Open navigation
Search
Search
All Expertise
Explore our breadth of expertise.
Sectors View all
Practice Areas View all
All Insights
Leverage our expert analysis, intelligence and thought leadership for your strategic advantage.
Personalised updates
Receive tailored insights and intelligence that apply directly to your business.
Topics in Focus View all
Insights by type
CMS News
Stay up to date with our growth, evolution and our many successes.
Global Press Room
Contact us
For all general enquiries.
About CMS
CMS Careers

Select your region

International Europe Africa Asia-Pacific The Americas Middle East
Legal Update

ESMA Supervisory Briefing on Algorithmic Trading in the EU: Key Points and Practical Implications

04 Mar 2026 International 9 min read

Overview

On 26 February 2026, the European Securities and Markets Authority (“ESMA”) published a supervisory briefing providing guidance on algorithmic trading under MiFID II. The briefing draws on insights from the 2022 Common Supervisory Action (“CSA”) on pre-trade controls, as well as ongoing supervisory experience and discussions with national competent authorities (“NCAs”). It is intended to promote convergence in supervisory practices across the EU, particularly in the areas of governance, testing, outsourcing, and pre-trade controls. 

While the briefing is non-binding and not subject to a "comply or explain" mechanism, firms should treat it as a clear statement of supervisory expectations in the EU. It may also be helpful for non-EU firms to review by analogy, including firms based in the UK who operate on the basis of similar underlying rules. International groups will need to consider whether to implement any changes in approach across their European businesses or just in the EU. NCAs are encouraged to incorporate this guidance into their supervisory practices, including authorisation processes, thematic reviews, and on-site inspections. 

In particular, firms should note ESMA’s comments on AI and algorithmic trading, given that this is not dealt with explicitly in the MiFID II framework (which predated the increasingly widespread use of AI in trading). Firms should also consider ESMA’s statements in relation to non-algorithmic trading, including that compliance with certain aspects of the algorithmic trading requirements should be seen as best practice for such trading.  

Clarification of Key Concepts

A significant portion of the briefing is devoted to clarifying fundamental definitions, addressing inconsistencies that have emerged in practice.

ESMA consolidates previous guidance on the concept of algorithmic trading, and notes it is defined broadly: any trading in which a computer algorithm determines any individual parameter of an order, beyond mere routing or post-trade processing, constitutes algorithmic trading. In practice though, the related MiFID requirements on algorithmic trading concern trading in financial instruments admitted to trading on trading venues and controls around the submission of orders to such venues and so firms will still need to assess the extent to which potentially relevant trading activities are affected. ESMA seems to suggest that where there is a chain of entities, and one of the entities is using an algorithm to generate orders and another is then executing those orders, that the executing entity is responsible for compliance with the algorithmic trading rules, though it is unclear how this would work in practice or whether this is purely intended to be a reference to outsourced trading/execution scenarios. Other types of algorithmic trading and/or trading that does not involve financial instruments may be subject to different regimes (e.g. the rules applicable to algorithmic trading in wholesale energy products under REMIT II). 

ESMA notes algorithmic trading can take place even where human intervention occurs before order submission, given that the algorithm may be determining the parameters of the order. ESMA emphasises that professional trading without the use of computer algorithms is now the exception, drawing the conclusion that most investment firms authorised to deal on own account are likely to be engaged in algorithmic trading (though, as above, this does not take account of the fact that many buy-side investment firms will not be directly connected to trading venues, nor have direct electronic access to such venues). 

ESMA explains that an algorithm should be understood as a computerised set of instructions or rules that autonomously determines one or more parameters of a trading order. This definition is context-specific and may be tied to particular instruments, asset classes, venues, or strategies. 

An algorithmic trading strategy is defined as a set of decision logic, implemented through one or more algorithms, that autonomously pursues a defined trading objective (such as market making, arbitrage, or execution optimisation). Each strategy must be testable, distinguishable, and subject to supervisory scrutiny. 

Testing Requirements

ESMA reiterates that firms must ensure that their algorithms, algorithmic trading systems, and strategies are tested to avoid contributing to disorderly markets or facilitating abusive practices. ESMA recognises the need for proportionality: firms engaged in highly complex algorithmic trading may need to implement more extensive testing practices than those with simpler systems. 

Testing is required following each "material change" or "substantial update", which includes any modification that may alter the behaviour, risk profile, or compliance posture of an algorithm. Firms must timestamp, approve, and record all material changes. Stress testing must demonstrate that systems can withstand twice the volume of messages or trades processed in the previous six months. 

