28 March 2025
Share Print

The CBI's Consumer Protection Code 2025: What you need to know

To The Point
(3 min read)

With the newly published Consumer Protection Code 2025, the Central Bank of Ireland is bringing regulated financial services and products into the digital era. The financial services sector has until 24 March 2026 to update its practices and procedures to align with the new requirements that emphasise digitalisation and effective information. 

The Basics 

The Central Bank of Ireland (CBI) published the Consumer Protection Code 2025 (the 2025 Code) on 24 March 2025, after several years of review, discussion, and consultation. The 2025 Code has been consolidated into the existing legislation and will, when in force, replace the Consumer Protection Code 2012 (as amended) (the 2012 Code) in its entirety. The 2025 Code will come into force on 24 March 2026, giving regulated entities just under 12 months to get ready. New Standards for Business for regulated entities were released at the same time. In addition to the general rules in the 2025 Code, sector specific rules are included for insurance providers and intermediaries, credit institutions, and mortgage providers. 

Who and What Does the 2025 Code Cover?

Like the 2012 Code, the 2025 Code governs CBI financially regulated entities providing financial services in the Republic of Ireland. 

The 2025 Code seeks to further enhance existing consumer protections. 'Consumers' continue to be broadly defined as including people, groups of people and incorporated bodies (like a company) that have, individually or as part of a group, an annual turnover of less than €5 million, an increase from the €3m threshold under the 2012 Code).

The 2025 Code does not apply to services provided outside the Republic of Ireland. Additionally, it is restricted in scope depending on the type of financial product or service being provided. Regulated entities should therefore take care to familiarise themselves with their new obligations.

Generally, What Does It Do?

The 2025 Code builds on and strengthens the protection of consumers in a modern financial services market. 

1. Digitalisation

The 2025 Code recognises that financial products and services are more likely than ever before to be either promoted to or bought by consumers using their own technology. Previously, consumer protection in the financial services sector was technologically neutral. The 2025 Code recognises the modern way in which financial services are often advertised and delivered to consumers by bringing its requirements up to speed with digital technology.  

In cases where firms are offering their products and services via a digital platform, regulated firms should ensure that, the platform is designed in a way that is easy to use, understand, and navigate, accessible to non-professionals in that field; consumers are offered a sufficient opportunity to consider their options before entering into a contract; and consumers must opt-in to confirm they have read or understood the information provided to them.

2. Transparency

The 2025 Code and Standards for Business place significant emphasis on ensuring that consumers are provided with clear, accurate, and timely information to make informed decisions about the financial products and services with which they are presented. Where the 2012 Code focused on ensuring that consumers were provided with sufficient information about goods and services, the 2025 Code focuses on ensuring that consumers are effectively informed about financial services. In particular, the consumer is, in most cases, not a financial professional. Services should therefore be clearly named, technical terms clearly explained, and key information and warnings displayed prominently. The various Guidance notes published by the CBI provide useful case studies to help regulated entities comply. 

3. Advertising

Advertising must be clear, fair, accurate, and not misleading. The 2025 Code builds on the existing requirements that information in adverts be balanced, highlighting both benefits and risks. It also outlines specific requirements for social media advertising and the use of influencers, ensuring transparency and compliance with advertising standards.

Changes Worth Noting

The CBI has provided simplified guidance on its Consumer Hub, in order to make it easy for consumers to understand some of the notable changes in the 2025 Code, for example:

  • For insurance services, a consumer's explicit, opt-in consent will be required for the automatic renewal of gadget, travel, dental and pet insurance. 
  • Providing a basic overview of what lenders must do to make mortgage switching easier and clearer.

Standards for Business

The CBI also published revised Standards for Business, taking effect on the same date as the 2025 Code. The Standards require financially regulated entities to act in a certain way towards its consumers including, among others, to secure its customers' interests, to act with honest, integrity, due skill, care and diligence, to act in the customers' best interests, to ensure the information it provides to its customers is presented effectively and to counter risks of financial abuse.

The Bottom Line

The 2025 Code represents the culmination of efforts by the CBI to consolidate, improve and update consumer protection measures in response to evolving market conditions and the growing complexity of financial products and their delivery. Failure to comply with the 2025 Code could lead to potential sanctions, including cautions and reprimands, suspensions or revocations of authorisations, and monetary penalties up to the greater of €10m or 10% of the annual turnover, for financial regulated firms. 

Those entities, regulated by the CBI and to whom the 2025 Code shall apply, should review their practices and procedures to ensure that they will be compliant in advance of March 2026 now that the 2025 Code has been published.

To the Point 


Subscribe for legal insights, industry updates, events and webinars to your inbox

Sign up now