EU Supervisors Spotlight Digital Risk & Cyber Resilience as Financial System Evolves

Key Takeaways

• DORA Moves From Framework to Reality: EU supervisors completed the core legal and operational groundwork for the Digital Operational Resilience Act, including designating 19 critical third-party providers and launching oversight structures and cyber coordination mechanisms.
• Cyber Risk Becomes Systemic Concern: Increasingly sophisticated cyber threats and concentration among third-party IT providers are now viewed as potential sources of systemic risk, with new EU-level coordination tools introduced to manage large-scale incidents.
• Geopolitical and Market Risks Intensify: Ongoing conflicts, trade tensions, and shifting economic conditions weighed on growth expectations and increased market volatility, reinforcing the need for stronger risk management and resilience across financial institutions.
• Sustainable Finance Progress, But Uneven: Disclosure quality under SFDR improved, particularly among large firms, while smaller entities continue to face challenges. New ESG stress testing guidelines aim to bring greater consistency across banking and insurance supervision.
• Consumer Protection Expands Into Digital and Crypto Risks: Regulators increased focus on financial education, fraud prevention, and crypto-related risks, including warnings to consumers and guidance on identifying scams and understanding protections under MiCA.

Deep Dive

Europe’s financial supervisors spent 2025 moving from planning to execution, as cyber threats, geopolitical tensions, and rapid digitalization pushed risk management higher up the regulatory agenda.

That shift is laid out in the latest annual report from the Joint Committee of the European Supervisory Authorities, which coordinates the work of the European Banking Authority, the European Insurance and Occupational Pensions Authority, and the European Securities and Markets Authority.

The background for the report was a financial system facing mounting strain from multiple directions. Heightened geopolitical uncertainty, evolving trade dynamics, and ongoing conflicts contributed to weaker growth expectations and increased market volatility throughout the year. At the same time, financial innovation and digitalisation continued to accelerate, forcing supervisors to balance resilience with adaptability.

Cyber Resilience Moves to the Forefront

At the center of the Committee’s work was the implementation of the Digital Operational Resilience Act, marking a significant step in strengthening the financial sector’s ability to withstand and respond to technology-related disruptions.

During 2025, the European Supervisory Authorities completed all mandated legal instruments under DORA and began building the infrastructure needed for effective oversight. This included establishing new governance bodies such as the Joint Oversight Network and the Oversight Forum, as well as developing methodologies for supervising critical third-party service providers.

A notable milestone came with the designation of nineteen critical third-party providers, identified through structured assessments using data reported by financial institutions. Each was assigned a Lead Overseer, reflecting growing concern over the concentration of key IT services and the potential for disruption to spread across the financial system.

Supervisors also advanced coordination mechanisms for handling major cyber incidents. The European Systemic Cyber Incident Coordination Framework was operationalized, with protocols, testing exercises, and new information-sharing tools introduced to improve communication and response in the event of large-scale disruptions.

A More Complex Risk Environment

Beyond cyber risk, the report highlights a financial system navigating an increasingly complex and interconnected set of challenges.

Geopolitical developments, including new trade barriers and ongoing conflicts in Ukraine and the Middle East, contributed to uncertainty and volatility, with growth forecasts revised downward early in the year. While some clarity emerged as conditions evolved, downside risks remained significant.

At the same time, structural shifts are introducing new sources of vulnerability. Increasing interconnections between traditional financial markets and crypto-assets, alongside growing exposures to non-bank financial intermediaries and alternative investments, are expanding the channels through which risk can propagate. Supervisors emphasized the need for continued monitoring as these markets evolve.

Cyber risk, meanwhile, is becoming more acute. More sophisticated attacks, combined with reliance on a relatively concentrated group of third-party IT providers, often located outside the EU, are raising the risk of systemic incidents and contagion.

Sustainable Finance Advances, With Uneven Progress

Sustainable finance remained a key area of focus, with regulators tracking progress under the Sustainable Finance Disclosure Regulation.

The report notes steady improvements in the quality and completeness of disclosures, particularly among larger multinational firms. Smaller entities, however, continue to face challenges in meeting expectations. To address this, the European Supervisory Authorities developed ESG stress testing guidelines for banking and insurance supervisors, aimed at improving consistency and effectiveness in assessing sustainability-related risks.

At the same time, work is underway to simplify elements of the regulatory framework, as part of a broader push to reduce complexity while preserving core objectives such as financial stability and consumer protection.

Consumer Protection in a Digital Market & Simplification

Consumer protection remained central to the Joint Committee’s work, particularly as risks evolve in a digital and increasingly crypto-driven environment.

Supervisors expanded efforts around financial education and fraud prevention, including issuing warnings about the risks associated with crypto-assets and publishing guidance to help consumers identify scams. These initiatives also addressed the growing use of artificial intelligence in fraudulent schemes.

Regulators also continued to refine disclosure requirements and improve the clarity of information provided to retail investors under the Packaged Retail and Insurance-based Investment Products Regulation, aiming to ensure that consumers can make informed decisions in increasingly complex markets.

Alongside its core risk work, the Joint Committee supported efforts to streamline the EU’s financial regulatory framework. This included work on simplifying PRIIPs disclosures and reprioritizing certain reporting requirements under sustainable finance rules, in line with the European Commission’s goal of reducing unnecessary administrative burdens.

At a structural level, the Committee continued to strengthen cross-sector coordination, not only among the three supervisory authorities but also with other EU bodies. New cooperation arrangements, including a memorandum of understanding with the EU’s anti-money laundering authority, aim to improve information sharing and reduce the risk of regulatory gaps.

A System Under Pressure, and Adapting

This new report reflects a financial system under pressure from overlapping risks and a supervisory framework working to keep pace.

Digitalization is accelerating, cyber threats are intensifying, and geopolitical uncertainty continues to ripple through financial markets. At the same time, new forms of interconnection (from third-party providers to crypto-assets) are reshaping how risk spreads across the system.

For EU supervisors, the challenge is no longer just setting the rules. It is ensuring those rules hold under stress, in a system that is becoming more complex, more digital, and more exposed to disruption.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.