Outsourcing and Third-Party Providers

ESMA highlights the risk of firms not appreciating their use of algorithms where they rely on external providers whose systems contain embedded algorithms. ESMA clarifies that where an investment firm uses third-party algorithms or outsources algorithmic trading functions, the firm remains fully and solely responsible for compliance with MiFID II and RTS 6. Although long understood to be the case, this may be a helpful reminder, given it is increasingly common for unregulated firms to develop and sell trading algorithms or systems embedding algorithms for deployment by regulated firms. Outsourcing arrangements must clearly define operational responsibilities, ensure the firm retains effective control, and provide unconditional capacity to monitor, suspend, or terminate algorithmic trading without dependence on the provider's consent.

Direct Electronic Access (“DEA”) providers bear responsibility for ensuring their clients comply with algorithmic trading requirements. If the DEA client is not itself a MiFID II investment firm, the DEA provider bears sole responsibility for compliance. 

Pre-Trade Controls (“PTCs”)

The briefing provides detailed guidance on PTCs, reflecting findings from the 2022 CSA that practices related to implementation and governance are often divergent and not always robust. 

Scope: PTCs must be applied to all orders submitted to trading venues, including quotes generated for market making purposes. Even firms not engaged in algorithmic trading are expected to establish controls aimed at preventing erroneous orders, based on general MiFID II organisational requirements. As noted above, ESMA considers it best practice for firms to consider applying the specific requirements on PTCs to non-algorithmic trading.

Types of controls: Firms must implement all PTCs mandated by Article 15 of RTS 6, including price collars, maximum order values and volumes, maximum message limits, and repeated automated execution throttles. Both "hard blocks" (which automatically block non-compliant orders) and "soft blocks" (which alert traders before submission) should be implemented, with hard blocks being mandatory and soft blocks strongly recommended. 

Calibration and review: PTCs should be set collaboratively between trading, risk management, compliance, and IT functions. Firms must document their calibration methodology using quantitative data and periodically revise parameters to ensure they remain effective. Statistics on PTC triggers should be collected and used to evaluate effectiveness. 

AI and Algorithmic Trading

Although neither MiFID II nor RTS 6 specifically addresses AI (given the MiFID II framework predated the more widespread adoption of AI tools), ESMA recognises its increasing integration into algorithmic trading and recommends that firms and NCAs explicitly consider AI in their compliance frameworks. Firms using AI should ensure their annual self-assessments address how AI impacts algorithmic decision-making and ESMA notes that compliance staff must have at least a general understanding of how algorithmic trading systems operate, and algorithms should be explainable (which may not necessarily be the case with many AI tools). 

The briefing also notes the interaction with the EU AI Act (Regulation (EU) 2024/1689), reminding firms that algorithmic trading systems meeting the definition of an AI system will need to comply with AI Act requirements, including transparency obligations where applicable. Although certain financial services use cases are currently deemed high risk under the EU AI Act (in particular, creditworthiness assessments and credit scoring, as well as life and health insurance risk assessment and pricing), using AI in trading is not and so such uses are currently subject to (relatively) light touch regulation under the EU AI Act. Interestingly, ESMA somewhat pointedly notes that the scope of high risk AI systems is subject to annual review, though any designation as such could reasonably be expected to have a material impact on the competitiveness and level of innovation in EU financial markets. This would also be contrary to the recent trend from regulators to seek to encourage the roll out of AI within existing, largely technology neutral financial services regulatory frameworks.  

Practical Implications

Firms engaged in algorithmic trading should review their systems, controls, and documentation in light of this briefing. Key actions include:

  • Scope assessment: Firms should re-evaluate whether their trading activities fall within the definition of algorithmic trading, particularly given ESMA's broad statements on interpretation (subject to the nuances flagged above). Firms should also specifically consider how any AI tools fit into their algorithmic trading framework.
  • Documentation and governance: Testing methodologies, PTC calibration rationales, and outsourcing arrangements should be thoroughly documented and kept current. 
  • Annual self-assessment: The self-assessment required under RTS 6 should be conducted on an article-by-article basis, with clear rationales for compliance status and explicit consideration of AI where relevant. 
  • Third-party arrangements: Contractual arrangements with technology, algorithm and outsourced trading providers should be reviewed to ensure they provide adequate access to information, testing documentation, and control mechanisms. 
More insights
Commercial

Explore more

Expert Guide International

CMS Expert Guide to autonomous vehicles law and regulation

4 min read
Event International

IP Insights webinar series 2026

28 Apr 2026
Publication International

CMS Global Radar 2026

12 Feb 2026 2 min read
Back to top Back to top
Warning: Fraudulent emails and messages
Find out more
Law-Now, RegZone, LEXplicite and Blogtt have moved to CMS.law. LawNow have moved to CMS.law. LEXplicite have moved to CMS.law. Blogtt have moved to CMS.law.
Learn more Learn more Learn more
If you want to use third party tools, please enable personalisation cookies as part of your cookie preferences. You can change this setting at any time via the button below or in our Cookie Notice.