ECB orders banks to prepare AI cyber defence plans

The European Central Bank on Tuesday ordered euro zone banks to submit plans by 31 October to defend against artificial intelligence-enabled cyber attacks, warning that increasingly capable AI models could threaten confidence in the financial system and disrupt payments.

The ECB has given lenders four months to outline measures to counter cyber risks linked to advanced AI systems, reflecting growing concern among financial regulators about the ability of sophisticated models to exploit vulnerabilities.

In a letter to bank chief executives, the ECB said recent developments had "potentially profound implications for the confidentiality, integrity and resilience" of banks' information and communication technology systems.

Banks have been instructed to prioritise protecting internet-facing systems and other exposed technology assets, including third-party software and open-source components. The ECB said lenders should accelerate vulnerability patching, strengthen monitoring, modernise ageing technology, improve cyber hygiene and reinforce crisis management, recovery and information-sharing arrangements. To free up resources, the central bank has postponed a separate IT survey and said it may adjust inspections and other supervisory work.

The ECB's intervention follows restrictions on access to some of the most advanced AI models because of their cyber capabilities, including Anthropic's Mythos, with euro zone banks currently excluded from using those systems. Regulators fear increasingly powerful AI tools could make cyber attacks more effective and harder to detect, increasing operational risks across the banking sector.

In a warning published alongside the ECB's letter, the European Systemic Risk Board said large-scale cyber disruptions could have consequences beyond individual institutions by damaging confidence in the financial system. "The ESRB considers these developments to be a source of systemic risks to the financial system," the body said.

The European Systemic Risk Board outlined scenarios ranging from a gradual loss of confidence in smaller banks to state-backed espionage and coordinated attacks targeting payments, clearing and settlement systems, with misinformation campaigns potentially amplifying the impact. It said cyber incidents could spread rapidly through shared technology providers and commonly used software across the financial sector, increasing the risk of wider disruption.

The ECB's latest warning comes a day after executive board member Philip R. Lane highlighted the growing economic significance of AI, telling a conference in Rome that policymakers face "many uncertainties surrounding the strength and timing" of AI's effects on the economy and that "a data-dependent approach is best suited to assessing the overall impact of AI on the appropriate monetary policy stance." Lane added that assessing AI's implications "will be a major challenge for monetary economists and monetary policymakers in the years to come."



Share Story:

Recent Stories


Creating value together: Strategic partnerships in the age of GCCs
As Global Capability Centres reshape the financial services landscape, one question stands out: how do leading banks balance in-house innovation with strategic partnerships to drive real transformation?

Data trust in the AI era: Building customer confidence through responsible banking
In the second episode of FStech’s three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech examines the critical relationship between data trust, transparency, and responsible AI implementation in financial services.

Banking's GenAI evolution: Beyond the hype, building the future
In the first episode of a three-part video podcast series sponsored by HCLTech, Sudip Lahiri, Executive Vice President & Head of Financial Services for Europe & UKI at HCLTech explores how financial institutions can navigate the transformative potential of Generative AI while building lasting foundations for innovation.

Beyond compliance: Building unshakeable operational resilience in financial services
In today's rapidly evolving financial landscape, operational resilience has become a critical focus for institutions worldwide. As regulatory requirements grow more complex and cyber threats, particularly ransomware, become increasingly sophisticated, financial services providers must adapt and strengthen their defences. The intersection of compliance, technology, and security presents both challenges and opportunities.