To require the characters to be in a special order is the weirdest password requirement I have ever heard and I can not believe that your customer really wants this.
Stated this I can explain your regex to you.
The lookahead assertions (the
(?=...) stuff), you are using in your regex, are normally used, when the required characters can be in any order. If you really don’t have this requirement, then your regex is simple, you just need to skip your lookaheads.
This will match your requirements:
Just in case you want to allow all letters, digits and all other characters in your passwords, use Unicode code properties: