Access Directive meaning

ARCHIVED: This Practice Note is archived and is no longer maintained. The Payment Accounts Directive (Directive 2014/92/EU) (PAD) is designed to improve clarity and comparability for consumers in relation to payment accounts across the EU. Specifically, the PAD: simplifies comparison of charges levied by banks and other providers throughout the EU helps customers to switch payment accounts with ease, and gives every EU consumer the right to open a payment account enabling them to carry out essential functions such as receiving their salary and paying bills The PAD stems from the European Commission’s consultation on retail bank accounts, launched in March 2012, which evaluated the need for action in the areas of fee clarity and comparability, account switching, and access to basic payment accounts. This was preceded by a 2007 inquiry into the retail banking sector that identified these issues as obstacles to consumer choice and mobility. Subsequent attempts by Member States to address the problems independently at national level led...

News Analysis: UK product liability reform—new redress rules for AI systems? We recently discussed the likelihood of forthcoming changes to the UK product liability framework (see News Analysis: UK product liability reform—new redress rules for AI systems?), which could result in the UK’s product liability regime being brought into closer alignment with the new EU Product Liability Directive (the Revised EU PLD—see Practice Note: The Revised EU Product Liability Directive). The Law Commission has since confirmed a formal review of the UK’s product liability regime within its 14th work programme. For now, the apparent emphasis of that review is on ‘emerging technologies’, with a particular spotlight on AI...

In this issue: Data protection Reputation management Public sector information LexTalk®Information Law: a Lexis®Nexis community Daily and weekly news alerts Data protection ICO issues reprimand to the Electoral Commission following 2021 cyberattacks The Information Commissioner’s Office (ICO) has reprimanded the Electoral Commission under Article 58(2)(b) of the UK General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR), following an August 2021 breach. Attackers gained entry to the Commission’s Microsoft Exchange Server holding personal data for about 40 million people. Their unauthorised access continued until October 2022, with repeated intrusions unnoticed due to inadequate security, including failure to apply the latest security updates and weak password policies. See: LNB News 31/07/2024 92. European Commission releases 2nd report on EU GDPR application On 25 July 2024, the European Commission published its second report on the application of the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR)...

In this issue: UK, EU and international regulators and bodies Authorisation, approval and supervision Prudential requirements Financial crime and sanctions Consumer protection Complaints, compensation and claims management Investigations, enforcement and discipline Regulation of capital markets Dispute resolution for financial services lawyers Regulation of derivatives Sustainable finance and ESG Banks and mutuals UK MiFID II EU MiFID II Consumer credit Regulation of insurance Payment services and systems Fintech and cryptoassets LexTalk®Financial Services: a Lexis®Nexis community Daily and weekly news alerts New and updated content Dates for your diary UK, EU and international regulators and bodies FCA publishes Handbook Notice No 135 The Financial Conduct Authority (FCA) has issued Handbook Notice No 134, outlining amendments to the FCA Handbook and related materials approved by the FCA board on 27 November 2025. See: LNB News 28/11/2025 48. ESMA sets out planned consultations for...

Resource Note This Resource Note signposts key commentary, analysis and materials to aid interpretation and offer practical direction on using Chapter 2 of the Disclosure Guidance and Transparency Rules (DTR 2). Where relevant, it draws on: the Financial Conduct Authority (FCA) Handbook FCA Knowledge Base—Procedural and Technical notes (formal guidance binding on the FCA) FCA consultation and discussion papers, policy and feedback statements, and warnings Primary Market Bulletins and other FCA publications legacy UKLA technical and procedural notes and the UKLA’s newsletter List!, where still pertinent assimilated EU legislation EU Directives and EU Regulations, where helpful to construing a provision Lexis+® UK analysis and resources Setting the scene What it covers: DTR 2 prescribes the framework for issuers to disclose and manage inside information, supporting timely and even-handed release of market-sensitive information. It also identifies specific situations permitting a delay to public disclosure of inside information, together with the safeguards required to keep such information...

