Skip to content

ECB Calls on Major Banks to Submit AI Risk Plans by October

The point: The ECB is requiring major EU banks to submit action plans by October to address risks from frontier AI models that could accelerate cyberattacks.

The European Central Bank is demanding the largest EU banks to submit concrete action plans by end of October to address risks posed by advanced AI models. The reason: AI systems can identify and exploit software vulnerabilities at unprecedented speed.

Claudia Buch, Chair of the Supervisory Board of the European Central Bank, has sent letters to the CEOs of the largest EU banks demanding concrete action steps. Banks are to submit detailed action plans by end of October that demonstrate how they will strengthen their internal systems and review external technology providers.

Buch justifies the requirement with the increased danger posed by modern AI models: “New AI models are capable of identifying software vulnerabilities and generating working exploits at unprecedented speed. This significantly compresses the time between the discovery of a security vulnerability and its exploitation – with potentially serious consequences for the confidentiality, integrity and resilience of banks’ IT systems.” The ECB cites AI systems such as Anthropic’s model with cyber capabilities as an example.

The action plans should also include measures for modernizing IT infrastructure, improving response and recovery mechanisms, and crisis management. Although there are no formal sanctions for non-compliance, the ECB plans to use the plans to benchmark banks against each other and follow up selectively.

In parallel, the European Systemic Risk Board (ESRB) published its own warning and classifies risks from frontier AI models as systemic. The ESRB warns that cyberattacks could spread via “operational chokepoints” such as payment, clearing or settlement systems and could significantly destabilize the financial system. Without coordinated EU action, these risks could lead to structural vulnerabilities that trigger a systemic event.

The European Commission also announced an action plan on AI risks that is intended to determine how the EU will participate in security testing of advanced models.


Source: www.politico.eu · Published 7 July 2026
Lumi AI News — AI-assisted curation according to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.

Share on: