EU Watchdogs Tighten Cyber Rules, Warn on Crypto Fraud in Latest Report

European financial supervisors just dropped their 2025 annual report. And it’s pretty clear where their heads are at right now.

The European Supervisory Authorities—that’s the ESAs—are zeroing in on two big things: cyber resilience and crypto-asset risks. The report came out with a bunch of details about how they’re trying to protect consumers and keep markets stable. They’re worried about digital threats, crypto scams, and the wild stuff happening with AI-driven fraud. The ESAs coordinated with the European Commission and the European Systemic Risk Board throughout 2025, with EIOPA chairing the committee. Supervisory coordination across the EU got a lot of attention, especially as new digital rules kicked in.

DORA rolled out. That’s done.

Digital Resilience Rules Now Live

The Digital Operational Resilience Act—DORA for short—became a real thing in January 2025. All the legal instruments got delivered before the deadline. The European Banking Authority took the lead on identifying critical third-party ICT providers, the ones that basically run the digital plumbing for banks and financial firms across Europe. These providers are now under formal oversight, which is a pretty big shift for how the EU thinks about tech risk.

The ESAs didn’t stop there. They launched two new tools: the Cyber Incident Information Sharing platform and the Threat Intelligence Exchange. Both are meant to help EU countries share information faster when cyber attacks happen. The idea is simple—if one country spots a threat, everyone else should know about it right away. It’s part of a broader push to make EU financial markets tougher against digital disruptions.

But the report also talks about simplifying rules. Seems like a contradiction, right? The ESAs backed efforts to streamline EU financial regulations while keeping consumer protection intact. They made adjustments to PRIIPs Key Information Documents and SFDR reporting requirements. The goal was to cut red tape without opening the door to more risk.

Geopolitical Mess and Crypto Warnings

The report doesn’t sugarcoat the threats. Geopolitical instability is a huge concern. Trade restrictions, conflicts—these things are messing with market stability. The ESAs flagged digital asset volatility as a major risk, along with vulnerabilities in non-bank financial entities. And they’re worried about crypto fraud, which is getting worse with AI-driven scams.

Legal protections for digital assets are limited, the report says. It depends on the asset type, and a lot of retail investors don’t really understand what they’re buying. The ESAs issued warnings about consumer vigilance, basically telling people to watch out for crypto schemes that look too good to be true.

Consumer protection came up a lot. The ESAs updated their guidance on PRIIPs, and several EU countries reported administrative actions. Belgium, Denmark, Hungary, and Poland all took enforcement steps related to consumer safety rules. The ESAs want to make sure firms are following the rules, especially when it comes to retail trading and CFD markets.

Read also: China Bans Crypto Influencers in Latest Marketing Crackdown

They’re also keeping an eye on BigTech. The report noted ongoing monitoring of big tech companies as they move deeper into financial services. The ESAs are working with the Anti-Money Laundering Authority—AMLA—to tackle financial crime risks. It’s unclear exactly what actions they’re planning, but the cooperation signals they’re taking this seriously.

The European Single Access Point got a mention too. ESAP is supposed to make financial and sustainability-related information easier to access. It’s part of a bigger effort to improve transparency and streamline data exchange across EU markets. The ESAs see this as a key tool for keeping investors informed and markets honest.

Securitisation practices are under review. The ESAs didn’t give a ton of details, but they’re looking at how these products are structured and sold. The report emphasized transparency and accountability within the financial system, which probably means more rules are coming down the line.

The supervisory data exchange system is another piece of the puzzle. This system is designed to help EU regulatory bodies share information more efficiently. The ESAs think it’ll support their mission to protect consumers and maintain financial stability, especially as markets get more digitalized.

Cyber threats are a constant worry. The ESAs stressed that institutions need to beef up their defenses and prepare for potential shocks. Geopolitical risks like trade restrictions and conflicts are contributing to market volatility, and the authorities want firms to be ready.

Related: Startale Lands Abu Dhabi Spot, Joins Elite Hub71 Crypto Cohort

The report also touched on structural market shifts. The ESAs are trying to stay ahead of changes in how markets operate, from the rise of digital assets to the growing influence of tech companies in finance. They’re developing new tools and frameworks to keep up with these shifts, but it’s a moving target.

Administrative sanctions in Belgium, Denmark, Hungary, and Poland show the ESAs aren’t messing around. These actions are meant to send a message that consumer protection rules matter, and firms that break them will face consequences. The ESAs reported these sanctions as part of their broader effort to maintain high standards across EU markets.

The report wrapped up with a focus on ongoing initiatives. ESAP, the supervisory data exchange system, and AMLA cooperation are all works in progress. The ESAs are navigating an evolving financial landscape, trying to balance innovation with safety. They’re watching crypto markets, monitoring BigTech, and pushing for better cyber defenses. It’s a lot to juggle, and the report makes it clear they’re not taking any of it lightly.