The European Securities and Markets Authority (ESMA), the EU’s financial markets regulator and supervisor, welcomes the strong initial engagement by National Competent Authorities (NCAs) on cyber risk and digital resilience and calls for continued efforts on the Union Strategic Supervisory Priorities (USSPs).
ESMA promoted cyber and digital resilience as a strategic supervisory priority of the Union starting January 2025 in direct alignment with the entry into application of the Digital Operational Resilience Act (DORA). This allows enhanced coordination of EU supervisors’ efforts toward strengthening firms’ ICT risk management and improves the digital resilience of the EU securities market.
Since the start of this USSP, NCAs and ESMA direct supervision have demonstrated commitment to monitor financial entities’ adherence to DORA requirements through proactive checks and supervisory capacity building. Given the importance of securing a resilient financial sector, ESMA is calling on NCAs to keep up their efforts in 2026 to continue ensuring effective supervisory implementation across the EU. Coordination between authorities’ supervisory work and the DORA oversight framework will be essential.
Through 2025, ESMA and NCAs have also carried out intense supervisory work on ESG disclosures, defined as a USSP since 2022. This has played a pivotal role in promoting the application of ESG requirements throughout the sustainable investment ecosystem, guiding and supporting market participants on this journey. In 2026, NCAs will target efforts to consolidate achievements under the ESG disclosures USSP, focusing on high-risk areas.
Finally, in 2026, ESMA will consider new topics in other areas that may need intensified supervisory work at Union-wide level in the following years.
Further information:
Solveig Kleiveland
Team Leader – Communications
press@esma.europa.eu