Regulatory Alerts2025-10-20
Digital Dependency in the Financial Sector
The Dutch Authority for the Financial Markets (AFM) and De Nederlandsche Bank (DNB) require financial institutions to proactively manage and mitigate digital dependency risks on non-European IT suppliers, particularly hyperscalers, by implementing exit strategies, multi-vendor approaches, and sovereign cloud measures. The regulators mandate enhanced short-term resilience against disruptive geopolitical and cyber scenarios while urging European policymakers to develop full-fledged domestic alternatives and strengthen the Digital Operational Resilience Act (DORA) to address systemic concentration risks. Supervisors will intensify cross-agency cooperation, audit third-party dependency registers, and evaluate regulatory barriers to foster a resilient, autonomous European financial technology ecosystem.