This Practice Note sets out the essentials of Regulation (EU) 2024/2847, the EU Cyber Resilience Act (CRA): its background, timeline, aims, and how it aligns with other EU laws. For details on the CRA’s scope or core duties for economic operators, see the following Practice Notes: The EU Cyber Resilience Act—scope and classification of products The EU Cyber Resilience Act—obligations, compliance and enforcement Regulation (EU) 2024/2847, known as the CRA, is the first EU measure to set mandatory cybersecurity requirements for ‘products with digital elements’ across the EU. From December 2027, products that do not satisfy these requirements cannot be placed on the EU market. Accordingly, compliance will be crucial for market entry for both hardware and software. Manufacturers, importers and distributors will have extensive cybersecurity responsibilities and risk significant fines for non-compliance. The CRA was published in the Official Journal of the EU on 20 November 2024, entered into force on 10 December 2024, and applies in full from 11...

Money Laundering Regulations 2017 and Money Laundering Regulations 2020 The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLR 2017), SI 2017/692, sit within the UK’s anti-money laundering and counter-terrorist financing framework. They took effect on 26 June 2017 to implement the EU’s Fourth Anti-Money Laundering Directive, Directive (EU) 2015/849 (4MLD), and have subsequently been broadened significantly by the Money Laundering and Terrorist Financing (Amendment) (EU Exit) Regulations 2020 (MLR 2020), SI 2020/991. Those 2020 amendments give effect to aspects of the EU’s Fifth Anti-Money Laundering Directive, Directive (EU) 2018/843 (5MLD), concerning the registration of trusts. The Money Laundering and Terrorist Financing (Amendment) Regulations 2019, SI 2019/1511, also transposed elements of 5MLD into UK law; however, they addressed areas other than trust registration and therefore fall outside the ambit of this Practice Note. Unless indicated otherwise, references in this Practice Note to MLR 2017, SI 2017/692, should be read as including the changes introduced by MLR 2020, SI 2020/991. The chief focus of...

STOP PRESS: On 19 June 2025, the Data (Use and Access) Bill secured Royal Assent, transforming into the Data (Use and Access) Act 2025 (DUAA 2025), with partial commencement on that very same day. A number of DUAA 2025 provisions, covering areas like handling data subject access requests and granting powers to make additional regulations, took effect immediately on 19 June 2025. Other related provisions, relating to Information Commissioner notices and certain aspects of law enforcement processing, commenced on 19 August 2025 (being two months from the date of Royal Assent). The majority of DUAA 2025’s measures still require further regulations, in the form of statutory instruments, to be made in order to bring them fully into force. Parts 5 and 6 of DUAA 2025 serve to amend several facets of data protection and ePrivacy law in the UK, including the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI...

FORTHCOMING CHANGE On 19 June 2025, the Data (Use and Access) Bill secured Royal Assent, thereby transforming into the Data (Use and Access) Act 2025 (DUAA 2025) and taking partial effect immediately on that same day. Parts 5 and 6 modify elements of UK data protection and ePrivacy law across the domestic framework, expressly covering the United Kingdom General Data Protection Regulation, the Assimilated Regulation (EU) 2016/679 (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426, as relevant measures. Some DUAA 2025 measures, addressing issues like handling data subject access requests and granting authority to make further regulations, also commenced straightaway on 19 June 2025 without delay. Other elements, relating to notices from the Information Commissioner and certain facets of law enforcement processing, take effect on 19 August 2025 (two months after Royal Assent was given). Most DUAA 2025 provisions depend on subsequent regulations (as statutory instruments) being made before they commence and, until then, remain dormant...

STOP PRESS: On 19 June 2025, the Data (Use and Access) Bill obtained Royal Assent and became the Data (Use and Access) Act 2025 (DUAA 2025), with parts commencing that day. Measures that started immediately on 19 June 2025 included those on handling data subject access requests and the grant of powers to make further regulations. Other elements, relating to notices issued by the Information Commissioner and particular aspects of law enforcement processing, began on 19 August 2025, two months after Royal Assent. The bulk of DUAA 2025 will only take effect once additional regulations—issued as statutory instruments—are made to commence them. Parts 5 and 6 of DUAA 2025 introduce amendments to the UK’s data protection and ePrivacy regime, including: the United Kingdom General Data Protection Regulation; the assimilated Regulation (EU) 2016/679 (UK GDPR); the Data Protection Act 2018; and the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426...