Euro Symbol

ECB requires banks to submit AI cyber strategy by 31 October

System vulnerabilities in shared software can trigger a chain reaction of financial failures
Pro
Image: Tony Litvyak via Pexels

8 July 2026

The European Central Bank (ECB) has instructed financial institutions in the eurozone to develop strategies to combat AI-based cyber threats. Banks have four months, up to and including 31 October, to submit these frameworks in order to prevent disruptions to payment systems and the erosion of public trust in the financial sector.

The regulatory measure stems from growing concern about advanced models such as Anthropic’s Mythos. The capabilities of these tools are so powerful that certain versions are subject to restrictions, meaning that banks in the eurozone do not have access to the same advanced security measures.

In a communication addressed to bank executives, the ECB stressed that these technological leaps can seriously jeopardise the resilience, integrity and confidentiality of information and communication technology (ICT) networks.

 

advertisement



 

To mitigate the risks, the ECB has urged lenders to focus on securing open source components, third party software and all technological assets exposed to the Internet.

In addition, the supervisor advised banks to speed up the patching of vulnerabilities, upgrade outdated hardware and software, improve overall cyber hygiene and refine their crisis recovery and data exchange protocols. To help banks allocate the necessary resources for these tasks, the ECB has postponed a separate IT assessment and may adjust its usual inspection schedules.

At the same time, the European Systemic Risk Board (ESRB) has warned that large-scale cyber disruptions could lead to systemic instability. The board noted that such events could trigger panic-driven withdrawals at institutions or in countries perceived as vulnerable.

The ESRB described various threat levels, ranging from state-sponsored espionage and coordinated attacks on clearing and settlement systems to the use of disinformation to amplify chaos. Moreover, the board warned that, since many banks rely on the same software vendors, a single security breach could rapidly spread through the entire financial ecosystem like a domino effect.

Business AM

Read More:


Back to Top ↑