European investor protection regulation: a comparative analysis between Italy and Denmark

by Claudia Milli* and Niels Skovmand Rasmussen**

ABSTRACT: This article aims to undertake an analysis of the divergences concerning the regulation, enforcement, and judicial interpretation of retail investor protection within the legal frameworks of Italy and Denmark. Through a methodical comparative legal research, the study seeks to find out whether the heterogeneity of national practices engenders legal uncertainty or, alternatively, contributes valuable doctrinal perspectives that may substantively inform and advance the discourse on harmonization at the supranational European level.

SUMMARY: 1. Introduction; 2. The Private Enforcement of MiFID II and Common EU-Law Principles on National Sanctions; 3.Private Enforcement of MiFID II in the Italian Legal System; 4. Private Enforcement of MiFID II under Danish Law; 4.1. A historical account of MiFID II’s private enforcement; 4.2. Derived private law consequences from conduct of business rules; 4.3. Preliminary conclusion. 5. Comparative assessments; 6. Conclusions.

KEY WORDS: enforcement, investor; protection; Italy; Denmark.

1. In the context of EU law harmonisation, it is often the case that specific private law remedies and procedural frameworks are not explicitly prescribed. However, where EU law confers rights upon individuals, it is incumbent upon national legal systems to ensure that individuals have access to remedies[1] that are both effective and equivalent for the enforcement of these rights. To ensure the effectiveness of EU law, the precise scope and substance of such private law rights must be assessed in accordance with the underlying protective objectives of the relevant legal acts.

European financial law adopts a sectoral model, which is distinctly organized into three broad categories that characterize financial markets: banking, capital markets, and insurance/occupational pension funds[2]. Each of these sectors operates under its own legal framework, which is often structured in separate regulatory packages[3].  This also mean that the weaker party to be protected—whether a depositor, client, customer, investor[4]—varies significantly depending on the sector, meaning that the target of protection defined by different statutes is flexible and aligned with the specific aims of each sector.

Over time, this institutional and regulatory framework has evolved, sometimes challenging the traditional sectoral approach. For example, the regulation of financial conglomerates or the PRIIPs Regulation[5] represent departures from this model. Nevertheless, these exceptions do not amend the overall framework. However, this fragmented regulatory landscape poses a risk of establishing an uneven playing field, particularly in terms of the protection of retail investors. Research in the field[6] highlights that harmonizing regulations across sectors is crucial for making investor protection more effective, consistent, and efficient within the EU. Often, the technical differences in applying similar rules across sectors lead to excessive complexity without providing substantial benefits[7].

In this context, comparing the implementation and judicial interpretation of investor protection rules in two distinct Member States—Denmark and Italy—offers a valuable opportunity to assess how national legal systems interact with the EU’s sectoral regulatory model.

Despite operating under the same Union-wide directives and regulations, these jurisdictions exhibit notable differences in terms of regulatory technique, supervisory structure, and the role of the judiciary in shaping financial consumer protection.

In this perspective, this article aims to explore these differences, focusing in particular on how retail investor protection is framed, enforced, and interpreted in both countries. Through a comparative legal analysis, the study seeks to identify whether divergent national practices contribute to legal uncertainty or, conversely, offer complementary insights that could inform future harmonization efforts at the European level. It is worth noting that our focus is limited to the Capital Markets Union’s field, bearing in mind that financial law is a highly integrated field.

2. The effective implementation of enforcement mechanisms—aimed at minimizing harmful behaviour while keeping costs low for both consumers and regulators— is essential for the success of EU financial regulation in achieving its intended goals. As such, the establishment of regulatory standards must go hand in hand with robust supervisory and enforcement frameworks. However, the formulation of these frameworks is significantly hindered by the divide between financial regulation and private law, a gap that is particularly apparent in the current enforcement environment[8].

One of the key challenges stems from the increasing involvement of public authorities in overseeing and enforcing rules within areas traditionally governed by private law. At first glance, private law generally regulates relationships between private parties—such as contracts between individuals or companies—without direct intervention by public entities. However, in practice, especially in financial and economic contexts, public authorities now play an active role in supervising these private interactions and can impose sanctions, such as fines or other administrative penalties[9].

This creates a complex dynamic because enforcement is no longer simply a matter between two private parties; rather, it involves a public body exercising regulatory powers in a domain that has historically been private. This blurs the lines between private law and public law functions and raises important questions about whether the existing European private law framework is adequately equipped to handle such formal enforcement actions.

These types of sanctions are exemplified in legislative frameworks such as MiFID II, which explicitly defines the scope of administrative penalties—including monetary fines—aimed at addressing breaches of investor protection rules. MiFID II also provides detailed guidance on how competent authorities should assess and determine the appropriate level of sanction to be applied. This illustrates how public supervisory powers are operationalized within private law contexts, underscoring the need for a clear and coherent enforcement strategy that aligns private law principles with public regulatory objectives.

The private enforcement of EU financial market regulation, particularly under MiFID II, must be understood against the backdrop of a gradual but profound evolution in the Union’s legal framework governing the interplay between public regulatory sanctions and private law remedies. This evolution begins with the Investment Services Directive (ISD) 2004/39/EC[10], which laid the foundational regulatory architecture for investment services in the EU but offered limited explicit mechanisms for private enforcement. ISD primarily entrusted national competent authorities with supervisory and administrative sanctioning powers aimed at ensuring market integrity and investor protection. Private enforcement, in the form of claims for damages or contractual remedies by investors, was not comprehensively addressed, reflecting a regulatory model focused on public law enforcement.

The development from ISD to MiFID I (Directive 2006/73/EC) introduced more detailed obligations on investment firms, including transparency and conduct of business rules, gradually highlighting the importance of private law consequences arising from breaches of these obligations. The Court of Justice of the European Union (CJEU) played a pivotal role in this transition. Through its jurisprudence, the Court clarified that EU financial market rules could have direct effects on private relationships and could justify private claims for compensation where regulatory breaches resulted in investor harm[11]. MiFID II (Directive 2014/65/EU)[12], representing a comprehensive recast of the original MiFID framework, explicitly integrates the objective of harmonizing national sanctioning regimes while enhancing investor protection mechanisms. Unlike its predecessors, MiFID II introduces detailed provisions on both administrative sanctions imposed by national regulators and the facilitation of private enforcement by investors. It mandates Member States to ensure that breaches of MiFID II rules—ranging from transparency requirements to conflicts of interest—can trigger effective, proportionate, and dissuasive sanctions. Simultaneously, the Directive’s recital and implementing acts recognize the crucial role of private enforcement, encouraging national courts to provide investors with access to effective remedies, including compensation for losses suffered due to non-compliance[13].

Moreover, MiFID II’s emphasis on private enforcement aligns with the EU’s recognition that regulatory authorities alone cannot fully ensure compliance or remedy investor harm. Private litigation and compensation claims serve as complementary tools to public sanctions, fostering deterrence and reinforcing market confidence. This dual approach—public sanctioning complemented by private enforcement—embodies a balanced and nuanced system designed to address both systemic risks and individual investor grievances[14].

3. In the Italian legal system, the private enforcement[15] of MiFID II is a cornerstone of investor protection, operating alongside the public enforcement actions of national authorities such as CONSOB and the Bank of Italy. The legal framework, primarily transposed into the Consolidated Law on Finance (TUF), allows investors to seek judicial redress for breaches of conduct rules by financial intermediaries. Such violations are consistently framed as a breach of the framework investment agreement, grounding the intermediary’s liability in contract law pursuant to Articles 1218 and 2043 of the Italian Civil Code[16]. The primary and most established remedy available to investors is damages (alterum non laedere). According to the settled case law, once the investor has alleged the intermediary’s non-compliance and proven the existence of a loss and the causal link between the two, the burden of proof shifts to the intermediary to demonstrate that it acted with the specific professional diligence required by law[17]. Conversely, the remedy of nullity for the breach of conduct rules—such as those concerning the suitability or appropriateness assessments—is firmly rejected. This principle was established by the landmark rulings of the Court of Cassation, sitting as Joint Civil Sections, which clarified the distinction between “rules of conduct” and “rules of validity”[18]. The violation of the former, which govern the parties’ behaviour during the performance of the contract, only gives rise to a claim for damages. The latter, which pertain to the structural elements of the contract (such as the requirement of a written form for the framework agreement), can lead to its nullification. This orientation has been consistently confirmed by subsequent jurisprudence, which has solidified the principle that private enforcement in Italy effectively channels investor claims towards compensation for losses rather than the invalidation of investment orders[19].

This situation is confirmed, among other things, by the ruling of the Italian Supreme Court (Cassazione) dated August 31, 2021, no. 23655, which states that “public enforcement and private enforcement should not be confused, as they have different natures and purposes”. Specifically, it explains that public enforcement tools mainly serve a punitive function and aim to protect the public interest, such as ensuring competitive markets, while private enforcement tools have a primarily reparative function, meaning they address disputes between private parties. In summary, these are two types of protection that sometimes overlap but operate independently and separately.

A potential legislative development could involve the introduction of evidentiary presumptions in civil proceedings arising from final public enforcement decisions. This would enhance the coherence of the dual-track enforcement model and facilitate investor access to effective remedies, particularly in cases where factual and legal complexity deters litigation. In practice, quantifying the recoverable loss presents significant challenges, especially in scenarios involving complex financial products whose underperformance does not clearly equate to unsuitability. Italian courts tend to adopt a conservative approach in awarding damages, often requiring a high standard of proof on both the causal link and the extent of the economic prejudice.

Despite the systemic nature of certain breaches, collective redress mechanisms remain largely underutilized in the Italian context. The reformed class action framework (as per Legislative Decree No. 28/2020) has yet to produce a substantial body of case law in the area of investor protection, highlighting the enduring reliance on individual claims.

In the evolving context currently under analysis, the most pertinent aspect for the purposes of this study is a further innovation, once again initiated by judicial case law. Specifically, the recognition of the status of “privileged source of ascertainment” attributed to the decisions of regulatory authorities within the framework of public enforcement tools marks a shift from the factual to the legal plane. That is, it evolves from merely acknowledging the establishment of a historical fact (such as the conclusion of a restrictive agreement) to recognizing the persuasive value of the authority’s decision (where not challenged, or where any challenge has been dismissed) concerning the invalidity of a specific contractual clause. This clause, in contrast, pertains to an assessment with a predominantly legal content[20].

Although judicial enforcement holds significant potential to enhance protection for retail investors, the analysis reveals notable disparities in the degree to which investors affected by breaches of conduct of business rules can effectively obtain damages under national private law. Investors still encounter considerable difficulties in establishing the violation of private law standards, meeting the requirement of relativity, and demonstrating factual causation.

4. The conduct of business rules in MiFID II are implemented in the Executive Order on Investor Protection in Securities Trading that apply to securities dealers (værdipapirhandlere) as a collective term.^[21] Today the executive order is based on various sectoral acts for investment services companies,^[22] alternative investment funds,^[23] as well as credit institutions, mortgage-credit institutions and investment management companies.^[24] However, the scholarly debate on private enforcement of public law obligations dates back to the Act on Credit Institutions and Mortgage-credit Institutions from 1974,^[25] and it is not reserved to implementing measures under MiFID II. To provide a comprehensive understanding, the following discussion therefore engages more broadly with conduct of business rules aimed at protecting retail investors.^[26]

4.1 In Danish legal theory, a clear distinction is made between private and public law obligations. The conduct of business rules fall under the latter, as they are rooted in legislation, overseen by a public authority, and enforced through fines or injunctions.^[27] Nevertheless, violation of public law obligations occasionally have derived private law consequences, provided these obligations create legitimate expectations from the investor.^[28] This connection is recognised in the preparatory works to Section 43(1) of the Financial Business Act, which previously stated that: “A violation of the public law rules on good practice does not, for example, automatically entail that the specific agreement between the financial undertaking and the customer is invalid or unenforceable. Such an assessment of the agreement must, as before, be referred to a decision by one of the financial complaints boards or brought before the ordinary courts.”^[29]

Thus, in assessing the private law consequences of breaches of public law obligations, both courts and financial complaints boards draw on general principles of private law, such as pre-contractual good faith and the duty of care.^[30] Similarly, the Guidance to the Executive Order on Good Practice for Financial Undertakings from June 2003 held that non-compliance with the executive order could have consequential implications for certain private law matters.^[31] However, legal scholars criticized this blurring of boundaries between disciplines, arguing that the conduct of business rules encroach upon an area traditionally covered by private law.^[32] Originally, the financial complaints boards (now consolidated as the Financial Complaints Board) appeared reluctant to apply the conduct of business rules in their decisions.^[33] The question remains, however, whether this reluctance stems from the legal classification as public law. For example, the chairman of the Financial Complaints Board for Credit Institutions highlighted in 2003 that “the requirement in Section 3 of the Executive Order on Good Practice for financial undertakings that the financial undertaking ‘must act honestly and loyalty towards its customers’ does not in itself provide much help in determining what constitutes good practice.”^[34] Subsequently, the head of the secretariat of the Financial Complaints Board for Mortgage Credit explained in the 2009 annual report that the conduct of business rules may have been considered in the private law assessment, even though the complaints boards do not explicitly refer to the rules in their decisions. In addition, it was noted that: … [The] private law rules – the written ones in the form of the Marketing Practices Act, the Credit Agreements Act, the Contracts Act, the Act on Certain Consumer Contracts, the Limitation Act, etc., and the unwritten ones in the form of professional liability – often, in principle, impose the same requirements on the professional party as the good practice rules. The outcome in decisions would therefore, in most cases, be achievable regardless of whether good practice rules existed and regardless of whether these were assumed to have a direct civil law effect.^[35]

The legal dispute does not seem to question the general principle that violations of public law can lead to derived private law consequences. Instead, it focuses on whether specific conduct of business rules can produce such consequences and whether their application is essential for resolving private law disputes before the Financial Complaints Board.

In December 2012, the Minister for Business and Growth established an expert committee to address liability for advice on financial products. The committee’s final report stated that “the remarks in the  guidance to the Executive Order on Good Practice for financial undertakings regarding the relationship between conduct of business rules on the one hand and civil law on the other are not an accurate description of the legal position. The committee has, in this regard, emphasized that it is evident from the  case law of the financial complaints boards and courts that violations of public law rules are increasingly significant in assessing whether a financial undertaking incurs liability for damages.”^[36] Inspired by the Marketing Practices Act, a new provision was introduced in the Financial Business Act to address the private law consequences of breaching conduct of business rules.^[37] It follows from section 43a that actions contrary to rules issued pursuant to section 43(2) incur liability for damages in accordance with general Danish legal principles. This includes the Executive Order on Investor Protection in Securities Trading that implements MiFID II’s conduct of business rules.

