Regulatory  ·  2026-07-08

European Systemic Risk Board (ESRB) Formal Warning on Systemic Cyber Risk from Frontier AI Models

RegulatoryHigh impactEuropean Union
On July 7, 2026, the ESRB published a formal Warning (ESRB/2026/3, dated 25 June 2026) on systemic cyber risks stemming from frontier AI models (FAIMs), following the ESRB General Board's June decision to raise its assessment of systemic cyber risk from 'elevated' to 'severe'. The ESRB warns that frontier AI models represent a 'paradigm shift' capable of autonomously executing full-scale cyberattacks and materially compressing the time available to patch vulnerabilities before exploitation. The ESRB also published an accompanying note, 'Addressing Frontier AI Models with cyber capabilities from a financial stability perspective.'
A formal ESRB Warning is a distinct macroprudential instrument under EU law directed at the EU and national supervisory authorities, distinct from and separate from the ECB's operational letter to banks. It elevates AI-enabled cyber risk to the level of a systemic financial-stability threat requiring EU-wide policy response (DORA, AI Act) and continued monitoring.
National competent authorities and financial institutions should factor the ESRB's severe systemic risk rating into DORA and AI Act compliance programs; the ESRB will continue monitoring frontier AI cyber capability developments.
ESRB Press ReleaseRegulationTomorrowCentral Bank of Cyprus
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →