France's Financial Markets Authority urges regulated firms to strengthen cyber resilience against AI-driven threats

France's Financial Markets Authority has published a statement making cyber resilience a strategic priority in its 2026 action plan and warning that rapid advances in artificial intelligence can accelerate the identification and exploitation of vulnerabilities and scale malicious campaigns. It says firms under its remit should adapt their cyber risk frameworks accordingly, and that it will act through international coordination, domestic supervision, awareness work and inspections. The authority supervises compliance with the Digital Operational Resilience Act for portfolio management companies, crypto-asset service providers, crowdfunding service providers and market infrastructures. It highlighted the regulation's core obligations, including identifying critical processes and systems, mitigating cyber risks, managing incidents, testing digital operational resilience and controlling third-party risk. It also reminded senior management to ensure cyber risks are identified, monitored and tested, and pointed firms to recognised good practices such as robust system and supplier mapping, access controls, faster patching, backup and restoration testing, staff training, detection and incident response measures, technical security audits and the inclusion of AI-related risks in cyber scenarios. The European Supervisory Authorities are expected to publish a report on major incidents reported under DORA, after which the AMF will issue a first review focused on French entities it supervises. In the second half of 2026 it will run awareness actions, including a webinar on 1 July, survey firms from July on measures taken or planned for AI-related cyber risks, publish the results in the autumn and continue cybersecurity inspections.