The European Central Bank has issued a directive requiring eurozone banks to develop and submit plans within four months to address cyber threats powered by artificial intelligence, warning that such risks could erode confidence in the financial system and disrupt payment networks.

In a letter to bank chief executives on Tuesday, the ECB highlighted that advances in AI have reached a point where some models are so powerful that access has been restricted—a restriction that currently excludes eurozone lenders. The central bank emphasized that these developments carry profound implications for the confidentiality, integrity, and resilience of banks' information and communication technology systems.

Read also
Banking
EU Intensifies Child Safety Probe Into Meta's Facebook and Instagram Design
The European Union is preparing preliminary findings against Meta over alleged addictive design on Facebook and Instagram targeting minors, as the company invests $900 million in Indian fintech CRED.

Key Security Priorities for Banks

The ECB instructed lenders to prioritize protection of internet-facing systems and other technology assets most exposed to cyber risks. Banks are also required to strengthen security of third-party software and open-source components, accelerate remediation of known vulnerabilities, and enhance monitoring capabilities.

Beyond immediate measures, the ECB urged modernization of aging technology infrastructure and improvement of overall cyber hygiene. The supervisor called for stronger crisis-management frameworks, recovery arrangements, and information-sharing mechanisms to bolster preparedness for potential cyber incidents.

Banks have until October 31 to submit their cybersecurity action plans. To help institutions focus on these priorities, the ECB said it has postponed a separate IT survey and may adjust planned inspections and supervisory activities to free up resources.

Systemic Risk Warning from ESRB

Alongside the ECB's directive, the European Systemic Risk Board issued a warning about broader financial stability risks from large-scale cyber incidents. The ESRB noted that widespread cyber disruptions could weaken public confidence in financial institutions and, in severe cases, trigger runs on companies or countries perceived to have weaker cyber resilience.

The ESRB outlined scenarios ranging from gradual erosion of confidence in smaller banks to state-backed espionage campaigns and coordinated attacks targeting payment, clearing, and settlement systems. Misinformation campaigns could amplify these effects by increasing uncertainty and undermining trust.

The board also warned that cyber incidents could spread rapidly through shared technology providers and commonly used software across the financial sector, increasing the risk of widespread disruption. This aligns with broader regulatory concerns as AI continues to reshape the cybersecurity landscape.

For context, the eurozone's manufacturing sector has shown resilience, with the Eurozone Manufacturing PMI holding at 51.4 in June, while services contraction eases. Meanwhile, the Russell 2000 hit a record high, though rebalancing and valuation risks loom. In the commodities space, Deutsche Bank warns gold could slide to $3,800 on Fed rate hike risks.

The ECB's latest directive and the ESRB's warning underscore regulators' growing focus on strengthening cyber resilience as advances in AI continue to reshape the cybersecurity landscape. With banks now facing an October 31 deadline, European authorities are seeking to ensure that financial institutions are better prepared to respond to increasingly sophisticated cyber threats while safeguarding confidence in the financial system.

This article is for informational purposes only and does not constitute financial advice.