Algorithmic trading and artificial intelligence – ESMA supervisory briefing

On 26 February 2026, the European Securities and Markets Authority (ESMA) published a supervisory briefing to aid national competent authorities (NCAs) with their supervision of algorithmic trading in the EU under the Markets in Financial Instruments Directive II (MiFID II). 

In particular, investment firms engaged in algorithmic trading must ensure that their algorithms, algorithmic trading systems or algorithmic trading strategies are tested to avoid contributing to disorderly markets or facilitating abusive practices. Importantly, ESMA has taken a broad interpretation of what constitutes algorithmic trading.

In the briefing, ESMA also outlines the relevance of artificial intelligence (AI) to algorithmic trading and associated compliance with EU rules. Despite the lack of explicit reference to AI in MiFID II and in Commission Delegated Regulation (EU) 2017/589 (RTS 6), there is an expectation that investment firms should consider the influence of AI on their trading algorithms as part of their annual self-assessments. 

The ESMA briefing also provides detailed guidance on pre-trade controls (PTCs), including how these should be implemented, tested and managed.

While the ESMA briefing is not binding and is not subject to a “comply or explain” mechanism, it sets out the supervisory expectations regarding the EU rules.

Who should read this note?

EU investment firms engaged in algorithmic trading. It may also be helpful for non-EU investment firms (such as those in the UK) to consider as context for complying with similar rules.

What is “algorithmic trading”?

MiFID II defines “algorithmic trading” as trading in financial instruments where a computer algorithm automatically determines individual parameters of orders, such as:

• whether to initiate the order;
• the timing, price or quantity of the order; or
• how to manage the order after its submission,

in each case with limited or no human intervention. 

This expressly excludes any system that is only used for:

• routing orders to trading venues;
• processing orders without determining any trading parameters;
• confirming orders; or
• post-trade processing of executed transactions. 

As noted above, the definition of algorithmic trading requires “limited or no human intervention”. ESMA notes that many investment firms engaging in trading using computer algorithms rely on human intervention to control the trading process and risks involved; however, this does not negate the fact that a computer algorithm might have determined individual parameters of the order without human intervention (and so be considered algorithmic trading).

Examples

As noted above, ESMA emphasises that algorithms involving human intervention may still fall within the scope of algorithmic trading if they determine the parameters of orders. Examples given by ESMA include:

• Order generation logic – (i) generating orders based on market signals, portfolio strategies or risk thresholds; and (ii) signal-based trading, quantitative models, or machine learning-driven strategies (including where the activities are not involved in direct execution but influence algorithmic trade decision-making and parameter determination);
• Execution strategy selection – choosing between execution strategies (for example, aggressive vs passive), as these strategies influence how and when orders are placed and managed;
• Market condition analysis – analysing market data (for example, volatility, spread or depth) to determine whether and how to trade. This includes real-time decision-making based on external inputs;
• Portfolio rebalancing decisions – deciding to rebalance portfolios or adjust exposures based on pre-defined rules or market conditions;
• Risk management adjustments – adjusting trading behaviour based on risk metrics (for example, VaR, exposure limits or stop-loss triggers);
• Liquidity detection and response – detecting hidden liquidity or fragmented markets and adjusting order placement accordingly; and
• Cross-asset or cross-venue optimisation – determining which asset or venue to trade based on cost, latency or execution quality (beyond simple routing).

ESMA also notes that basic order processing may be algorithmic trading if it is automated. Examples given by ESMA of activities that would be algorithmic trading if automated include: 

• Slicing orders prior to execution – breaking down (or “slicing”) large orders to optimise execution;
• Execution-driven venue switching – automatically switching venues based on real-time changes to, for example, liquidity signals;
• Order reallocation or rebalancing – reallocating or rebalancing order distribution based on market conditions;
• Execution strategy optimisation – modifying order behaviour based on, for example, smart order routing; and
• Dynamic order modification based on market data – modifying price or quantity of orders based on market data. 

As such, investment firms should be alert to the wide interpretation by ESMA of the definition of “algorithmic trading”, as seemingly basic automated order processing activities could be caught (even if they require human authorisation prior to submitting the orders).

