Results

EIOPA - European Insurance and Occupational Pensions Authority

07/07/2026 | Press release | Distributed by Public on 07/07/2026 04:15

The ESAs support ESRB warning on systemic cyber risks from frontier AI models

The European Supervisory Authorities (EBA, EIOPA and ESMA - the ESAs) welcome and support today's warning from European Systemic Risk Board (ESRB) on the systemic cyber risks posed by frontier AI models.

Recent advances have significantly enhanced the ability of frontier AI models to identify and exploit high-severity vulnerabilities in IT systems within very short timeframes. While the EU's regulatory framework - including DORA and the AI Act - provides a solid foundation for managing cyber and AI-related risks, the speed and scale of these tools raise concerns that AI-enabled cyber-attacks could undermine the operational resilience of financial entities.

Since the release of the first frontier AI models, the ESAs have raised awareness about the ICT risks posed by the widespread adoption of these models and engaged with EU competent authorities to ensure that financial entities take appropriate mitigation measures. In their first annual report on major ICT-related incidents under DORA, the ESAs encouraged financial entities to strengthen cybersecurity measures to maintain their resilience amid the rapid evolution of highly capable AI-driven tools.

Against this backdrop, the ESAs concur with the ESRB warning and urge financial entities to make appropriate arrangements to adapt their cybersecurity capabilities. They also invite competent authorities to reflect these developments in their supervisory activities. Finally, the ESAs note the ESRB's call on the European Union to scale up its capacity, expertise and strategic autonomy in this critical area, which requires that all parties are involved, including AI providers, software providers, security firms, open-source maintainers, financial institutions, and authorities at both national and Union level.

The ESAs are working closely with the EU supervisory community to ensure that financial entities across the EU proactively identify and mitigate these risks in line with the requirements of the Digital Operational Resilience Act (DORA), which establishes a harmonised framework for mitigating ICT risks in the financial sector.

In their capacity as Overseers of Critical ICT Third-Party Providers, the ESAs are also engaging with these providers on the measures they are taking to adapt to the situation, in order to manage risks and ensure the continuity of services provided to the EU financial sector.

Background and next steps

The warning by the ESRB highlights how frontier AI models are transforming the cybersecurity landscape by enabling threat actors to increase the speed, scale, and sophistication of cyber-attacks in the short to medium term. The ESRB urged all EU stakeholders, including financial institutions, to enhance their cybersecurity capacities and encouraged relevant authorities to reflect these risks in their supervisory and oversight work.

The ESAs will continue to closely monitor the use and development of highly cyber-capable frontier AI models and assess their potential impact on the financial sector. To promote a consistent, risk-based and forward-looking supervisory approach in this area, the ESAs are also working with national supervisors to clarify supervisory expectations, and will communicate them consistently to financial entities to ensure compliance with the existing regulatory framework.

EIOPA - European Insurance and Occupational Pensions Authority published this content on July 07, 2026, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on July 07, 2026 at 10:15 UTC. If you believe the information included in the content is inaccurate or outdated and requires editing or removal, please contact us at [email protected]