Back to Frameworks

MiFID II / MiFIR

European Union
v2014 (adopted) - effective 3 January 2018, amended through 2023 (latest Delegated Acts and RTS updates)
8 domains
8 controls

The Markets in Financial Instruments Directive II (Directive 2014/65/EU) and the Markets in Financial Instruments Regulation (Regulation EU No 600/2014) constitute the EU's comprehensive framework for financial markets. Effective 3 January 2018, the framework sets rules for investment firms, trading venues, market transparency, and investor protection, and has been amended through a series of Delegated Acts and Regulatory Technical Standards (most recently in 2023) to address emerging market practices and regulatory objectives.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (8)

Algorithmic Trading and Market Structure - MiFID II

1 controls
Controls in the Algorithmic Trading and Market Structure - MiFID II domain of MiFID II / MiFIR1 controls
CodeTitle
MiFID-II-Algorithmic-Trading-Article-17-HFT-RTS-6-Tick-Size-Direct-Electronic-Access-Market-MakingMiFID II Algorithmic Trading + Article 17 + HFT + RTS 6 + Tick Size + Direct Electronic Access + Market Making

Best Execution Order Handling - MiFID II

1 controls
Controls in the Best Execution Order Handling - MiFID II domain of MiFID II / MiFIR1 controls
CodeTitle
MiFID-II-Best-Execution-Article-27-RTS-28-Order-Handling-Best-Possible-Result-Retail-Quality-FactorsMiFID II Best Execution + Article 27 + RTS 28 + Order Handling + Best Possible Result + Retail + Quality Factors

Client Categorisation Suitability and Appropriateness - MiFID II

1 controls
Controls in the Client Categorisation Suitability and Appropriateness - MiFID II domain of MiFID II / MiFIR1 controls
CodeTitle
MiFID-II-Client-Categorisation-Suitability-Appropriateness-Articles-25-30-Annex-II-Retail-Professional-ECPMiFID II Client Categorisation + Suitability + Appropriateness + Articles 25 + 30 + Annex II + Retail + Professional + ECP

Conflicts Inducements and Product Governance - MiFID II

1 controls
Controls in the Conflicts Inducements and Product Governance - MiFID II domain of MiFID II / MiFIR1 controls
CodeTitle
MiFID-II-Conflicts-Inducements-Product-Governance-Articles-23-24-16-3-Commission-Delegated-Directive-2017-593MiFID II Conflicts + Article 23 + Inducements + Article 24 + Product Governance + Article 16(3) + Commission Delegated Directive 2017/593

Enforcement Sanctions and Product Intervention - MiFID II / MiFIR

1 controls
Controls in the Enforcement Sanctions and Product Intervention - MiFID II / MiFIR domain of MiFID II / MiFIR1 controls
CodeTitle
MiFID-II-Enforcement-Articles-69-71-Sanctions-Article-70-EUR-5M-10pct-Turnover-Product-Intervention-MiFIR-Article-40-42MiFID II Enforcement + Articles 69-71 + Sanctions + Article 70 + EUR 5M + 10% turnover + Product Intervention + MiFIR Articles 40-42

Governance Organisation and Compliance - MiFID II

1 controls
Controls in the Governance Organisation and Compliance - MiFID II domain of MiFID II / MiFIR1 controls
CodeTitle
MiFID-II-Governance-Management-Body-Articles-8-13-Organisation-16-Compliance-Article-22-OutsourcingMiFID II Governance + Management Body + Articles 8-13 + Organisation + Article 16 + Compliance + Article 22 + Outsourcing

MiFIR Transparency and Transaction Reporting

1 controls
Controls in the MiFIR Transparency and Transaction Reporting domain of MiFID II / MiFIR1 controls
CodeTitle
MiFIR-Transparency-Pre-Post-Articles-3-11-Equity-Non-Equity-Trading-Obligation-Article-23-26-27-Transaction-ReportingMiFIR Transparency + Pre + Post + Articles 3-11 + Equity + Non-Equity + Trading Obligation + Article 23-26-27 Transaction Reporting

