ThinkPatternGet the app
Story
BUSINESS · JUL 7, 2026

ECB Orders 110 Banks to Submit AI Cyber-Defense Plans

The European Central Bank requires 110 major banks to submit action plans by October 31 to counter cyber threats amplified by advanced artificial intelligence.

The European Central Bank (ECB) ordered 110 supervised financial institutions to submit formal action plans by October 31 to defend against AI-powered cyberattacks. The directive, issued in a July 7 letter, requires banks to detail concrete steps for accelerating vulnerability patching, shrinking internet-facing attack surfaces, and replacing legacy technology. These requirements apply to major European banks and euro-area subsidiaries of U.S. firms, including JPMorganChase, Goldman Sachs, Citi, and Morgan Stanley.

The mandate follows warnings from the ECB and the European Systemic Risk Board (ESRB) regarding frontier AI models, such as Anthropic's Mythos, which can automate exploits and find software flaws faster than humans. The ESRB noted a collapse of defensive time buffers, characterizing these developments as a source of systemic risk to the financial system. To allow banks to focus on these plans, the ECB postponed its annual IT Risk Questionnaire deadline to February 2027.

While the ECB categorized these plans as supervisory expectations rather than legal mandates, failure to comply could result in sanctions, including fines or business restrictions. Other central banks took a less prescriptive approach on Tuesday; the Bank of England emphasized collaboration and innovation over strict deadlines and edicts.


Reported across 10 outlets
Actors
European Central BankClaudia Maria BuchEuropean Systemic Risk BoardAndrew Bailey

Keep reading in the app

The full story and every source, free in the app.

Download on the App StoreComing soonGoogle Play