Politics Business Culture Technology Environment Travel World
Home Business Feature
Business · Exclusive

ECB Orders Eurozone's Largest Banks to Fortify Defenses Against AI Cyber Threats

ECB Orders Eurozone's Largest Banks to Fortify Defenses Against AI Cyber Threats
Business · 2026
Photo · Beatrice Romano for European Pulse
By Beatrice Romano Business & Markets Editor Jul 7, 2026 3 min read

Frankfurt — The European Central Bank has issued a directive to the eurozone's largest financial institutions, requiring them to submit detailed strategies by the end of October for countering cyber threats enhanced by advanced artificial intelligence systems. The move underscores growing concern among European regulators that AI models are fundamentally altering the cybersecurity landscape.

In a letter sent Tuesday to the 110 banks under its direct supervision — including Deutsche Bank, BNP Paribas, and Santander — the ECB's Supervisory Board argued that the latest generation of AI represents a long-term shift rather than a passing trend. Claudia Buch, chair of the board, wrote that while these technologies do not introduce entirely new categories of risk, they dramatically amplify the speed and scale at which attacks can occur.

The ECB is asking lenders to prioritize faster vulnerability and software patch management, deploy stronger AI-enabled monitoring and detection systems, and scrutinize third-party technology providers and supply-chain risks more closely. The board stressed that these efforts must be directed from the highest levels of each institution.

Regulatory Adjustments and Timeline

To give banks additional bandwidth to address the new threats, the ECB announced it would postpone its annual IT Risk Questionnaire from September 2026 to February 2027. It also indicated it would consider adjusting other supervisory activities on a case-by-case basis. After the October deadline, the ECB will review each bank's plan, discuss it individually, and conduct a horizontal analysis to identify common weaknesses and best practices across the sector.

The letter also flagged emerging technologies such as quantum computing, which the ECB said will have a significant impact on cybersecurity. It promised a separate communication on quantum risks in due course.

The ECB's action comes alongside a parallel warning from the European Systemic Risk Board (ESRB), the EU body responsible for monitoring systemic financial risks. On Tuesday, the ESRB warned about systemic cyber risks stemming from frontier AI models, following its decision in June to raise its assessment of systemic cyber risk to severe from elevated.

The ESRB described frontier AI as a paradigm shift in cybersecurity, noting that malicious actors are already using AI to enhance attacks. It cautioned that AI could dramatically shorten the window banks have to identify and patch software vulnerabilities before they are exploited, increasing the risk of simultaneous cyber incidents across the financial sector.

The watchdog also highlighted a strategic vulnerability: the concentration of leading frontier AI developers outside the European Union exposes the bloc to geopolitical dependencies. This echoes broader concerns about Europe's reliance on non-European technology, as explored in EU Unveils AI Cybersecurity Plan, Revealing Dependence on US Models.

Anthropic, one of the world's leading AI developers, has been creating increasingly capable frontier models. Its latest system, Mythos, proved particularly effective at identifying weaknesses in computer systems. The company initially withheld the full version over concerns it could be misused by hackers, before releasing a public version with built-in safety safeguards last month.

The ECB's directive and the ESRB's warning mark a significant escalation in European financial regulators' response to AI-driven cyber threats. Banks across the continent now face the challenge of adapting their defenses to a threat landscape that is evolving faster than ever before.

More from this story

Next article · Don't miss

EU Auditors: €43 Billion Renovation Fund Lacks Proof of Energy Savings

The European Court of Auditors has concluded that the EU's €43 billion post-pandemic renovation fund did not maximize energy savings or ensure value for money. The program favored quick fixes over deep retrofits, and measurement methods rely on flawed assumpti

Read the story →
EU Auditors: €43 Billion Renovation Fund Lacks Proof of Energy Savings