ESMA Tells Investment Firms to Treat AI Use as a MiFID II Compliance Issue

ESMA has published initial guidance for firms using artificial intelligence in investment services, making the core point bluntly: using AI does not move a firm outside MiFID II. The regulator said firms still need to meet their obligations on governance, conduct of business, and acting in the client’s best interest when AI tools are involved.

The statement highlights several risks supervisors are already worried about, including biased or low-quality data, opaque decision-making inside firms, overreliance on AI by staff or clients, and privacy or security issues tied to large-scale data use. ESMA also makes clear that the scope is broad. It is not just about robo-advice. Customer support, fraud detection, compliance, risk management, portfolio management support, and investment-advice workflows can all fall inside the same regulatory lens.

That matters for retail trading firms because AI is already creeping into onboarding, support flows, segmentation, marketing personalisation, and trading-related nudges. A broker cannot hide weak controls behind a shiny automation layer.

Why it matters

This is the kind of supervisory message that turns into exams, policy rewrites, and awkward internal audits later. Firms using AI in any client-facing or decision-support workflow now have less room to pretend the tech stack is separate from core conduct obligations.

What to watch next

ESMA said it and national regulators will keep monitoring AI use in investment services and the wider EU legal framework. If adoption keeps accelerating, expect more specific guidance, thematic reviews, or direct supervisory follow-up rather than vague principle-only statements.