What is an “algorithm”?

ESMA defines “algorithm” as “a computerised set of instructions or rules that autonomously determines one or more parameters of a trading order”.

What is an “algorithmic trading strategy”?

ESMA describes an “algorithmic trading strategy” as “a set of decision logic, implemented through one or more algorithms, that autonomously pursues a defined trading objective”, which result in observable trading behaviour, that can be tested, distinguished and scrutinised.

Why does this matter?

Compliance

As noted above, investment firms engaged in algorithmic trading must ensure that their algorithms, algorithmic trading systems or algorithmic trading strategies are tested to avoid contributing to disorderly markets or facilitating abusive practices. 

Specifically, RTS 6 requires investment firms that use algorithmic trading to (among other things) conduct: 

• conformance testing;
• annual self-assessment and validation; and
• stress testing. 

Investment firms are responsible for testing their algorithms, algorithmic trading systems or algorithmic trading strategies (1) prior to their deployment, and (2) upon a material change or substantial update, which ESMA explains is “any modification that may alter the behaviour, risk profile, or compliance posture” of the algorithms, systems or strategies (which is broad). ESMA acknowledges that the scope, frequency and intensity of testing will vary depending on the nature, scale and complexity of the business, noting that investment firms engaged in highly complex algorithmic trading may need to implement more extensive testing practices. It is important that investment firms assess the cumulative impact of the developments made to their algorithms, as the individual iterations made through time, when viewed as a whole, may amount to a material change or substantial update to the algorithmic trading systems that trigger testing requirements. 

Responsibility

Regarding responsibility for compliance, ESMA states that:

• the investment firm engaging in algorithmic trading is fully and solely responsible for complying with the relevant algorithmic trading requirements, even if they outsource or use third-party algorithms;
• if an order is initiated by one party’s algorithm but executed by another party, the party that executes the order is responsible for complying with the algorithmic trading requirements;
• in cases where only one of the parties qualifies as an investment firm within the meaning of MiFID II, that party shall be deemed to be responsible for compliance. For example, when an algorithm is provided by a third-country entity which is not authorised to operate as an investment firm within the EU, the EU-based investment firm remains solely responsible for compliance with the algorithmic trading requirements; and
• direct electronic access providers (which can include brokers) are responsible for their clients’ compliance with the algorithmic trading requirements, even if their clients are also subject to the same requirements. 

As such, investment firms should ensure that their contracts with third-party providers provide them with sufficient access to (and control over) the algorithms and confirm each parties’ obligations, to ensure regulatory compliance.

Artificial intelligence

AI and algorithmic trading

Noting the potential of AI to materially change the output of algorithmic trading systems over time, ESMA recommends that investment firms recognise any AI that is used in algorithmic trading when complying with RTS 6. 

Specifically, when investment firms conduct their annual self-assessment and validation, RTS 6 requires firms to evaluate their: 

• algorithmic trading systems, trading algorithms and algorithmic trading strategies;
• governance, accountability and approval framework;
• business continuity arrangement; and
• overall compliance with Article 17 of MiFID II (regarding algorithmic trading). 

ESMA therefore encourages NCAs to review investment firms’ consideration of their AI use in their self-assessment and validation. If an investment firm’s current use of AI increases certain risks in its algorithmic trading, it may wish to evaluate such impact during its self-assessment.

RTS 6 also mandates investment firms to ensure that their compliance staff have at least a general understanding of how the algorithmic trading systems and trading algorithms of the investment firm operate. ESMA notes that if AI is used in an algorithmic trading system, this obligation should extend to the investment firm understanding how AI impacts their algorithms’ decision-making. 

AI Act

In addition, ESMA notes that algorithmic trading systems that are caught by the definition of an “AI system” will also need to comply with Regulation (EU) 2024/1689 (AI Act) (including transparency obligations, if applicable). An “AI system” is defined in the AI Act as “a machine-based system that is designed to operate with varying levels of autonomy and that […] infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments”.

Currently, using AI in trading is not considered to be “high risk” for the purposes of the AI Act, and so such uses are subject to lower compliance requirements under the AI Act (when the AI Act is applicable). However, ESMA specifically notes that what constitutes “high risk” is subject to annual review.

