LATEST NEWS
SELECTED FOR YOU

ECB gives eurozone banks until October to draft AI cyber defenses

ByHannah CollymoreHannah Collymore
3 mins read
ECB gives eurozone banks until October to draft AI cyber defenses
  • The ECB told the eurozone’s biggest banks on Tuesday to submit plans by October 31 for defending against AI-enabled cyberattacks.
  • The regulator is warning that new models can find and weaponize software flaws faster than defenders can respond.
  • The ESRB backed the move by labeling frontier AI a systemic risk, as the European Commission plans to add its own AI risk action plan.

Big-time lenders in the eurozone have until October 31 to present an action plan to the European Central Bank (ECB), according to an order from the regulator to ensure that the region’s biggest lenders all score passing grades on their preparedness to defend against AI-driven cyberattacks. 

The warning from the apex bank on the Old Continent arrives as the newest AI models have routinely gotten better at finding and exploiting software flaws faster than anyone can patch them, as noted in earlier Cryptopolitan reports

Which European banks need to come up with AI action plans?

The ECB instruction that became public on July 7 was sent as letters to bank chief executives. However, the missive matters to every stakeholder, including anyone who moves money through the European financial system.

Claudia Buch, who sits at the head of the ECB’s supervisory board, told CEOs to spell out how they will board up their own systems as well as the standards of the outside technology providers they depend on. 

For now, banks that miss the October deadline will not face any fines. Instead, the ECB said the evaluation could impact lenders’ reputation with the regulator. However, it did say it could press laggards to catch up.

Why is the ECB worried about AI now?

The ECB’s letter is the regulator’s response to new AI models such as Anthropic’s Mythos, which have proven to be exponentially more cyber capable than earlier versions. The European headache is compounded by the fact that their access to these models depends on forces beyond their control

Buch’s letter echoed those sentiments. She wrote that “emerging AI models are capable of identifying software vulnerabilities and generating functioning exploits at unprecedented speed, compressing the timeline between vulnerability discovery and exploitation,” with “potentially profound implications for the confidentiality, integrity and resilience” of banks’ information and communication technology.

What does the ECB want banks to do?

For banks to get a passing grade on their action plan, they must first tick certain boxes. 

For example, the ECB mandated for banks to double down on security for systems with internet exposure and similarly exposed assets. Third-party software and open-source components are also expected to be under the same scrutiny level. 

Faster patches on vulnerabilities, tighter monitoring, best-in-class replacements for aging tech, revision of crisis management, recovery, and information-sharing setups were also on the to-do list. 

The ESRB is warning about the same thing

The European Systemic Risk Board (ESRB) was on the same page as the ECB, with the EU body’s warning that frontier AI models “should be treated as a source of systemic risk” by the finance industry, arriving on the same day. 

The ESRB, whose role is to issue recommendations to national and European authorities, named contagion as its top concern. 

The push follows months of escalating alarm from senior officials. The Financial Times reported that the ECB summoned banks over flaws the latest AI models exposed, and separately described watchdogs issuing a stark warning over AI-driven attacks. 

In June, IMF Managing Director Kristalina Georgieva said advanced AI could “destroy the financial system” and told reporters that “Mythos is just the beginning, there will be more like it.” Buch had flagged the direction of travel earlier, in a June 3 speech titled “Strengthening operational resilience for the age of AI.”

The regulatory pile-on continued on the same day, with the European Commission due to release its own action plan on AI risks, laying out how the bloc will take part in safety testing of advanced models.

If you're reading this, you’re already ahead. Stay there with our newsletter.

FAQs

What did the ECB tell eurozone banks to do?

The ECB instructed the bloc's largest lenders to draw up action plans, due by October 31, showing how they will strengthen internal systems, vet external technology providers, patch vulnerabilities faster, and improve crisis management and recovery.

Are there penalties for banks that miss the deadline?

No sanctions are planned, but the ECB said it may use the submitted plans to compare how banks perform on tackling AI risks and then follow up with those falling behind.

Why is the ECB worried about AI models like Mythos?

The ECB and ESRB fear models such as Anthropic's Mythos can identify software vulnerabilities and generate working exploits at unprecedented speed, which could disrupt shared payment, clearing, and settlement systems and erode confidence across the financial system.

Share this article

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Hannah Collymore

Hannah Collymore

Hannah is a writer and editor with nearly a decade of blog writing and event reporting experience in the crypto space. At Cryptopolitan, Hannah contributes to the news page, reporting and analyzing the latest developments in DeFi, RWA, crypto regulation, AI and frontier tech industries. She graduated from Arcadia university with a degree in Business Administration.

MORE … NEWS