Some scholars view Section 43a of the Financial Business Act as superfluous, arguing that breaches of public law obligations already entail private law consequences.^[38] Notably, the provision seeks not to modify but to confirm the developing legal stance. The preparatory works add that only conduct of business rules aimed at protecting private interests are relevant for assessing liability.^[39] However, neither the preparatory works nor the committee report explain how to clearly distinguish between public and private interests.^[40] This may be the reason why Section 43 a has not been widely invoked or applied over the past ten years.^[41]

4.2 Before providing advice, the financial undertaking must assess the customer’s circumstances, including their experience with relevant financial services, the purpose of obtaining the service, and their risk tolerance.^[42] This Know Your Customer-obligation ensures tailored advice suited to the customer’s needs.^[43] The Financial Complaints Board has cited non-compliance with this requirement as grounds for easing or reversing the burden of proof in its decisions.

In PAN 1192/2009, the respondent credit institution had advised the complainant, who was born in 1923 and retired, to sell secure government and mortgage bonds and instead invest in complex, structured bonds. The minority found that the investment firm’s advice to the customer did not comply with Section 21 of the Executive Order on Good Practice for Financial Undertakings (now article 9(1)). It was thus not demonstrated that the credit institution had sufficiently informed the complainant about the complexity and risks of the structured bonds or discussed the complainant’s risk tolerance with them. The investment firm was therefore required to repurchase the complainant’s remaining bond holdings at the acquisition price.^[44]

The minority’s rationale highlights several aggravating factors, including the complainant’s advanced age, the complexity of the financial product, and the investment firm’s apparent failure to engage the complainant in developing the investment profile. As a result, the violation of the Executive Order on Good Practice for Financial Undertakings can reasonably be deemed significant and evident. It explains why the minority opted to reverse the burden of proof in this case. Conversely, the majority voted to dismiss the case due to evidentiary uncertainty, thereby not addressing the burden of proof issue

The MiFID II rules on appropriateness test is implemented in section 12 of the Executive order on Executive Order on Investor Protection in Securities Trading. Non-compliance with this obligation may directly impact the burden of proof:

In PAN 571/2008 the Financial Complaints Board found that certain transactions involving ScandiNotes and Kalvebod bonds did not meet the conditions of section 19 of the Investor Protection Regulation, and thus could not be executed under the execution-only rules. In connection with the customer’s purchase of the bonds in June 2008, the credit institution should therefore have conducted a appropriateness test pursuant to section 17 of the regulation to determine whether the customer had the necessary experience and knowledge to understand the specific risks associated with these bonds, and, if not, should have explicitly informed the customer of this. Under these circumstances, the appeals board found that it was incumbent on the credit institution to prove that the lack of advice had no impact on the customer’s decisions.^[45]

These circumstances alone were not sufficient to establish that the credit institution acted negligently, as the Financial Complaints Board also emphasized the lack of risk diversification in its assessment. However, once the burden of proof has been reversed, it becomes significantly more challenging for the credit institution to successfully defend itself in such cases.

Section 8(3) of the Executive Order on Good Practice for Financial Undertakings mandates that a financial undertaking’s advice must prioritize the customer’s interests and provide a robust basis for informed decision-making.^[46] The accompanying Guidance specifies that this obligation aligns with the professional standards expected within the relevant advisory field.^[47] Historically, the Financial Complaints Board has been reluctant to invoke this discretionary provision in its rulings.^[48] However, the Jyske Invest Hedge case marks a significant exception to this trend.

In connection with Jyske Invest’s marketing in the summer of 2007 of the product Jyske Hedge, a sales brochure was distributed as part of the marketing material, which included a subscription prospectus and the association’s articles of association. The brochure contained a range of information about the association and, in the first part of the material, painted a very positive picture of the product, while the risks associated with the investment were not particularly highlighted. Approximately 35,000 of Jyske Bank’s existing customers, whom the credit institution assessed might be interested in investing in the association, received the brochure. During the autumn of 2007, Jyske Bank sold shares in Jyske Hedge to a number of customers. The subscription price was typically 102. During the autumn of 2008, there was a significant drop in the price (to approximately 20). The price drop led to a large number of complaints to the Danish Financial Institutions’ Complaints Board. The cases typically concerned the issue of compensation for deficient advice in connection with the investment.^[49]

In a later administrative decision, the Danish Financial Supervisory Authority found that the investment company had not generally taken steps to rectify that the sales brochure did not provide a balanced description of the product’s characteristics and the risks associated with the investment. However, Finanstilsynet cannot assess whether the financial undertaking provided correct advice in specific cases.^[50] With reference to this decision, the Financial Complaints Board found that it was incumbent on the investment company to prove that the complainants, prior to the purchase of Jyske Hedge, had received adequate financial advice.^[51]

The Jyske Invest Hedge case illustrates that, under certain conditions, broad and discretionary conduct of business rules can give rise to private law consequences. However, a key challenge lies in the limited influence retail investors have over whether the Danish Financial Supervisory Authority chooses to pursue enforcement action against a financial institution. This may lead to inconsistencies, as the outcome of a case can depend on whether supervisory action is taken before or after the Board’s review.

4.3 The Financial Complaints Board’s rulings do not demonstrate a clear and consistent approach to when and how private law consequences should be applied. However, the conduct of business rules introduced under MiFID I and further refined in MiFID II represent a notable exception. These rules establish clear, individual rights for customers in their dealings with investment firms, which is likely to explain their more consistent application. In contrast, the prohibition against misleading marketing—set out in Section 4 of the Executive Order on Good Practice for Financial Undertakings, which implements Articles 6 and 7 of the Unfair Commercial Practices Directive—has seen a less consistent application of private law consequences. It may be ascribed to the nature of the provision as prohibitive legislation aimed at protecting customers collectively, rather than conferring enforceable individual rights. As a result, the application of private law consequences appears to depend on whether the obligation in question provides direct or merely indirect protection to the investor.

5. A comparative examination of Italy and Denmark reveals distinct pathways in the private enforcement of MiFID II, even as both member states operate within the unified framework of EU directives and regulations. Despite the overarching goal of EU harmonization, significant differences persist in national regulatory techniques, supervisory structures, and the pivotal role of the judiciary in safeguarding financial consumers. While these divergences might introduce a degree of legal uncertainty, they simultaneously offer invaluable insights that could inform and enhance future harmonization efforts across Europe.

A closer look at the key differences underscores these varying approaches. Regarding the legal classification of conduct rules, Italy consistently frames breaches of MiFID II conduct rules as a breach of contract, leading to liability under Articles 1218 and 2043 of the Italian Civil Code, with damages as the primary investor remedy. Italian courts emphatically reject nullity as a remedy for such breaches, drawing a clear distinction from “rules of validity” that pertain to a contract’s structural elements. In contrast, Danish conduct of business rules are generally categorized as public law obligations, subject to public authority oversight and enforced through fines or injunctions. Nevertheless, violations can still trigger derived private law consequences if they engender legitimate expectations for the investor. The Danish legal discourse, while not disputing the overarching principle of public law violations leading to private law consequences, zeroes in on the specific conduct rules and their necessity in resolving private law disputes. In Italy, judicial practice increasingly treats regulatory authority decisions in public enforcement as a “privileged source” for civil cases, effectively lending them significant legal weight, though public and private enforcement remain separate. In Denmark, the Financial Complaints Board lacks a consistent method for applying private law consequences from public enforcement actions. Despite some cases showing this link, a major issue is retail investors’ limited influence on whether the Danish Financial Supervisory Authority pursues enforcement, leading to inconsistent outcomes. Essentially, Italy integrates public findings more into private law, while Denmark’s approach is less structured and more dependent on public authority action.

From a different standpoint, in Italy, once an investor proves loss and causation from intermediary non-compliance, the burden of proof shifts to the intermediary to demonstrate professional diligence, though quantification of loss and causation remain complex and collective redress underused. In Denmark, breaches of “Know Your Customer” or appropriateness obligations often ease or reverse the burden of proof in favor of the investor, complicating defenses for credit institutions. Courts frequently rely on private law principles such as pre-contractual good faith and the duty of care.

Moreover, the Italian legal framework, primarily the Consolidated Law on Finance (TUF), facilitates judicial redress, primarily channeling claims toward compensation for losses rather than the invalidation of contracts. There is a perceptible tendency to maintain a clear distinction between various legal instruments, without fully integrating public and private law tools. In Denmark, Section 43a of the Financial Business Act, inspired by the Marketing Practices Act, explicitly states that actions contrary to conduct of business rules incur liability for damages based on general Danish legal principles. While some scholars argue this provision is superfluous given existing private law consequences, its intent is to affirm the evolving legal stance rather than modify it. However, its limited invocation suggests inherent difficulties in clearly distinguishing between public and private interests for liability purposes. In essence, while both nations endeavor to safeguard investors under MiFID II, Italy’s approach heavily leans on a contractual liability model with a clear demarcation between validity and conduct rules, coupled with a growing, albeit separate, recognition of supervisory authority decisions. Denmark, conversely, navigates a more fluid boundary between public and private law, where public law obligations can yield private law consequences, particularly impacting the burden of proof, with recent legislation aiming to solidify this connection. These disparate interpretations and applications collectively underscore the enduring challenge of achieving a truly harmonized investor protection framework across the European Union.

6. The article has examined the private law implications of MiFID II’s conduct of business rules in Italy and Denmark. A pivotal aspect that emerges from this analysis is the importance of emphasizing the cross-border context, particularly within the framework of the single market’s investment operations. Consider, for instance, a bank headquartered in Italy operating through a branch in Denmark: in such a case, the private law implications may give rise to significant uncertainties with practical consequences. These uncertainties do not primarily stem from differences between the legal systems of the Member States, but rather from the lack of a harmonized framework for consumer protection[52]. This legal fragmentation constitutes a genuine barrier to market entry or effective cross-border activity. Specifically, the absence of clarity regarding the applicable rules governing consumer relationships may discourage banks from engaging in or continuing cross-border operations, thereby hindering one of the European integration’s core objectives: the free provision of financial services within the Union.

