Product Compliance Checklist: Launching a Fintech Product Across the EU

PSD2, MiCA, DORA, AML6, GDPR, AI Act: launching a fintech product in the EU in 2026 means navigating a web of overlapping regulations. This checklist covers every step from regulatory mapping to go-to-market.

The EU regulatory landscape for fintechs

A single fintech product launching across the EU can trigger 10+ regulatory frameworks simultaneously. A payment app with crypto features and AI-driven credit scoring faces PSD2, MiCA, DORA, AML6, GDPR, and the AI Act, each with its own obligations, timelines, and enforcement bodies.

10+

Frameworks per product

EU member states

€35M

Max AI Act fine

Regulatory perimeter mapping

Before anything else, identify every regulation that applies to your product in each target market. For a payment product in the EU, this includes PSD2, E-Money Directive, AML5/AML6, GDPR, DORA, and potentially the AI Act. Each EU member state may have local transposition differences. Tools like Cleo automate this mapping across 60+ jurisdictions in minutes.

Licensing & authorization

Determine which licenses you need in each jurisdiction. Payment services require PSD2 authorization or passporting. Crypto-assets require MiCA registration. Factor in the timeline: payment institution licensing takes 3-12 months, e-money licensing 6-18 months.

AML/KYC framework

Implement anti-money laundering controls that meet AML6 requirements: customer due diligence, enhanced due diligence for high-risk customers, transaction monitoring, suspicious activity reporting, and sanctions screening. Under MiCA, crypto-asset service providers face the same AML obligations as traditional financial institutions.

Data protection & GDPR

Financial products process sensitive personal data at scale. Your GDPR compliance program must cover: lawful basis for each processing activity, data protection impact assessments, cross-border transfer mechanisms, data subject rights workflows, and breach notification procedures.

DORA operational resilience

If your fintech serves financial institutions, or is a financial entity itself, DORA applies. You need an ICT risk management framework, incident reporting capabilities, digital operational resilience testing, and third-party ICT risk management. Build these requirements into your product architecture from day one.

Ongoing monitoring & updates

Compliance is not a one-time exercise. Set up continuous regulatory monitoring to track changes across all applicable jurisdictions. Cleo monitors 3,500+ sources and alerts your team to changes that affect your specific product and markets.

Automate the hard part

Regulatory mapping, identifying exactly which frameworks, articles, and obligations apply to your specific product in each market, is the most time-consuming step. It traditionally takes 2-5 weeks per jurisdiction. Cleo automates this entirely: enter your domain, and AI maps your full regulatory perimeter across 60+ jurisdictions in minutes.

Frequently asked questions

What regulations apply to fintech products in the EU?

Key EU regulations for fintech products include: PSD2/PSD3 (payment services), MiCA (crypto-assets), DORA (ICT operational resilience), AML5/AML6 (anti-money laundering), GDPR (data protection), the EU AI Act (if using AI in financial decisions), the Consumer Credit Directive, E-Money Directive, and national financial authority requirements in each member state. The specific combination depends on your product type, target markets, and customer segments.

How long does it take to get a fintech product compliant in the EU?

Timeline varies significantly by product type: payment institution licensing takes 3-12 months, e-money licensing 6-18 months, and crypto-asset service provider registration under MiCA 3-9 months. Regulatory mapping (identifying which regulations apply) traditionally takes 2-5 weeks per market, but AI tools like Cleo reduce this to minutes. The total go-to-market compliance timeline depends on how many jurisdictions you're targeting and the complexity of your product.

What is product compliance in fintech?

Product compliance in fintech means ensuring that a financial product meets all regulatory requirements before and after launch. This includes licensing and authorization, AML/KYC controls, consumer protection requirements, data privacy compliance, operational resilience standards (DORA), and ongoing regulatory monitoring. Product compliance managers work at the intersection of product development, legal, and regulatory affairs to ensure products can be legally offered in each target market.