EBA Releases the Final Technical Package for ITS 4.2

What It Contains, Why It Matters, and What Comes Next for Institutions and RegTech Providers

On 25 November 2025, the European Banking Authority (EBA) released the final technical package for version 4.2 of its reporting framework. This release marks a major milestone in the modernisation of EU supervisory reporting: it completes the transition to the new DPM 2.0 semantic framework and establishes a single, metadata-driven foundation for regulatory data across the EBA landscape. 

For financial institutions, payment service providers (PSPs), and regulatory-reporting software providers, ITS 4.2 is not just another taxonomy update. It represents a structural shift in how regulatory data is defined, validated, exchanged, and supervised — and it sets a clear point of no return for the industry.

What Fundamentally Changed with DPM Refit and DPM 2.0

ITS 4.2 represents the final cutover to the new semantic reporting architecture. The EBA has completed the migration to the new semantic data dictionary, dropped DPM 1.0 from future publications, and placed all major reporting modules on the new stack. Only DORA remains temporarily on the legacy framework, with migration planned under ITS 4.3. 

Under DPM 1.0, regulatory reporting was largely template-centric: data definitions evolved around tables and cells, and semantics were often implicit. DPM 2.0 flips this architecture entirely.

DPM 2.0 introduces a semantic, metadata-driven model. Every regulatory concept is formally defined through metrics, dimensions, and hierarchies. Validation rules are expressed using a formal expression language; the taxonomy architecture has been redesigned and increasingly supports xBRL-CSV, and governance and versioning are significantly strengthened. The strategic objective is a single common data dictionary across EBA regulatory domains.

What’s Special About ITS 4.2

ITS 4.2, released at the end of 2025, is the final step of the DPM 2.0 transition. It is the first reporting framework where DPM 1.0 is no longer published. 

All major modules — COREP, FINREP, resolution, benchmarking, operational risk, and Instant Payments — are now fully DPM 2.0-native. Only DORA remains on the old framework and will migrate later. 

From reference dates around end-2025, institutions will report exclusively under this new semantic model. ITS 4.2 therefore represents the industry cutover point. 

Why This Update Matters

Harmonisation and consistency through DPM 2.0: Unified data definitions improve comparability across institutions and jurisdictions and reduce ambiguity in supervisory reporting. 

Increased technical demands: Legacy reporting solutions may struggle without upgrades to support the DPM 2.0 metamodel, more complex validation rules, and redesigned taxonomies. 

xBRL-CSV deadlines: The EBA postponed the mandatory switch to xBRL-CSV to 31 March 2026. From that date, all reports with reference dates on or after 31 March 2026 must be submitted or resubmitted in xBRL-CSV. New report types such as MiCA, Pillar 3, Instant Payments, and DORA remain CSV-only regardless of reference date. 

Implications for Financial Institutions and PSPs

• Data governance must become semantic-driven: internal data models, mappings, and controls need to align to regulatory concepts rather than report templates or cell coordinates. 
• Operational and payments data requirements expand: Instant Payments and operational risk reporting require new data capture, ownership, and controls beyond traditional prudential reporting. 
• Implementation timelines are compressed: institutions must complete mapping, testing, and dual-run activities while replacing a previously hybrid DPM environment. 
• Supervisory scrutiny will increase: richer metadata enables supervisors to identify cross-report inconsistencies more effectively, raising expectations around lineage and reconciliation. 
• xBRL-CSV readiness becomes mandatory: reporting solutions must support CSV-based submission and resubmission from March 2026 onwards. 

Implications for Regulatory-Reporting Software Providers

• DPM 2.0 must be embedded at the core of reporting platforms, including the semantic metamodel, expression language, and taxonomy architecture. 
• xBRL-CSV support, automated taxonomy ingestion, and scalable validation engines become baseline requirements. 
• A model-driven approach enables advanced capabilities such as semantic search, automated layout generation, and impact-of-change analysis. 
• Patching legacy platforms instead of re-architecting creates long-term technical debt and competitive risk. 

Practical Next Steps (January 2026 Reality Check)

By mid-January 2026, ITS 4.2 is no longer a future implementation exercise. For most institutions, the transition to DPM 2.0 is either live or at an advanced stage. As a result, “next steps” are no longer about initial planning, but about stabilisation, assurance, and supervisory readiness under the new semantic reporting model. 

1. Close residual gaps and document known limitations

By this point, institutions should have completed their core ITS 4.2 impact assessments and implemented the required changes. The focus now shifts to identifying and closing residual gaps, such as: 

• unresolved interpretation issues,
• temporary workarounds,
• dependencies on vendor releases or EBA hotfixes.

