On 12 August 2025, the European Systemic Risk Board (ESRB) published a report that provides a compliance assessment on sub-recommendation A(1) of the ESRB recommendation of 2 December 2021.
Overview
On 2 December 2021, the General Board of the ESRB adopted Recommendation ESRB/2021/7 (Recommendation) on a pan-European systemic cyber incident coordination framework (EU-SCICF) for relevant authorities. This framework for cooperation aims to support the operationalisation of the Digital Operational Resilience Act’s regulatory and oversight framework. Sub-recommendation A(1) recommends that the European Supervisory Authorities (ESAs), together with the European Central Bank, the ESRB and relevant national authorities, start preparing for the gradual development of an effective EU-level coordinated response in the event of a cross-border major cyber incident or related threat that could have a systemic impact on the EU’s financial sector.
The ESAs delivered a final report on the establishment of the EU-SCICF last summer. The final report was examined by a six-person assessment team endorsed by the ESRB’s Advisory Technical Committee. Overall, the assessment team found that the overall level of compliance with the Recommendation was good and for sub-recommendation A(1) all addressees were assessed as “largely compliant”. However, the report raised certain areas for improvement including the need for adequate resources as a prerequisite to support the development of EU-SCICF.