The European Supervisory Authorities (ESAs) have urged financial entities to make “appropriate arrangements to adapt their cybersecurity capabilities” as they welcomed the warning from the European Systemic Risk Board (ESRB).
The ESAs include the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA).
Yesterday, 7 July, the ESRB issued a warning that frontier artificial intelligence (AI) models are changing the cyber threat landscape for the EU financial system, which could increase the speed, scale and sophistication of cyber attacks.
This warning comes after the ESRB General Board assessed systemic cyber risk as ‘severe’ in June, up from ‘elevated’ in March.
In response, the ESAs said they “concur” with the ESRB warning, as they also invited competent authorities to reflect these developments in their supervisory activities.
“Finally, the ESAs note the ESRB’s call on the European Union to scale up its capacity, expertise and strategic autonomy in this critical area, which requires that all parties are involved, including AI providers, software providers, security firms, open-source maintainers, financial institutions, and authorities at both national and Union level,” they wrote.
The ESAs acknowledged that while the EU’s regulatory framework, including the Digital Operational Resilience Act (DORA) and the AI Act, provides a “solid foundation” for managing cyber and AI-related risks, the “speed and scale of these tools raise concerns that AI-enabled cyber-attacks could undermine the operational resilience of financial entities”.
“Since the release of the first frontier AI models, the ESAs have raised awareness about the ICT risks posed by the widespread adoption of these models and engaged with EU competent authorities to ensure that financial entities take appropriate mitigation measures," they stated.
“In their first annual report on major ICT-related incidents under DORA, the ESAs encouraged financial entities to strengthen cybersecurity measures to maintain their resilience amid the rapid evolution of highly capable AI-driven tools.”
The ESAs added that they are working closely with the EU supervisory community to ensure that financial entities across the EU proactively identify and mitigate these risks in line with the requirements of DORA, which establishes a harmonised framework for mitigating ICT risks in the financial sector.
In their capacity as Overseers of Critical ICT Third-Party Providers, the ESAs are also engaging with these providers on the measures they are taking to adapt to the situation, in order to manage risks and ensure the continuity of services provided to the EU financial sector.









Recent Stories