European authorities are calling for a comprehensive review of the region’s financial infrastructure, citing the potential for artificial intelligence (AI) to introduce systemic risks across payments, markets, and banking. The push signals that rapid AI adoption could reshape supervisory approaches and market dynamics throughout the European Union.
AI flagged as an emerging systemic risk
Officials warn that increasing reliance on AI models in trading, risk management, fraud detection, and customer operations could amplify market fragility if not properly governed. Key concerns include model concentration among a small number of providers, opaque decision-making, data poisoning, cyber intrusions, and correlated behavior during stress events.
In digital asset markets, these risks may be magnified by 24/7 trading, fragmented liquidity, and automated strategies. AI-driven order execution and surveillance tools can enhance efficiency, but common models and shared datasets may also create herding effects and faster contagion during volatility spikes.
Policy backdrop: DORA, MiCA, and the EU AI Act
The review aligns with the EU’s expanding regulatory framework:
- Digital Operational Resilience Act (DORA): Introduces ICT risk-management, incident reporting, and oversight of critical third-party providers, including cloud and analytics firms, applying from 2025.
- Markets in Crypto-Assets Regulation (MiCA): Establishes licensing and risk requirements for crypto-asset service providers and stablecoin issuers, with phased implementation through 2024–2025.
- EU AI Act: Sets risk-based obligations for AI systems, including transparency, testing, governance, and human oversight, with stricter rules for high-risk applications.
Together, these frameworks provide tools to address AI-related operational and prudential risks, but supervisors are signaling that additional coordination and targeted reviews may be needed for market infrastructure and systemic institutions.
What a financial-infrastructure review could cover
- Model governance and validation: Independent testing, bias assessment, explainability, and kill-switch protocols for high-impact AI use cases.
- Third-party and concentration risk: Mapping dependencies on cloud, data, and model providers; stress tests for simultaneous provider outages or failures.
- Data integrity and provenance: Controls against data poisoning, tampering, and synthetic data misuse; robust audit trails.
- Cybersecurity and resilience: Advanced red-teaming for AI-enabled threats, incident response drills, and cross-market coordination.
- Market-structure safeguards: Monitoring for AI-induced herding, feedback loops, and liquidity vacuums in both traditional and crypto markets.
Implications for crypto and digital assets
Exchanges, custodians, and stablecoin issuers leveraging AI for surveillance, risk scoring, and customer operations may face heightened scrutiny under DORA and MiCA. Supervisors are likely to prioritize explainability, operational resilience, and clear accountability for AI-driven decisions. For market participants, the outcome could be tighter rules around model use, stronger oversight of third-party providers, and more detailed incident reporting.
A system-wide review would aim to capture these risks early—balancing innovation with safeguards to prevent AI-related disruptions from propagating through Europe’s financial system and its growing digital-asset markets.