Cyber risk and digital resilience will top the European securities regulators’ compliance priorities in 2026, the European Securities and Markets Authority (ESMA) said on Friday.
ESMA said compliance with new legislation that took effect at the start of 2025 — the Digital Operational Resilience Act (DORA), which requires financial firms and their tech suppliers to strengthen their defences against cyberattacks — emerged as a strategic supervisory priority this year.
Both national regulators and ESMA have targeted financial entities’ adherence to the DORA requirements “through proactive checks and supervisory capacity building,” the agency noted.
“Given the importance of securing a resilient financial sector, ESMA is calling on [national regulators] to keep up their efforts in 2026 to continue ensuring effective supervisory implementation across the EU.” It added that coordinating this oversight “will be essential.”
Additionally, amid ongoing concerns about greenwashing, the industry’s ESG disclosures also received “intense” supervisory scrutiny this year, ESMA said.
“This has played a pivotal role in promoting the application of ESG requirements throughout the sustainable investment ecosystem,” it said. Looking ahead, the regulators will aim to build on these efforts “focusing on high-risk areas,” it said.