Executive overview
Consumer Protection and Unfair Practices Ordinance
Emergency Ordinance No. 18/2026 updates consumer protection rules, aligning Romanian law with EU directives and setting clearer requirements for transparency and sustainability in financial services and digital products.
Legislative Updates
Consumer Protection and Unfair Practices Ordinance
What is changing
The ordinance applies new EU rules on consumer protection, especially for online financial services. Consumers can cancel a contract within 14 days, without costs or justification, with a few exceptions.
Why this matters
The main impact is on compliance and reputation. Financial institutions must review how they communicate with clients, especially online. They need to update disclosures, marketing materials, and contracts.
Sustainability claims must be supported by clear evidence. Transparency rules and withdrawal rights also require changes in customer journeys and internal processes. Digital products bring ongoing compliance obligations.
Next steps (internal)
The ordinance is already in force, with key provisions becoming applicable throughout 2026, making this a time-sensitive compliance priority. Conduct a gap analysis of consumer protection, disclosure, and marketing practices.
- Review and update contracts, customer communications, and digital interfaces.
- Ensure compliance with sustainability claims and labeling requirements.
- Align internal processes with new rules on withdrawal rights and product transparency.
- Monitor implementation timelines and prepare for phased application during 2026.
Implementation of ESAP (EU Single Access Point)
What is changing
The draft law introduces new reporting rules under ESAP. Financial institutions must send public data not only through current channels, but also to national authorities like BNR and ASF, which will forward it at EU level.
From January 2030, data must follow a standard format and be easy to process and search. BNR, ASF, and the Macroprudential Committee will collect and transmit this information.
Why this matters
Most obligations apply from 2030, but the law is close to adoption. Companies need to start preparing now.
ESAP changes how data is reported at EU level. Financial institutions must update systems, reporting processes, and data governance. Early planning is important due to the technical complexity and impact across teams.
Next steps (internal)
The draft law is close to adoption, so companies need to act now.
- Monitor the legislative process and final approval.
- Review current reporting, data formats, and disclosure processes.
- Check if systems can handle standard, machine-readable data.
- Plan updates for IT systems and data governance.
- Review shareholder communication and internal processes.
Capital markets rules updated to match EU changes
What is changing
The draft law aligns Romania’s rules with recent EU changes and includes some ESAP requirements. It removes overlapping national rules and updates how capital markets work.
Key changes include
- minimum activity levels on markets,
- more power for operators to stop or limit trading in special situations, and
- simpler reporting for some transactions.
Why this matters
The draft law has been adopted by the Senate and is moving forward, with a high chance of approval soon.
Most rules will apply shortly after publication, so companies need to adjust quickly. ESAP-related requirements apply from January 2030 and need early planning due to their complexity.
These changes follow a broader EU push for more transparency, better data, and stronger markets.
Next steps (internal)
The draft law has been adopted by the Senate and now goes to the Chamber of Deputies for final approval.
- Monitor the legislative process and final decision.
- Assess the impact on trading, market operations, and derivatives.
- Improve data quality and reporting systems.
- Update compliance processes and manage sanctions risk.
- Prepare for ESAP reporting and long-term data standardization.
