The European Central Bank has requested that major banks in the eurozone submit plans to manage cybersecurity risks stemming from artificial intelligence [1, 2].

This directive comes as financial institutions face an evolving threat landscape where advanced AI models can be used to automate and enhance cyberattacks. By forcing banks to formalize their defenses, the ECB aims to prevent systemic vulnerabilities that could jeopardize the stability of the European financial sector.

The central bank is specifically targeting supervised banks across the eurozone [1, 2]. These institutions must now design strategies to protect both their internal computer systems and their clients from sophisticated threats facilitated by generative and predictive AI models [1, 2].

According to the ECB, the deadline for banks to present these comprehensive risk mitigation plans is Oct. 31, 2026 [1]. The requirement focuses on the intersection of financial stability and digital security, a critical juncture as banks increasingly integrate AI into their own operations while simultaneously fighting AI-powered fraud.

The request emphasizes the need for a proactive defense. The ECB said the goal is to reinforce the security of information systems to ensure that financial entities remain resilient against the rapid evolution of malicious software and social engineering tactics driven by AI [1, 2].

Banks that fail to meet the requirements or provide insufficient plans may face increased supervisory scrutiny. The ECB is prioritizing the identification of specific vulnerabilities that AI creates, such as the ability for attackers to create more convincing phishing campaigns, or find loopholes in banking software at unprecedented speeds [1, 2].

The European Central Bank has requested that major banks in the eurozone submit plans to manage cybersecurity risks stemming from artificial intelligence.

This move signals a shift from voluntary AI guidelines to mandatory supervisory requirements within the eurozone. By setting a hard deadline, the ECB is treating AI-driven cyber threats not as a theoretical future risk, but as a present danger to the systemic integrity of the banking union. This will likely force banks to increase spending on cybersecurity infrastructure and may lead to the adoption of standardized AI-defense frameworks across the continent.