Where gaps cannot be closed immediately, they should be clearly documented, risk-assessed, and governed. Supervisors are far more tolerant of issues that are understood, controlled, and transparently communicated than of unexpected inconsistencies.

2. Validate semantic consistency across reports 

Internal data models should already be aligned to DPM 2.0 concepts. The remaining challenge is to demonstrate semantic consistency in practice: 

• across COREP, FINREP, resolution, and benchmarking, 
• across prudential, financial, and operational data domains. 

Institutions should actively use validation results, reconciliation breaks, and supervisory feedback to refine mappings and clarify data ownership. Under DPM 2.0, semantic misalignment is no longer hidden at template level—it becomes visible across frameworks.

3. Stabilise reporting platforms and prepare for mandatory xBRL-CSV

Reporting platforms should already support DPM 2.0 taxonomies and validations. Attention should now focus on operational robustness, including: 

• performance and scalability under xBRL-CSV,
• error diagnostics and resubmission processes,
• versioning and taxonomy update management.

With mandatory xBRL-CSV submissions applying from March 2026, institutions must be confident not only in initial submissions, but also in controlled resubmissions with full auditability.

4. Move from testing to post-submission assurance

Initial dry runs and first submissions should already have taken place. The priority now is post-submission assurance: 

• analysing rejected filings and validation warnings,
• responding to data quality questions from NCAs,
• adjusting controls, mappings, and processes based on actual supervisory outcomes.

This learning cycle should be formalised and embedded, rather than treated as a one-off remediation effort.

5. Embed DPM 2.0 into business-as-usual change frameworks

ITS 4.2 should no longer be treated as a standalone project. Institutions now need to embed the semantic reporting model into BAU operations: 

• taxonomy and validation rule updates,
• ongoing data quality monitoring,
• structured handling of supervisory queries.

This is also the foundation for upcoming changes, including ITS 4.3 and the migration of DORA to DPM 2.0. Institutions that remain in “project mode” will struggle to keep pace as semantic consistency expectations continue to rise.

What Supervisors Are Likely to Focus on Next

Following the first ITS 4.2 submissions, supervisory attention is expected to shift away from pure technical readiness towards data quality, consistency, and governance outcomes. 

In practice, supervisors are likely to focus on:

• Cross-report consistency: leveraging DPM 2.0 semantics to identify inconsistencies between COREP, FINREP, resolution, and benchmarking data.
• Repeat validation issues: distinguishing between one-off implementation issues and recurring weaknesses in data sourcing or controls.
• Transparency of limitations: assessing whether institutions can clearly explain known gaps, workarounds, and remediation plans.
• Operational resilience of reporting processes: including the ability to manage resubmissions, taxonomy updates, and xBRL-CSV processing under time pressure.
• Governance and accountability: clarity on data ownership, lineage, and escalation paths when issues arise.

Institutions that can demonstrate control, understanding, and continuous improvement will be better positioned than those that appear reactive or opaque. 
  
How PwC Can Help

PwC supports institutions in moving from ITS 4.2 implementation to stable, supervisory-ready operations under the DPM 2.0 semantic framework.

Based on the January 2026 reality, our support focuses on:

• Post-implementation assurance: independent reviews of first submissions, validation outcomes, reconciliation breaks, and supervisory feedback.
• Semantic consistency reviews: assessing alignment across reports and identifying structural causes of inconsistencies rather than treating symptoms.
• xBRL-CSV operational readiness: supporting institutions in stabilising CSV-based submissions, resubmissions, and audit trails ahead of mandatory deadlines.
• Governance and BAU operating models: helping embed DPM 2.0 into sustainable reporting, data governance, and change-management frameworks.
• Supervisory engagement support: preparing clear explanations, documentation, and remediation roadmaps for discussions with NCAs.

By combining regulatory expertise with strong data, technology, and transformation capabilities, PwC helps institutions move beyond compliance delivery and establish DPM 2.0 as a durable foundation for high-quality regulatory reporting.

Conclusion

ITS 4.2 is not just another taxonomy release. It is the moment the industry fully switches to a semantic, metadata-driven regulatory reporting model.

Institutions that move early can simplify reporting, improve data quality, and reduce operational friction. Those that delay will face growing implementation complexity and supervisory pressure.

We invite readers to connect with PwC’s regulatory reporting and data experts to discuss how ITS 4.2 and DPM 2.0 affect their organisation and how to turn regulatory compliance into a strategic data advantage.