Europe Daily Briefing — 09 Jun 2026

RegNext | Daily Europe Radar | EOD Briefing | Tuesday 09 Jun 2026

The AFM just warned that the speed of AI-driven cyberattacks is outpacing current financial defenses. Here's what it means for the resilience strategies of European market participants.

1️⃣ [#1] EBA — Final Draft Technical Standards on Information Registers
Establishes the mandatory format for the register of information on all contractual arrangements with ICT third-party service providers
Hits all financial entities in scope of DORA and their primary national regulators
Entities must begin populating these registers to ensure compliance by the end of the current transition period

🛡️ 2️⃣ [#14] AFM — Faster AI-Driven Attacks Demand Stronger Resilience
The Dutch regulator highlights that AI is being used to accelerate cyberattacks requiring firms to enhance their defensive posture
Impacts Dutch financial institutions and investment firms across the market
Firms should review incident response plans for AI-specific threats to ensure operational continuity

3️⃣ [#15] MFSA — Observations on Digital Operational Resilience in Authorisations
Feedback on 2025 applications shows recurring weaknesses in ICT risk management and third-party oversight
Hits firms applying for MFSA authorisation or migrating to DORA compliance regimes
Applicants must address governance gaps in their digital operational resilience frameworks before final approval

The convergence of AI-driven threats and the rigorous demands of digital operational resilience represents a critical juncture for the financial sector as we move through mid-2026. The Dutch AFM’s guidance on AI-driven attacks serves as a stark reminder that technical resilience is no longer a static goal but a dynamic race against automated adversaries. Firms can no longer rely on traditional periodic testing; instead, they must move toward continuous monitoring and real-time response capabilities to counter the increased speed of modern breaches. This shift requires a fundamental rethink of how security operations centers are staffed and the tools they utilize to detect anomalous behavior.

The MFSA’s observations further underscore this challenge, noting that even new applicants are struggling to meet the baseline expectations for digital governance. This indicates a broader industry gap between regulatory expectations and technical implementation, particularly regarding third-party risk. As regulators like the EBA move toward stricter oversight of ICT registers and AI governance, the focus is shifting from simple policy creation to deep operational reality. For compliance officers, the message is clear: the integration of AI into both the threat landscape and the regulatory framework is the defining theme of the year. Success will depend on the ability to bridge the silo between the IT security desk and the board-level risk committee. The next six months will be defined by the rigorous testing of these new frameworks under real-world pressure.

Full analysis in today's RegNext Daily Europe Radar.

June 9, 2026
daily-europe-2026-06-09-slide-02.png
daily-europe-2026-06-09-slide-03.png
daily-europe-2026-06-09-slide-04.png
daily-europe-2026-06-09-slide-05.png
daily-europe-2026-06-09-slide-06.png
No items found.
No items found.