ESMA issues principles for risk‑based supervision.
The document describes an approach to regulatory adaptation that emphasizes flexible, risk-based supervision in response to digital and technological change. It presents Risk-Based Supervision as a framework intended to identify emerging risks beyond existing legislation through systematic risk identification. The discussion outlines a dual-level process combining industry-wide analysis of technological trends with firm-level assessments of IT systems and operational resilience. It further notes that identified risks are evaluated for potential impact, highlighting cybersecurity as an example that may involve cross-regulatory coordination and could threaten critical operations if severe.