By Francesco Canepa
FRANKFURT, July 7 (Reuters) – The European Central Bank on Tuesday gave euro zone banks four months to draw up plans to counter AI-enabled cyber threats, taking a more prescriptive approach than other major central banks to risks posed by advanced AI models.
The U.S. Federal Reserves and Bank of England struck softer tones in separate comments on Tuesday as central banks look to tackle risks posed by Anthropic’s Mythos and the latest generation of large-language models.
The cyber capabilities of some of these systems are considered so powerful that access has been restricted, with euro zone banks currently excluded from Mythos.
“These developments have potentially profound implications for the confidentiality, integrity and resilience of banks’ information and communication technology (ICT) systems,” the ECB’s chief supervisor Claudia Buch said in a letter to bank chief executives.
She told banks to prioritise protecting internet-facing systems and other exposed technology assets, including third-party software and open-source components, while speeding up vulnerability fixes and strengthening monitoring.
The euro zone’s top banking supervisor also urged lenders to modernise ageing technology, improve cyber hygiene and strengthen crisis-management, recovery and information-sharing arrangements.
Banks have until October 31 to submit their plans. To free up resources, the ECB has postponed a separate IT survey and may adjust inspections and other supervisory work.
The ECB, which met banks in the spring to hear their views, will then share its findings to help identify challenges and areas for improvement.
BOE NOT ISSUING ‘EDICTS’, FED FAVOURS LIGHTER TOUCH
Speaking in London later on Tuesday, Bank of England Governor Andrew Bailey said the ECB’s warning was “sensible” but that the BoE would take a less prescriptive approach.
“It’s not about issuing edicts,” he told reporters, presenting the BoE’s half-yearly Financial Stability Report. “It’s about getting in a room and saying … how are we going to share our understandings of the vulnerabilities that we find in this system?”
The BoE has long given firm advice to British banks to bolster their cyber defences but has not gone as far as to set public deadlines.
In a separate speech, Federal Reserve vice chair for supervision Michelle Bowman stressed responsible AI adoption, proportionality and “a lighter supervisory and regulatory touch” for lower-risk uses.
Like her European colleagues, she emphasised governance, controls and risk management, but focused on enabling innovation rather than responding to systemic cyber threats.
EU WATCHDOG WARNS OF DISRUPTIONS
In a warning published alongside the ECB’s letter, the European Systemic Risk Board said large-scale cyber disruptions could erode trust in financial institutions and even trigger runs on companies or countries perceived as less secure.
“The ESRB considers these developments to be a source of systemic risks to the financial system,” said the ESRB, a European Union body that issues recommendations to other authorities.
To illustrate the risks, the ESRB outlined scenarios ranging from a gradual loss of confidence in smaller banks to state-backed espionage and coordinated attacks on payments, clearing and settlement systems, potentially amplified by misinformation campaigns.
It said incidents could spread quickly through common technology providers and shared software used across the financial sector.
(Additional reporting by Phoebe Seers and David Milliken in London. Editing by Mark Potter)


Comments