe the UK and EU frameworks as having fully decoupled. In several areas the substantive requirements remain closely aligned, even where the rule source is different.
Anti-money laundering and counter-terrorist financing requirements in both jurisdictions derive from the same international standards set by the Financial Action Task Force (FATF). The UK’s Money Laundering Regulations and the EU’s AML/CFT framework, currently being consolidated through the EU AML Regulation and the new Anti-Money Laundering Authority (AMLA), are both FATF-derived and share common conceptual foundations, even as the EU’s institutional architecture for AML supervision changes.
Market abuse rules in both jurisdictions reflect the same underlying policy objectives, prohibiting insider dealing and market manipulation. The specific provisions differ in detail, but the core obligations are similar enough that compliance programmes designed for one market are typically adaptable to the other without fundamental restructuring.
Insurance regulation remains largely aligned at the level of Solvency II principles. The UK has its own Solvency UK framework following its reform of the onshored Solvency II rules, with changes to the risk margin calculation and the matching adjustment that are specific to the UK, but the overall prudential framework is recognisable in both jurisdictions.
What dual-market compliance monitoring requires
The regulatory divergence described above creates a monitoring problem that is qualitatively different from monitoring either market alone.
In the EU, the monitoring challenge is volume: the multi-layered legislative pipeline involving the Commission, the ESAs, and national competent authorities produces a large volume of regulatory output across many dossiers simultaneously. The structure of that pipeline and how to monitor it systematically is addressed in What is regulatory horizon scanning and why compliance teams need it.
In the UK, the monitoring challenge is speed and directness. The FCA and PRA produce consultation papers and policy statements that move to implementation more quickly than the EU legislative process. The FCA’s reform programme across payments, crypto-assets, investment research, and consumer protection has been active across multiple dossiers simultaneously.
For dual-market firms, the monitoring requirement is both. The two monitoring problems have different structures: the EU pipeline has long lead times and multiple source points, while the UK framework can move from consultation to implementation in twelve to eighteen months. A firm tracking only one of them is building a compliance function that is structurally incomplete.
The practical starting point for dual-market regulatory intelligence is a clear mapping of which regulations apply in each jurisdiction for each business activity. Given the areas of divergence described in this article, that mapping cannot be assumed to be symmetric. Activities that are governed by equivalent rules in both markets are relatively straightforward. Activities governed by rules that have diverged, crypto-assets, payments, sustainable finance, research unbundling, and consumer protection among them, require separate monitoring tracks.
Forseti monitors EU financial regulatory developments continuously, anchored to verified official sources — covering the EU side of the dual-market monitoring problem this article describes. Start for free.
Subscribe for news updates.
Board composition, ownership structure, subsidiary registrations, industry classification changes, filing events. Each is a structural signal. Combined, they reveal strategic intent before any press release is issued. Here is what the registries contain and how to read them.