Pre-trade controls

The ESMA briefing also sets out further guidance on PTCs. The purpose of PTCs is to prevent (i) sending erroneous orders, and (ii) the malfunctioning of an investment firm’s system which could trigger disorderly markets conditions. By way of summary:

• Scope – investment firms should carry out PTCs on order entry for all financial instruments.
• Hard blocks and soft blocks – investment firms engaging in algorithmic trading are expected to establish two types of PTCs, being (i) “hard blocks” (which automatically block non-compliant orders) and “soft blocks” (which alert the trader without triggering a “hard block”). “Hard blocks” should be designed as mechanisms which (among other things) block orders exceeding set limits on repeated execution of an algorithmic trading strategy and, where possible, “hard block” parameters should be hard coded within an algorithm (ensuring that no order exceeding the limits can be introduced). The procedure for setting those parameters should be documented and involve at least the trading, risk management, and compliance functions.
• Calibration, testing and revision of PTCs – investment firms are expected to set the methodology for the calibration of PTCs and document their rationale, using quantitative data. Whilst each investment firm should independently set its methodology for PTC calibration, investment firms are expected to consider (among other things) the potential impact of the full range of any trading signals in accordance with which the investment firm’s algorithmic trading systems are designed to act, having regard to (i) whether such trading signals are generated using deterministic or non-deterministic technologies, and (ii) the risks posed by trading signals generated by more advanced AI-related technology (such as reinforcement learning, deep learning, neural-networks, and generative AI) when designing PTCs.
• Outsourcing – the investment firm is responsible for setting up, calibrating and testing PTCs, even in the case of (i) outsourcing of software used in the trading activity, or (ii) use of third-party systems which offer algorithmic trading functionalities. Any relevant contracts with software outsourcers or third parties should ensure that the provider ensures that the system, its operation and the algorithms deployed are compliant with the relevant legal requirements. However, it is important to note that (i) the investment firm is ultimately responsible for ensuring compliance, and (ii) regarding the setting and calibration of PTCs, investment firms should not fully rely on the other party and should actively contribute to the calibration of PTCs.
• Direct electronic access – investment firms offering direct electronic access are expected to apply PTCs to orders submitted by their clients to trading venues through the investment firm’s systems.
• Governance practices in relation to PTCs – investment firms are also required to engage in real-time monitoring to identify unanticipated trading activities undertaken by an algorithm. Unlike “hard blocks” and “soft blocks”, real time monitoring alerts may lead to various pre-defined remedial actions that target not only an individual order but also the usage of an algorithm for the financial instrument, market or client or the use of an entire algorithm. Such monitoring should involve two “lines of defence” and monitoring being undertaken: (i) by the trader in charge of the trading algorithm or algorithmic trading strategy, and (ii) by the risk management function or by an independent risk control function established for this purpose.

What are the practical takeaways from the ESMA briefing?

Investment firms should:

• scoping – assess whether their trading activities are within the scope of the definitions of algorithm, algorithmic trading or algorithmic trading strategy;
• tests and annual self-assessment – if necessary, conduct and document the RTS 6 tests and annual self-assessment on an article-by-article basis, indicating per relevant article whether it considers itself compliant, and conveying a clear rationale regarding its overall compliance status. Where AI is deployed within or alongside algorithmic trading systems, this should be specifically addressed as part of the self-assessment;
• documents – ensure that their contracts with relevant third-party providers give them sufficient access to (and control over) any algorithms used in their trading activities. Contracts should clearly delineate each party’s obligations so as to enable the investment firm to satisfy its regulatory compliance requirements, notwithstanding the outsourcing or delegation of any functions; and
• processes – establish and maintain processes to ensure that (i) compliance staff understand how any algorithmic trading systems and trading algorithms of the investment firm operate and, if relevant, the impact of AI on how the algorithms make decisions, (ii) appropriate PTCs are in place, calibrated, tested and documented, taking into account any outsourcing arrangements, and (iii) real-time monitoring is undertaken.

Please speak to your usual Macfarlanes contact if you have any questions.

Trainee solicitor Olivia Kim contributed to this article.