The European Securities and Markets Authority published an update on the Union Strategic Supervisory Priorities, welcoming National Competent Authorities’ initial engagement on cyber risk and digital resilience and calling for continued supervisory efforts. Cyber and digital resilience has been a Union-wide strategic supervisory priority since January 2025, aligned with the start of the Digital Operational Resilience Act (DORA). The priority is intended to enhance coordination among EU supervisors on firms’ information and communication technology (ICT) risk management and improve the digital resilience of EU securities markets. ESMA and NCAs have undertaken proactive checks and supervisory capacity building to monitor financial entities’ adherence to DORA requirements, and ESMA highlighted the need in 2026 to maintain momentum and align supervisory work with the DORA oversight framework. On ESG disclosures, an area designated as a Union Strategic Supervisory Priority since 2022, ESMA noted intensive supervisory work through 2025 and indicated that 2026 supervision will focus on consolidating achievements and targeting high-risk areas. ESMA also signalled it will consider additional topics in 2026 that may warrant intensified Union-wide supervisory work in subsequent years.
European Securities and Markets Authority 2025-10-24
European Securities and Markets Authority urges National Competent Authorities to sustain DORA cyber resilience supervision into 2026 and consolidate ESG disclosure work
The European Securities and Markets Authority (ESMA) updated the Union Strategic Supervisory Priorities, emphasizing cyber risk and digital resilience, aligned with the Digital Operational Resilience Act (DORA). ESMA and National Competent Authorities have been enhancing ICT risk management and digital resilience in EU securities markets. For 2026, ESMA plans to consolidate ESG disclosure achievements and target high-risk areas, while considering new topics for intensified supervisory focus.