Nos derniers articles

This article argues that there is an increasing erosion of the traditional public-private divide, which is a key principle of liberalism and the rule of law. The authors identify a gradual shift, starting with the "responsibilization" of private actors and progressing to risk-based regulation like the GDPR. They contend that the DSA and AI Act represent a new milestone, as they delegate regulatory powers to private companies, effectively turning them into regulators of their TPSPs. This “privatization of public action” is seen as a serious threat to the rule of law because it removes public action from public scrutiny. To address this, the authors suggest connecting the rule of law more closely with democracy, which could help set boundaries for the legislative conferral of regulatory powers to private entities.

This paper 𝗲𝘅𝗮𝗺𝗶𝗻𝗲𝘀 𝘁𝗵𝗲 𝗲𝘀𝗰𝗮𝗹𝗮𝘁𝗶𝗻𝗴 𝘁𝗵𝗿𝗲𝗮𝘁 𝗼𝗳 𝗔𝗜-𝗱𝗿𝗶𝘃𝗲𝗻 𝗳𝗿𝗮𝘂𝗱 𝗮𝗻𝗱 𝗰𝘆𝗯𝗲𝗿𝗰𝗿𝗶𝗺𝗲, highlighting how criminal organizations are rapidly adopting advanced AI, particularly generative AI, to execute sophisticated attacks. It details how these malicious uses lead to 𝗶𝗻𝗰𝗿𝗲𝗮𝘀𝗲𝗱 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗮𝗹 𝗹𝗼𝘀𝘀𝗲𝘀, 𝗺𝗼𝗿𝗲 𝗶𝗻𝘁𝗿𝗶𝗰𝗮𝘁𝗲 𝗰𝗿𝗶𝗺𝗲 𝗽𝗮𝘁𝘁𝗲𝗿𝗻𝘀, 𝗮𝗻𝗱 𝗻𝗼𝘃𝗲𝗹 𝘀𝗰𝗮𝗺 𝘁𝘆𝗽𝗼𝗹𝗼𝗴𝗶𝗲𝘀, such as deepfakes and advanced phishing. The document also 𝗲𝘅𝗽𝗹𝗼𝗿𝗲𝘀 𝘁𝗵𝗲 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲𝘀 𝗳𝗮𝗰𝗲𝗱 𝗯𝘆 𝗳𝗶𝗻𝗮𝗻𝗰𝗶𝗮𝗹 𝗶𝗻𝘀𝘁𝗶𝘁𝘂𝘁𝗶𝗼𝗻𝘀 𝗶𝗻 𝗱𝗲𝗳𝗲𝗻𝗱𝗶𝗻𝗴 𝗮𝗴𝗮𝗶𝗻𝘀𝘁 𝘁𝗵𝗲𝘀𝗲 𝘁𝗵𝗿𝗲𝗮𝘁𝘀, citing issues like slow AI adoption, outdated risk management frameworks, and underinvestment in defense systems. Ultimately, it 𝗮𝗱𝘃𝗼𝗰𝗮𝘁𝗲𝘀 𝗳𝗼𝗿 𝘁𝗵𝗲 𝘂𝗿𝗴𝗲𝗻𝘁 𝗱𝗲𝘃𝗲𝗹𝗼𝗽𝗺𝗲𝗻𝘁 𝗼𝗳 𝗮𝗴𝗶𝗹𝗲, 𝗔𝗜-𝘃𝗲𝗿𝘀𝘂𝘀-𝗔𝗜 𝗱𝗲𝗳𝗲𝗻𝘀𝗲 𝘀𝘁𝗿𝗮𝘁𝗲𝗴𝗶𝗲𝘀 and emphasizes the critical need for industry-wide cooperation to counteract the evolving landscape of AI-enabled financial crime.

The EU Cyber Resilience Act (CRA) establishes cybersecurity standards for connected digital products across the EU. The act aims to enhance transparency and reduce vulnerabilities through risk-based assessments and a CE (Conformité Européenne) marking scheme. While the CRA is seen as a crucial step to address systemic digital risks and regulatory gaps, this analysis suggests it is premature and underdeveloped. The paper raises concerns about the feasibility of its implementation, particularly for small and medium-sized enterprises (SMEs), and highlights challenges with standardized norms and third-party assessment frameworks. The CRA's success, the paper concludes, will depend on its adaptability and sensitivity to economic realities, suggesting it could otherwise hinder innovation.

Le rapport « 2025 stress test of euro area banks » du 1er août 2025 détaille l'exercice de test de résistance mené par la Banque centrale européenne (BCE) pour évaluer la capacité des banques de la zone euro à résister à des chocs économiques et financiers. Cet exercice projette l'évolution de la position de capital des institutions sur trois ans, de 2025 à 2027, sous un scénario de base et un scénario défavorable hypothétique, ce dernier impliquant une aggravation des tensions géopolitiques. Le document analyse l'impact de ces scénarios sur les risques de crédit, de marché et opérationnels, ainsi que sur la rentabilité des banques, intégrant également les nouvelles règles du Règlement sur les exigences de fonds propres 3 (CRR3). Le rapport conclut que le secteur bancaire de la zone euro est globalement robuste, tout en soulignant la nécessité d'une planification prudente du capital face aux incertitudes actuelles.

𝗘𝗜𝗢𝗣𝗔 released its July 2025 𝙄𝙣𝙨𝙪𝙧𝙖𝙣𝙘𝙚 𝙍𝙞𝙨𝙠 𝘿𝙖𝙨𝙝𝙗𝙤𝙖𝙧𝙙, offering an assessment of the European insurance sector's financial health as of Q1 2025 Solvency II data and Q2 2025 market data. Overall, the report indicates a stable risk landscape at a medium level for the European insurance sector, demonstrating notable resilience. However, it also highlights a negative outlook in certain areas over the next year, influenced by complex global dynamics such as geopolitical tensions and market volatility. Specifically, market risks due to fixed income volatility and cyber and digitalization risks are identified as growing concerns, necessitating continued vigilance despite general stability.

A joint initiative by the American Bankers Association and the Financial Services Coordinating Council supports expanding cloud deployment while aiming to mitigate associated risks. Published July 29, 2025, the ABA Banking Journal outlines collaboration among federal regulators, banks and major cloud providers (AWS, Microsoft Azure, Google Cloud, IBM). It highlights key risks—such as CSP‑related operational incidents, misconfigurations under shared‑responsibility models, monitoring gaps, tool and talent deficiencies, and market concentration. The article details a voluntary 16‑section reference tool covering audit, supply‑chain risk, contractual provisions, operational resilience and more. It aims to enhance transparency, cyber‑resilience and regulatory alignment in cloud adoption.

Lack of high-quality public cyber incident data hinders empirical research and predictive modeling for cyber risk. Companies' reluctance to disclose incidents, fearing reputational damage, perpetuates this challenge. Actuarial solutions focus on enhancing existing datasets and employing advanced modeling. A new InsurTech framework is proposed to enrich cyber incident data with entity-specific attributes, addressing the gap in publicly available information. Machine learning models predict incident types and estimate frequencies, demonstrating improved robustness when incorporating InsurTech-derived features. This framework aims to generate transparent, entity-specific cyber risk profiles, supporting tailored underwriting and proactive risk mitigation for insurers and organizations.

The paper 𝙏𝙝𝙚 𝙍𝙚𝙜𝙪𝙡𝙖𝙩𝙞𝙤𝙣 𝙤𝙛 𝘿𝙖𝙩𝙖 𝙋𝙧𝙞𝙫𝙖𝙘𝙮 𝙖𝙣𝙙 𝘾𝙮𝙗𝙚𝙧𝙨𝙚𝙘𝙪𝙧𝙞𝙩𝙮 by Jasmin Gider (Tilburg University - Tilburg University School of Economics and Management), Luc Renneboog (Tilburg University - Department of Finance), and Tal Strauss (European Central Bank ECB) compares and contrasts the regulatory landscapes of data privacy and cybersecurity in the EU and the US. It outlines the fragmented nature of US regulations, often relying on state-specific laws and sectoral approaches, in contrast to the EU's more unified framework like 𝗚𝗗𝗣𝗥 and 𝗡𝗜𝗦 Directives. The text details the increasing costs and frequency of cyber incidents, emphasizing the insufficient mandatory disclosure requirements in both regions. Furthermore, it identifies gaps in current legislation and ongoing efforts, such as the 𝗘𝗨'𝘀 𝗖𝘆𝗯𝗲𝗿 𝗥𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲 𝗔𝗰𝘁 and the US.'s 𝗖𝗜𝗥𝗖𝗜𝗔, to enhance 𝗱𝗶𝗴𝗶𝘁𝗮𝗹 𝗿𝗲𝘀𝗶𝗹𝗶𝗲𝗻𝗰𝗲 and address underinvestment in 𝗰𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆.

The AMRAE study describes 2024 as a positive year for the cyber insurance market, with rising but manageable claim numbers. There's a notable increase in cyber insurance uptake, especially among intermediate and medium-sized businesses, suggesting broader market penetration.
For the first time in five years, premium volume slightly dropped, with an average 18% reduction in annual premium rates for large companies and declining deductibles, indicating increased market flexibility.
However, the report identifies emerging concerns. Claims and payouts for large companies are increasing significantly. Also, a slight capacity increase is not commensurate with rate decreases, suggesting large companies may have reduced budgets more than they've expanded capacity. The study emphasizes the continued importance of accurate cyber risk exposure measurement given geopolitical tensions and new attack vectors.

Financial institutions are increasingly dependent on third-party service providers (TPSPs), raising concerns about systemic risks due to limited transparency. While the EU and U.K. have introduced formal oversight regimes, the U.S. relies on industry cooperation and micro-prudential supervision. A recent case study highlights financial stability risks from a payments disruption linked to a TPSP. As rapid technological change reshapes the financial sector, vulnerabilities from TPSP concentration and interconnectedness may grow. Greater understanding is needed to assess these risks and inform potential oversight responses.