One critical issue is whether there is a legal basis at the EU level for harmonising private law remedies in the context of MiFID II. Della Negra has previously argued that the harmonisation of private law rules may be justified for regulatory measures that ultimately aim to foster freedom of establishment. The main rationale is to strengthen investor confidence in EU financial markets by promoting greater uniformity in private law and civil liability standards.[53]

This argument finds support in legislative practice. For example, the PRIIPs Regulation introduces civil liability rules based on Article 114 TFEU.[54] While it does not pursue full harmonisation of private law, it provides a structured framework by defining the key elements of liability: the nature of the remedy (civil liability), the liable party (PRIIP manufacturer), the beneficiary (retail investor), and the actionable misconduct (a misleading, inaccurate, or inconsistent key information document). Crucially, the PRIIP Regulation leaves the interpretation of core private law concepts such as “loss” and “damages” to national legal systems. This balanced approach limits Member States’ discretion in implementing EU law while respecting the principle of subsidiarity. It may thus serve as a viable model for future reforms of the MiFID II conduct of business rules.

---

* Research Fellow at Ca’ Foscari University of Venice.

**Associate Professor at University of Southern Denmark.

Paragraphs 1, 2, 3, 5 are to be attributed to Claudia Milli. Paragraphs 4, 4.1, 4.2, and 4.3 are to be attributed to Niels Skovmand Rasmussen and are based on previous research, notably God skik-reglernes afledte privatretslige konsekvenser belyst gennem produktets livscyklus published in Tidsskrift for Rettsvitenskap, vol. 136, 2–3/2023 p. 234–260. Paragraph 6 is to be attributed to both authors.

This contribution has been prepared within the framework of the PRIN_2020 Project – “An analysis of the Italian financial legal framework vis-à-vis the Capital Markets Union action plan: the perspective of regulatory fragmentation and sustainability”.

The research unit involved is Ca’ Foscari University of Venice, coordinated by Professor Alberto Urbani.

[1] In the Italian literature, on the traditional criteria for distinguishing between private and public law remedies, see: U. MATTEI, I rimedi, in Il diritto soggettivo, in Trattato di diritto civile, diretto da Rodolfo Sacco, Torino, 2001, p. 124.

[2]European Commission, Overview of financial services legislation, retrieved from https://finance.ec.europa.eu/regulation-and-supervision/financial-services-legislation/overview-financial-services-legislation_en.

[3] For deeper dives into the specifics of regulation within each sector, you would then cite the relevant EU Directives and Regulations (e.g., CRD/CRR for banking, MiFID/MiFIR for capital markets, Solvency II for insurance).

[4] Cf. F. ANNUNZIATA, Retail Investment Strategy – How to boost retail investors’ participation in financial markets, in Policy Department for Economic, Scientific and Quality of Life Policies Directorate-General for Internal Policies, June 2023.

[5] Regulation (EU) No 1286/2014 of the European Parliament and of the Council of 26 November 2014 on key information documents for packaged retail and insurance-based investment products (PRIIPs).

For the shortcomings of PRIIPS, see V. COLAERT, The Regulation of PRIIPs: Great Ambitions, Insurmountable Challenges?, 2016, available at https://ssrn.com/abstract=2721644.

[6] One for all, F. DELLA NEGRA, MiFID II and Private Law Enforcing EU Conduct of Business Rules, Oxford, 2019.   

[7] For an analytical and comprehensive analysis of most of these differences, see COLAERT, V., BUSCH, D., INCALZA, T. (eds.), European Financial Regulation: Levelling the Cross-Sectoral Playing Field, Hart Publishing, Oxford, 2019. See J. CRINJS, M. HAENTJENS, R. HAENTJENS, The enforcement of EU Financial Law, Hart, 2022.

[8] See O. O. CHEREDNYCHENKO, Two Sides of the Same Coin: EU Financial Regulation and Private Law,  Yearbook of European Law, 40(1), 2021, p. 123-149; O. O. CHEREDNYCHENKO, Financial Regulation and Civil Liability in European Law,  in O. O. CHEREDNYCHENKO, M. ANDENAS, Financial Regulation and Civil Liability in European Law, 2020, pp. 1–28. The latter provides an in-depth analysis of the relationship between the two legal branches and how they affect enforcement, frequently highlighting the challenges stemming from their disconnection.

[9] D. LECZYKIEWICZ, S. WEATHERILL, The Involvement of EU Law in Private Law Relationships, Oxford, 2013.

[10] F. ANNUNZIATA, Regole di comportamento degli intermediari e riforme dei mercati mobiliari, Milano, 1993.

[11] Genil Case, for more, see, H. MALEK QC, S. BOUSFIELD, Private enforcement under MiFID II & MiFIR, in Butterworths Journal of International Banking and Financial Law, September 2017.

[12] MiFID II and MiFIR, in force since January 2018, are just the peaks of a wide package of normative measures, that build on the pre-existing MiFID I rules, enlarging and deepening their scope. Moreover, MiFID II, with its plethora of L2 measures, and a huge body of soft law developed by ESMA, is a typical example of the post-Financial Crisis EU legislation. The MiFID II regime is composed of Directive 2014/65/EU of 15 May 2014 (MiFID II), and Regulation (EU) No 600/2014 of 15 May 2014 (MiFIR), see N. MOLONEY, EU Securities and Financial Markets Regulation, 3rd ed., Oxford, 2014, p. 35.

