Digitalisation, cyber resilience top ESAs 2025 priorities
The Joint Committee of the European Supervisory Authorities (ESAs) highlighted digitalisation, cyber resilience, and sustainable finance as key priorities for 2025. The annual report details efforts to strengthen consumer protection and financial stability across the EU.
DORA implementation drives resilience efforts
The Digital Operational Resilience Act (DORA) was central to the Joint Committee's work in 2025.
The European Supervisory Authorities (ESAs) delivered all mandated legal instruments under DORA, establishing a robust foundation for digital operational resilience across the EU financial sector.
They also launched initiatives to promote supervisory convergence among competent authorities and issued practical guidance for financial entities preparing for DORA's application.
A key milestone was the designation of nineteen critical third-party service providers (CTPPs) between April and November 2025, with the EBA appointed as Lead Overseer for each.
This involved completing preparatory work for new governance structures like the Joint Oversight Network and the Oversight Forum.
Furthermore, the ESAs operationalised the European Systemic Cyber Incident Coordination Framework (EU-SCICF) to facilitate communication and coordination during ICT-related incidents, developing a crisis coordination protocol and establishing a Cyber Incident Information Sharing and Threat Intelligence Exchange (CITE).
These comprehensive actions significantly enhance the EU's capacity to respond to digital disruptions and cyber threats.
Geopolitical shifts and persistent cyber threats
In 2025, the Joint Committee continued to be a crucial forum for discussing cross-sectoral risks, publishing a comprehensive Joint Autumn 2025 Risk Report.
Global economic conditions became more challenging due to heightened geopolitical tensions and shifts in global trade policies, leading to downward revisions of growth forecasts.
Financial institutions were advised to remain vigilant, strengthening risk management and enhancing resilience to cyber threats and market shocks.
Cyber risk remained a key and growing threat, with sophisticated attacks and concentration among third-party IT service providers increasing systemic risk.
Expanding links between traditional finance and crypto-asset markets, alongside growing exposures to non-bank financial intermediaries, introduced further sources of risk, requiring close monitoring.
Digital risks demand constant vigilance
The ESAs advanced sustainable finance and consumer protection, improving SFDR disclosures and launching ESG stress testing guidelines.
However, the rapid evolution of digital risks, from sophisticated cyberattacks to crypto-asset volatility, demands continuous adaptation from regulators and the public.
This report underscores that while progress is made, the financial system faces an ongoing race against emerging threats.