Stocks

ECB gives eurozone banks four months to counter AI risks

Pinterest LinkedIn Tumblr

The European Central Bank has given eurozone banks four months to develop plans aimed at countering artificial intelligence (AI)-enabled cyber threats that could undermine confidence in the financial system and disrupt payment networks.

The directive, issued on Tuesday, reflects growing concern among European regulators over the increasing cyber capabilities of advanced AI models.

According to the ECB, developments in AI have reached a stage where some models have become so powerful that access to them has been restricted.

The central bank noted that this restriction currently excludes eurozone banks.

ECB highlights risks to banks ICT systems

In a letter addressed to bank chief executives, the ECB warned that advances in AI could have significant consequences for the security and resilience of banking technology infrastructure.

“These developments have potentially profound implications for the confidentiality, integrity and resilience of banks’ information and communication technology systems,” the ECB said in the letter.

The central bank instructed lenders to prioritise the protection of internet-facing systems and other technology assets that are more exposed to cyber risks.

It also asked banks to strengthen the security of third-party software and open-source components, accelerate the remediation of identified vulnerabilities, and improve monitoring capabilities.

Beyond immediate security measures, the ECB urged banks to modernise ageing technology infrastructure and improve overall cyber hygiene.

The banking supervisor also called on lenders to strengthen crisis-management frameworks, recovery arrangements and information-sharing mechanisms to improve preparedness for potential cyber incidents.

Banks have until October 31 to submit their cybersecurity action plans to the ECB.

To help institutions focus on these priorities, the central bank said it has postponed a separate information technology survey.

It also indicated that it may adjust planned inspections and other supervisory activities to free up resources for the new cybersecurity initiatives.

ESRB warns of systemic financial risks

Alongside the ECB’s communication, the European Systemic Risk Board published a warning highlighting the broader financial stability risks posed by large-scale cyber incidents.

The ESRB said widespread cyber disruptions could weaken public confidence in financial institutions and, in severe cases, trigger runs on companies or even countries perceived to have weaker cyber resilience.

Cyber incidents could spread across the financial sector

To illustrate the potential impact, the ESRB outlined several possible scenarios involving AI-enabled cyber threats.

These ranged from a gradual erosion of confidence in smaller banks to state-backed espionage campaigns and coordinated attacks targeting payment, clearing and settlement systems.

The board also warned that misinformation campaigns could amplify the effects of such incidents by increasing uncertainty and undermining public trust.

The ESRB further noted that cyber incidents could spread rapidly through shared technology providers and commonly used software across the financial sector, increasing the risk of widespread disruption.

The ECB’s latest directive and the ESRB’s warning underscore regulators’ growing focus on strengthening cyber resilience as advances in AI continue to reshape the cybersecurity landscape.

With banks now facing an October 31 deadline, European authorities are seeking to ensure that financial institutions are better prepared to respond to increasingly sophisticated cyber threats while safeguarding confidence in the financial system.

The post ECB gives eurozone banks four months to counter AI risks appeared first on Invezz