See on this matter, F. DELLA NEGRA, MiFID II and Private Law Enforcing EU Conduct of Business Rules, op. cit.. Dr. Della Negra has contributed to this issue with a new and important essay, The civil effects of MiFID II between private law and regulation, published in Quaderni di ricerca giuridica della Banca d’Italia n. 90, “Private and public enforcement of EU investor protection regulation”, in Conference papers, Rome, 4 October 2019, 81 ff.

With specific regard to the selling of structured products see G. SCHAEKEN WILLEMAERS, Client protection on European financial markets – from inform your client to know your product and beyond: an assessment of the PRIIPs Regulation, MiFID II/MiFIR and IMD 2, in Revue Trimestrielle de Droit Financier, Vol. 4, No 4, 2014, pp. 1-32.

[13] This is explicitly stated in Article 70, paragraph 1, which details the administrative sanctions and measures to be applied for various infringements, including those outlined in Article 23 (conflicts of interest) and the broader conduct of business rules (Articles 23-27), as well as transparency requirements generally referenced within the Directive. Simultaneously, MiFID II, particularly through Recital 144, recognizes the crucial role of private enforcement, emphasizing the need for extra-judicial mechanisms for consumer complaint resolution to ensure investors have access to effective remedies. This principle is further reinforced by the general EU law requirement for “effective remedies” (as interpreted by the CJEU in cases like Genil), which encourages national courts to provide investors with concrete avenues, including compensation for losses suffered due to non-compliance. This dual approach—public sanctioning complemented by private enforcement—serves as a balanced and nuanced system designed to address both systemic market risks and individual investor grievances, fostering deterrence and reinforcing market confidence. On Genil case, see: D. BUSH, The private law effect of MiFID: the Genil case and beyond, Oxford, 2017. The Author affirmes that “Genil does not seem to provide a definitive answer to the vexed question of whether civil courts may impose stricter duties of care under private law than those resulting from MiFID.11 If a civil court holds, for example, that although an investment firm is admittedly not obliged to comply with KYC rules under MiFID (or indeed with other MiFID rules), it is nonetheless obliged to do so in the particular circumstances of the case because of its civil duty of care, the aggrieved client is not denied a claim on account of non-compliance with MiFID rules. If a civil court is stricter than MiFID, there would not appear to be any conflict with the principle of effectiveness as formulated by the Court of Justice in Genil. It should be noted, however, that the question whether civil courts may be stricter than MiFID was not at issue in Genil and was therefore not explicitly addressed. Genil dealt, after all, only with the question of the private law consequences of non-compliance with MiFID rules”. M. RABITTI, Il ruolo della Corte di Giustizia nel diritto dell’economia, in Analisi giur. econ., 2018, 2, 347 ss.; Id., La Corte di Giustizia tra scelte di mercato e interessi protetti, in Persona e Mercato, 4/2018, 220 ss.

[14] M. QC HODGE, S. BOUSFIELD, Private enforcement under MiFID II & MiFIR, 39 Essex Chambers, 2018. This paper, while from a practitioner’s perspective, confirms the practical emphasis on private enforcement within the MiFID II framework. It implicitly supports the idea that even without explicit civil liability provisions, the spirit and objectives of MiFID II necessitate avenues for private claims, thereby reinforcing the “dual approach” and the idea of deterrence through private means. It directly addresses the “MiFID II’s emphasis” aspect.

[15] On the traditional criteria distinguishing between private law and public law remedies, U. MATTEI, I rimedi, in Il diritto soggettivo, in Trattato di diritto civile, diretto da Rodolfo Sacco, Torino, 2001, pag. 124.     

[16] See Art. 23 of the Consolidated Law on Finance (Legislative Decree No. 58 of 24 February 1998). For a more detailed overview, see: F. SARTORI, Vigilanza di tutela e trasparenza, in Rivista Trimestrale di Diritto dell’Economia, Suppl. n. 3 al n. 1, 2022

[17] Regarding the burden of proof and the causal link, the principles are well-established. The investor must prove the damage and allege the breach, after which the intermediary must prove it has fulfilled its obligations with the utmost diligence. See, among many, Court of Cassazione, Civil Section I, 17 April 2020, No. 7895; Court of Cassazione, Civil Section I, 29 October 2021, No. 30864.

[18] The foundational rulings are Court of Cassazione, Joint Civil Sections, 19 December 2007, No. 26724 and No. 26725. These judgments resolved a long-standing debate, establishing that breaches of conduct rules do not trigger “virtual nullity” under Article 1418, paragraph 1, of the Civil Code.   

[19] The principle established in 2007 is continuously reaffirmed. For more recent confirmations of the distinction between rules of conduct and validity and the exclusion of nullity as a remedy for the former, see Court of Cassazione, Civil Section I, 4 February 2022, No. 3543; Court of Cassazione, Civil Section I, 23 May 2023, No. 14108.

[20] M. TISON, The Civil Law Effects of MiFID in a Comparative Law Perspective, in Financial Law Institute Working Paper No. WP, 2010-05;  Y. SVETIEV,  A. OTTOW, Financial Supervision in the Interstices Between Private and Public Law, in European Review of Contract Law, 10(4), 2014, p. 496–544.  A. ZOPPINI, Diritto privato vs diritto amministrativo (ovvero alla ricerca dei confini tra stato e mercato), in Rivista diritto civile, (3), 2013, p. 515–530; G. FERRARINI, E. WYMEERSCH, Investor Protection in Europe: Corporate Law Making, The MiFID and Beyond, Oxford University Press, 2009.

