ECB Issues Mandates for 110 Banks to Counter AI Cybersecurity Threats by October 2026
The European Central Bank (ECB) has ordered 110 banks to bolster their AI defenses as cybersecurity threats emerge. The banks are required to submit action plans to counter AI-related risks. This marks a step up in the ECB's efforts to protect against cyber threats.
The European Central Bank has ordered the 110 major banks it directly supervises to bolster their defenses against AI-powered cyberattacks, warning in a letter from its Supervisory Board that advanced AI models represent a "long-term shift in the threat landscape rather than a temporary phenomenon".
Banks must submit a detailed action plan by October 31, 2026, covering both immediate priorities and longer-term strategic measures to counter AI-driven threats. The mandate reflects growing concern that AI models capable of finding software vulnerabilities and generating working exploits are compressing the gap between vulnerability discovery and exploitation, intensifying pressure on banks' existing cyber defenses.
Public cybersecurity agencies have echoed the need for a "continuous" approach to counter the evolving nature of AI-enabled threats, rather than a one-off remediation exercise.
The ECB has said it will review each bank's plan individually and conduct a horizontal analysis across the sector to identify common weaknesses and best practices, while pushing back its annual IT Risk Questionnaire from September 2026 to February 2027 to make room for the new work. The move underscores how seriously European regulators are treating AI as both an emerging attack vector and a near-term compliance priority for systemically important banks.
Powered by SentiSense - Intelligent Market Analysis