Scope and Authority - MiFID II / MiFIR

1 controls
Controls in the Scope and Authority - MiFID II / MiFIR domain of MiFID II / MiFIR1 controls
CodeTitle
MiFID-II-Scope-Directive-2014-65-MiFIR-Regulation-600-2014-Effective-3-January-2018-ESMA-NCAs-AuthorisationMiFID II + MiFIR Scope + Directive 2014/65 + Regulation 600/2014 + 3 January 2018 + ESMA + NCAs + Authorisation

Maps to 32 other frameworks

8 total controls
Voluntary Principles on Security and Human Rights (VPs)
1 source controls mapped|1 target controls covered
13%
UAE Virtual Asset Regulatory Authority (VARA) Regulations
1 source controls mapped|1 target controls covered
13%
Nevada Gaming Control Board Cybersecurity Requirements
1 source controls mapped|1 target controls covered
13%
ISO 27019
1 source controls mapped|1 target controls covered
13%
API 1164
1 source controls mapped|1 target controls covered
13%
IEC 62443
1 source controls mapped|1 target controls covered
13%
Barbados Data Protection Act 2019
1 source controls mapped|1 target controls covered
13%
IAIS Insurance Core Principles (ICPs)
1 source controls mapped|1 target controls covered
13%
HITECH Act
1 source controls mapped|1 target controls covered
13%
OWASP Top 10:2025
1 source controls mapped|2 target controls covered
13%
OWASP ASVS
1 source controls mapped|1 target controls covered
13%
OWASP API Security Top 10 - 2023
1 source controls mapped|2 target controls covered
13%
Ghana Cybersecurity Act
1 source controls mapped|1 target controls covered
13%
FISMA
1 source controls mapped|1 target controls covered
13%
IEC 62351 - Power Systems Communication Security
1 source controls mapped|1 target controls covered
13%
ISO/IEC 27011:2024
1 source controls mapped|1 target controls covered
13%
ITAR - International Traffic in Arms Regulations
1 source controls mapped|2 target controls covered
13%
ASD Strategies to Mitigate Cyber Security Incidents
1 source controls mapped|2 target controls covered
13%
FDA 21 CFR Part 11
1 source controls mapped|1 target controls covered
13%
Azure Security Benchmark
1 source controls mapped|1 target controls covered
13%
MDS2 (Medical Device)
1 source controls mapped|1 target controls covered
13%
ISO/IEC 27400:2022
1 source controls mapped|1 target controls covered
13%
ISMAP (Japan)
1 source controls mapped|1 target controls covered
13%
AWS Well-Architected Security Pillar
1 source controls mapped|1 target controls covered
13%
MARS-E
1 source controls mapped|1 target controls covered
13%
HL7 FHIR Security Framework
1 source controls mapped|1 target controls covered
13%
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
1 source controls mapped|1 target controls covered
13%
13%
FedRAMP Rev 5
1 source controls mapped|1 target controls covered
13%

Frequently Asked Questions

What is MiFID II / MiFIR?

MiFID II / MiFIR is a compliance framework from European Union with 8 domains and 8 controls. The Markets in Financial Instruments Directive II (Directive 2014/65/EU) and the Markets in Financial Instruments Regulation (Regulation EU No 600/2014) constitute the EU's comprehensive framework for financial markets. Effective 3 January 2018, the framework sets rules for investment firms, trading venues, market transparency, and investor protection, and has been amended through a series of Delegated Acts and Regulatory Technical Standards (most recently in 2023) to address emerging market practices and regulatory objectives. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does MiFID II / MiFIR have?

MiFID II / MiFIR has 8 controls organised across 8 domains. The largest domains are Algorithmic Trading and Market Structure - MiFID II (1 controls), Best Execution Order Handling - MiFID II (1 controls), Client Categorisation Suitability and Appropriateness - MiFID II (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does MiFID II / MiFIR map to?

MiFID II / MiFIR maps to 32 other compliance frameworks. The top mapping partners are Voluntary Principles on Security and Human Rights (VPs) (13% coverage), UAE Virtual Asset Regulatory Authority (VARA) Regulations (13% coverage), Nevada Gaming Control Board Cybersecurity Requirements (13% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with MiFID II / MiFIR compliance?

Start your MiFID II / MiFIR compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about MiFID II / MiFIR requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 8 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.

Get Started Free →

Free forever — no credit card required