^[21] Bekendtgørelse nr. 760 af 14. juni 2024 om investorbeskyttelse ved værdipapirhandel

^[22] Lov nr. 1155 af 8. juni 2021 om fondsmæglerselskaber og investeringsservice og -aktiviteter.

^[23] Bekendtgørelse nr. 231 af 1. marts 2024 af lov om forvaltere af alternative investeringsfonde m.v.

^[24] Bekendtgørelse nr. 650 af 9. juni 2024 af lov om finansiel virksomhed

^[25] Se Christen Boye Jacobsen, Peter Sylvest Larsen, Thomas Kjøller & Tine Roed: Bank- og sparekasseloven – med kommentarer (1996) Jurist- og Økonomforbundets forlag, s. 72.

^[26] Se Bilag 1 afsnit A i Lov nr. 1155 af 8. juni 2021 om fondsmæglerselskaber og investeringsservice og -aktiviteter.

^[27] Mads Bryde Andersen, Dansk Pensionsret, 2. udg., Gjellerup/Gads Forlag, 2017 s. 379.

^[28] Ibid., s. 97.

^[29] Folketingstidende 2002-2003: Tillæg A, s. 4799.

^[30] Se vejledning nr. 9461 af 26. juni 2003 til bekendtgørelse om god skik for finansielle virksomheder.

^[31] Vejledning nr. 9461 af 26. juni 2003 til bekendtgørelse om god skik for finansielle virksomheder.

^[32] Lennart Lynge Andersen og Nina Dietz Legind, «Bør en retlig (fejl)etikette hindre en alsidig ankenævnsbehandling af privatkunderne i de finansielle virksomheder? – om god skik-regler og ankenævn på det finansielle område», Ugeskrift for retsvæsen, 2005 (s. 342).

^[33] Se Pengeinstitutankenævnets kendelse nr. 34/2005 af 8. juni 2015. Se herom Nis Jul Clausen, Camilla Hørby Jensen og Nina Dietz Legind, «Pengeinstitutankenævnets praksis – set i lyset af Jyske Hedge Sagerne» (s. 338).

^[34] Årsberetning fra Pengeinstitutankenævnet, 2003, s. 25.

^[35] Årsberetning fra Realkreditnævnet, 2009, s. 37.

^[36] Betænkning om erstatningsansvar ved rådgivning om finansielle produkter, februar 2014, s. 15.

^[37] Lovbekendtgørelse nr. 1216 af 25. september 2013 om markedsføring.

^[38] Palle Bo Madsen, «Branchebestemte ”god skik”-reglers rolle – om retsregler og moralregler i erhvervslivet», Erhvervsjuridisk Tidsskrift, 2020 (s. 4).

^[39] Folketingstidende 2014-15, 1. samling: Tillæg A, s. 33.

^[40] Om problemet med at skelne mellem offentlige og private interesser, se Alf Ross, Ret og retfærdighed – en indførelse i den analytiske retsfilosofi, Nyt Nordisk Forlag, 2. udgave, 1953 s. 270-271.

^[41] Se Pengeinstitutankenævnets kendelse nr. 348/2016 af 5. maj 2017; Pengeinstitutankenævnets kendelse nr. 417/2020 af 9. september 2021.

^[42] Section 9(1) of the Executive Order on Good Practice for Financial Undertakings.

^[43] Vejledning nr. 9971 af 23. september 2016 til bekendtgørelse om god skik for finansielle virksomheder, s. 12.

^[44] Pengeinstitutankenævnets kendelse nr. 1192/2009 af 15. april 2011 (mindretalsafgørelse)

^[45] Pengeinstitutankenævnets kendelse nr. 571/2008 af 30. juni 2010.

^[46] Section 8(3), paragraphs 1 and 2, of the Executive Order on Good Practice for Financial Undertakings.

^[47] Vejledning nr. 9971 af 23. september 2016 til bekendtgørelse om god skik for finansielle virksomheder.

^[48] Se dog Pengeinstitutankenævnets kendelse nr. 140/2016 af 30. juni 2016.

^[49] Nis Jul Clausen & Nina Dietz Legind, Jyske Hedge – spørgsmål om bevisbyrde og børsretlig oplysningspligt i Erhvervsjuridisk Tidsskrift 2012.49.

^[50] Finanstilsynets afgørelse af 24. november 2009.

^[51] Sammenhold Pengeinstitutankenævnets kendelse nr. 32/2009 af 6. juli 2009;

[52] O. O. CHEREDNYCHENKO, Two Sides of the Same Coin: EU Financial Regulation and Private Law, in European Business Organization Law Review, 2019.

[53] F. DELLA NEGRA, MiFID II and Private Law: Enforcing EU Conduct of Business Rules, cit., p. 15.

[54] See article 11 of Regulation (EU) No 1286/2014 of the European Parliament and of the Council of 26 November 2014 on key information documents for packaged retail and insurance-based investment products (PRIIPs).