The Autorité des marchés financiers has identified operational resilience and cyber risk as key priorities in its 2026 action plan. It said financial firms must be better prepared for rapidly evolving digital threats, particularly those linked to artificial intelligence.

AMF Warns AI Accelerates Cyber Threats

The regulator warned that new AI models could accelerate the discovery of system vulnerabilities and make cyberattacks more efficient. It added that AI tools may also contribute to the “industrialisation of malicious campaigns”. At the same time, it noted AI can improve detection and response capabilities, but stressed that firms must adapt their risk management frameworks accordingly.

• PAMM Moves Beyond MetaTrader and cTrader as Brokeree Launches Integration API
• Admiral Markets UK Swings to £2 Million Loss as Administrative Costs Jump 34%
• Interactive Brokers Nears $1 Trillion Client Equity in May as Trading Activity Jumps 47%

The AMF said it will remain active in international coordination through IOSCO, the Financial Stability Board, the European Systemic Risk Board, and the G7 Cyber Expert Group. It also co-chairs IOSCO’s Financial Stability Engagement Group with the UK Financial Conduct Authority.

On supervision, the AMF is enforcing the Digital Operational Resilience Act, in force since January 2025. The regulation sets requirements for cyber risk management, incident reporting, resilience testing, and third-party oversight.

Firms Face Stricter AI Cyber Controls

The AMF will later publish its own assessment focused on French supervised firms, highlighting key lessons and areas for improvement.

In 2026, the regulator will expand outreach and monitoring, including a webinar on 1 July and a survey on how firms are managing AI-related cyber risks. Results are expected in the autumn.

It will also continue cybersecurity Cybersecurity Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer Read this Term inspections covering data protection, incident response, and resilience controls, with a focus on AI-driven threats.

The AMF urged senior management to ensure cyber risks are properly identified, monitored, and tested. It recommended alignment with ANSSI best practices, DORA requirements, and European supervisory guidance.

Key measures include maintaining inventories of critical systems, strengthening encryption, faster patching, regular backups, staff training, incident testing, technical audits, crisis simulations, and integrating AI-related scenarios into cyber risk planning.

EU Reports Rising Cross-Border ICT Risk

Meanwhile, the European Supervisory Authorities published their first annual overview of major ICT-related incidents under the Digital Operational Resilience Act. Issued by the EBA, EIOPA, and ESMA ESMA European Securities and Markets Authority (ESMA) is an independent Authority of the European Union that is responsible for the safety, security, and stability of the European Unions’ financial system and is charged with protecting the public. The European supervisory authority for the securities sector, ESMA was established on 1 January 2011. The European Securities and Markets Authority is an independent EU authority based in Paris. It aims to contribute to the effectiveness and stability of t European Securities and Markets Authority (ESMA) is an independent Authority of the European Union that is responsible for the safety, security, and stability of the European Unions’ financial system and is charged with protecting the public. The European supervisory authority for the securities sector, ESMA was established on 1 January 2011. The European Securities and Markets Authority is an independent EU authority based in Paris. It aims to contribute to the effectiveness and stability of t Read this Term, the report recorded 3,383 incidents, with around one third showing cross-border impact.

It said ICT risks are increasingly “borderless and interconnected” due to shared infrastructure and outsourcing. Cybersecurity incidents accounted for about 10% of cases. The authorities also noted that AI-driven tools could increase future operational risk in financial systems.