Central Bank of Ireland modernises consumer protection code and introduces standards for business

Today, the Central Bank of Ireland published the Consumer Protection Code 2025 ("CPC 2025") comprising:

(i) the Consumer Protection Code Central Bank Reform Act 2010 (Section 17A) (Standards for Business) Regulations 2025 ("Standards for Business Regulations"); and 
(ii) the Central Bank (Supervision and Enforcement) Act 2013 (Section 48) (Consumer Protection) Regulations 2025 ("Consumer Protection Regulations").

The new provisions will become effective on 24 March 2026. Until then, the Consumer Protection Code 2012 ("CPC 2012") continues to apply to regulated firms.

Consumer Protection Regulations

The CPC 2025 builds on the existing protections in the CPC 2012. The Central Bank aims to modernise the code, reflect the way financial services are provided in a digital world and centre the code on the obligation for firms to secure customers’ interests with the ultimate aim that firms will proactively take ownership of, and responsibility for, consumer protection  

The updates focus on digitalisation, informing effectively, mortgages and switching, unregulated activities, frauds and scams, consumers in vulnerable circumstances, and climate risk. The Central Bank has broadened the scope of the definition of "consumer" to increase the maximum annual turnover threshold from €3 million to €5 million.

The CPC 2025 does not apply to: (a) services provided by regulated entities to persons outside Ireland; (b) MiFID services (except for firms to whom Regulation 4(3) of the European Union (Markets in Financial Instruments) Regulations 2017 applies); (c) reinsurance business.

In addition to updating and incorporating the CPC 2012, the Consumer Protection Regulations also incorporate updated iterations of the Code of Conduct on Mortgage Arrears, the Central Bank (Supervision and Enforcement) Act 2013 (Section 48(1)) (Insurance Requirements) Regulations 2022 and the Central Bank (Supervision and Enforcement) Act 2013 (Section 48) (Licensed Moneylenders) Regulations 2020.

Standards for Business Regulations

The Central Bank's has issued the Standards for Business Regulations under powers introduced in the Central Bank (Individual Accountability Framework) Act 2023. The standards set out governance, resource and risk management requirements for regulated firms, as well as conduct standards. 

Exemptions apply in relation to: (a) MiFID services (except for firms to whom Regulation 4(3) of the European Union (Markets in Financial Instruments) Regulations 2017 applies); (b) credit union activities (other than when the credit union is acting as an insurance intermediary): (c) crowdfunding; and (d) reinsurance business. 

The Central Bank’s guidance on securing customers’ interests confirms that the Central Bank expects firms providing MiFID services to consider and apply the guidance in the context of fulfilling their obligation to “act honestly, fairly and professionally in accordance with the best interests of [their] clients”, in accordance with Regulation 31 of the European Union (Markets in Financial Instruments) Regulations 2017.

Publications

In addition to the regulations, the Central Bank also published Guidance on Consumer Protection Code 2025 (the "Guidance"). The Guidance is comprised of three documents: (i) Guidance on Securing Customers' Interest; (ii) Guidance on Protecting Consumers in Vulnerable Circumstances; and (iii) General Guidance on the Consumer Protection Code. 

The CPC 2025 is available not only as a PDF documents but also in an interactive HTML format on the website of Central Bank of Ireland. In the HTML format the provisions of the regulations are supplemented by a range of tools to aid users to navigate and better understand the revised Code. For example, requirements in the HTML version include links to related provisions in the Guidance. 

Consultation 

The publication of the CPC 2025 and Guidance follows a comprehensive review of the CPC 2012 and public consultation. Today the Central Bank also published its Feedback statement on the Consumer protection code which sets out the feedback it received during the consultation process. The Central Bank also published a mapping tool which shows where the CPC 2012, the Code of Conduct on Mortgage Arrears, the Central Bank (Supervision and Enforcement) Act 2013 (Section 48(1)) (Insurance Requirements) Regulations 2022 and the Central Bank (Supervision and Enforcement) Act 2013 (Section 48) (Licensed Moneylenders) Regulations 2020 are reflected in the CPC 2025. 

Next steps

Regulated firms will need to examine the CPC 2025 and the Business Standards ahead of their application on 24 March 2026 and make the necessary adjustments to internal and external documentation and processes. 

If you wish to discuss how to initiate your assessment of CPC 2025 and the business standards and to implement the requirements, please reach out to any of the individual contacts below.