Business

Esma: Cloud & AI Regulation Won’t Soften – Risk.net

by Chief Editor
written by Chief Editor

Regulatory Scrutiny of Cloud and AI in Finance: A Deep Dive

European regulators are maintaining a firm stance on risk governance and operational resilience as financial institutions increasingly adopt cloud services and artificial intelligence (AI). Klaus Löber, chair of the central counterparty (CCP) supervisory committee at the European Securities and Markets Authority (Esma), has signaled that the benefits of these technologies will not lead to relaxed oversight.

The Evolving Landscape of Cloud Outsourcing

The financial sector’s move to cloud computing is accelerating, driven by the promise of cost savings, scalability and innovation. However, this shift introduces new risks related to data security, vendor lock-in, and operational dependencies. ESMA has been actively addressing these concerns, publishing guidelines on outsourcing to cloud service providers (CSPs) as early as December 2020. These guidelines focus on risk assessment, due diligence, governance frameworks, and contractual elements.

DORA and the Alignment of Regulations

Recent updates to ESMA’s guidelines, published in July 2025, demonstrate a commitment to aligning with the Digital Operational Resilience Act (DORA), which came into effect in January 2025. DORA aims to establish a comprehensive framework for managing ICT risk across the financial sector. The ECB and ESMA have both issued guidance to financial institutions on managing cloud outsourcing arrangements in line with DORA’s principles.

AI’s Growing Role and Regulatory Challenges

Alongside cloud adoption, the integration of AI, including generative AI, presents both opportunities, and challenges. Even as AI can enhance efficiency and decision-making, it also introduces risks related to model risk, data bias, and algorithmic transparency. Regulators are focused on ensuring that financial institutions have robust risk management frameworks in place to address these emerging threats.

Heightened Scrutiny of CCPs

Central counterparties (CCPs) are under particularly close scrutiny due to their critical role in financial stability. Löber’s warning underscores the expectation that CCPs will maintain rigorous risk governance and operational resilience standards, even as they leverage cloud and AI technologies. This includes addressing concentration risk and ensuring the ability to exit outsourcing arrangements without disruption.

Key Areas of Regulatory Focus

  • Risk Assessment and Due Diligence: Thorough evaluation of CSPs and AI models is crucial.
  • Governance and Control Frameworks: Robust frameworks are needed to monitor performance and manage risks.
  • Contractual Agreements: Clear and comprehensive contracts with CSPs are essential.
  • Incident Management and Business Continuity: Plans must be in place to address disruptions and ensure business continuity.
  • Reporting to Competent Authorities: Transparency and timely reporting are vital for effective supervision.

Pro Tip

Financial institutions should proactively engage with regulators to understand their expectations and demonstrate compliance with evolving guidelines.

FAQ

Q: What is DORA?

A: The Digital Operational Resilience Act is an EU regulation designed to strengthen the digital operational resilience of the financial sector.

Q: What are ESMA’s guidelines on cloud outsourcing?

A: ESMA’s guidelines provide guidance on risk assessment, governance, contractual elements, and reporting requirements for firms outsourcing to cloud service providers.

Q: Why are CCPs under increased scrutiny?

A: CCPs play a vital role in financial stability, making them a key focus for regulators.

Q: What is the main message from Esma regarding cloud and AI?

A: The adoption of these technologies will not lead to a softening of regulatory expectations regarding risk management and operational resilience.

Did you know? ESMA first published guidelines on cloud outsourcing in 2020, demonstrating the ongoing focus on this area.

Explore further resources on ESMA’s website and stay informed about the latest regulatory developments.

Reader Question: What are the biggest challenges financial institutions face when implementing DORA?

We encourage you to share your thoughts and experiences in the comments below.

Samantha Carter oversees all editorial operations at Newsy-Today.com. With more than 15 years of experience in national and international reporting, she previously led newsroom teams covering political affairs, investigative reporting, and global breaking news. Her editorial approach emphasizes accuracy, speed, and integrity across all coverage. Samantha is responsible for editorial strategy, quality control, and long-term newsroom development.

You may also like

An update on our model deprecation commitments for...

Serbian Deputy PM Ivica Dacic Hospitalized with Pneumonia...

Nacional 2026 Kit: Umbro Celebrates Uruguay’s Most Successful...

Whirlpool Amana Plant: Layoffs, Shift Cuts & Mexico...

Graphics Depicting Meta’s Next Headset Found In Quest...

Cuba: 4 Dead, 6 Injured in Shooting with...

Equal Opportunity Employment & Reasonable Accommodations | Mayo...

Indian Rupee (INR/USD) Price & News – February...

10 Cool Gadgets Actually Worth Buying On A...

Swiss Explosion: Hundreds of Kg of Explosives Detonate,...

Leave a Comment