When the regulator moves faster than the law

In late June, something happened that should make anyone responsible for compliance set aside the annual cycle for a moment. Two of Europe's heaviest-weight financial regulators spoke within days of each other. Sarah Breeden of the Bank of England took the stage at the ECB's Sintra Forum. Nikhil Rathi of the FCA spoke at tech UK. Independently, they arrived at the same uncomfortable conclusion: the technology-agnosticframeworks we have built our controls on were not written with autonomous AI agents in mind.
Rathi said it plainly: legislation will never keep up. That is not an admission of defeat. It is a strategy. And it changes the game for everyone working in operational resilience and regulatory change management.
On 7 July, the warning became formal policy on both sides of the Channel: the Bank of England's Financial Stability Report devoted an entire chapter to frontier AI and cyber risk, the ESRB issued a formal warning, and the ECB gave significant euro area banks a deadline. Here is what the speeches said, what the supervisors have now done, and what I think it means in practice.
Background and context
The shift both regulators describe is not about whether the financial sector uses AI. It already does. The question is what happens when everyone runs it at once, on shared infrastructure, at machine speed.
Breeden's point is that capability is accelerating exponentially. The length of software task AI models can complete doubled roughly every seven months in 2019. By 2024, it doubled every four months. It may be faster still now. The Bank of England's Financial Policy Committee added its own warning back in April: debt financing of AI infrastructure was rising rapidly, in some new and complex ways, and the financial stability consequences of any fall in AI-related asset prices could well increase. The July report confirmed the pace: consensus estimates for AI hyperscalers' 2028 capital expenditure have risen from under $600 billion to over $1 trillion in six months, with more than half expected to bedebt-financed.
Rathi's point is that supervision has to move at the same pace. He is adding stewardship to the FCA's role. Detailed rules remain in some areas, but a growing part of the job is acting before the law arrives.
This does not affect only regulated firms. It follows the dependencies down the supply chain, to any provider of cloud, models, data or software. In other words: us, and our clients.
What is the real challenge?
The core is speed combined with autonomy. Breeden highlights three fronts: agentic cyber, agentic trading and agentic payments.
The most immediate is cyber.Here she borrowed her sharpest line from the Five Eyes cyber security agencies: “The timeline is not years, it is months.” I have read the original statement (NCSC, 22 June), signed by the heads of six national cyber agencies across thefive countries (the US fields two: CISA and NSA). The message is stark.Frontier models will transform both attack and defence. The window between vulnerability discovery and exploitation is shrinking faster than patch cyclescan keep up.
Their recommendations are soberingly basic. Reduce your attack surface. Accelerate patching. Address legacy systems. Tighten identity and access controls. Rehearse incident response. Not revolutionary, but now urgent. The challenge is not that we lack controls. It is that we cannot be confident they will hold under a real, AI-accelerated attack.
And cyber is only the most immediate front. On trading, Breeden warns that AI agents responding similarly to the same triggers could amplify volatility in stress. Especially if their objectives drift from the original goals. Her answer is remarkable. She puts market-wide guardrails on the table, analogous to circuit breakers or kill switches. They would limit or stop trading if faulty AI models cause a market meltdown. The question thereby broadens. It is no longer just whether firms can use the models well. It is whether the system can observe and contain their behaviour.
What does it mean in practice for operational resilience?
This is where it gets concrete for those of us working with DORA. The same goes for the UK side of the coin: the FCA and PRA operational resilience regime, with its important businessservices and impact tolerances.
Breeden stresses that relying on a human in the loop for every single agent action is no longer realistic. That is a fundamental point, and many resilience programmes have not yet absorb edit. You cannot manually approve thousands of automated decisions per second. Instead, you have to be able to observe and contain agents' behaviour. That is the difference between Human-in-the-Loop and Human-on-the-Loop. The distinction should sit at the centre of any governance model for agentic systems.
Breeden also notes that patching itself can cause disruption. The 2024 CrowdStrike incident was precisely a faulty update, not an attack. Resilience is therefore as much about recovering quickly as about defending. It forces us to think in terms of rebuilding from “bare metal”. And in the ability for one institution to take over another's basic functions during an incident.
The July FSR turns that thinking into policy. It concludes that rapid progress since December represents a significant increase in the risks to financial stability from cyber and operational vulnerabilities. It lists “bare metal” rebuild in isolated recovery environments and stand-in facilities for critical business services as formalsystem-wide considerations. And it announces a forthcoming Bank and PRA consultation on cyber and ICT risk management.
The EU counterpart arrived the same day. On 7 July, the European Systemic Risk Board (ESRB) published a formal warning on systemic cyber risks from frontier AI models, adopted on 25 June(ESRB/2026/3). The board has raised its assessment of systemic cyber risk from “elevated” in March to “severe” in June. The warning's core concept is the collapse of defensive time buffers: weaponising a vulnerability used to takehuman experts days or weeks. The models now do it in minutes or hours. The concentration of leading AI providers outside the EU adds strategic dependency. And a deadline came with it: ECB Banking Supervision wrote to significant euro area banks the same day, requiring a comprehensive action plan against AI-driven cyber threats to be submitted by 31 October 2026. London and Frankfurt are speaking with one voice, and Frankfurt has put a date on it.
What do we see when the two speeches are read together?
Rathi adds the regulatory dimension. His FCA makes system-wide intervention routine rather than exceptional. He was explicit about Critical Third Parties: dependencies on model and third-party providers must be properly mapped and governed, with the CTP regime becoming “more important than ever”.
Anyone working with DORA's register of ICT third-party arrangements recognises the requirement. It converges with the UK side: the same dependencies are mapped for important business services under the operational resilience regime, and reported under the FCA's new operational incident and third-party reporting rules. The UK is simply making ongoing supervision of those dependencies the default. The July FSR presses the same point from the stability side. It urges authorities to operationalise the CTP regime, with resilience expectations extending to technology providers below the designation threshold.
But here a genuine divergence emerges, and firms operating across the UK and EU must manage it deliberately. The FCA is betting on a judgement-led, permissive model. The EU AI Act fixes obligations in codified risk tiers ahead of deployment. Codified rules give certainty; stewardship gives speed. You will be running against two clocks at once. This is not a transitional phase. It is the new normal forcross-jurisdictional compliance.
How should firms respond?
My view, after twenty years in the sector, is that the central shift is from periodic to continuous. And that the signal itself has changed character. When legislation cannot keep up, expectations come from somewhere else: from decisions and enforcement, fromletters like the ECB's, from warnings like the ESRB's, from consultations andspeeches. Regulatory change management can therefore no longer be an annual exercise in tracking new legislation. It has to read the full supervisory signal continuously, map it to controls and act on it. That is the logic we have built our monitoring around: not only legislation pending or in force, but decision practice too. And the answer to the signal lies in the disciplines this article has circled all along: third-party risk management, information security management and AI model governance. What Breeden and Rathi add is the speed dimension. It is worth taking seriously whatever tool you use.
A fair challenge deserves naming here. If regulators review and intervene before the regulation is even written, is that the right way to govern? Judgement-led supervision trades legal certainty for speed, and firms are entitled to predictability as well as protection. My answer is that the trade only works if it is disciplined on both sides. Regulators owe the market transparency and consistency in how they exercise that judgement. Firms owe themselves the ability to see those judgements forming early, rather than reading about them in enforcement notices.
Practical takeaways
• Map your third-party dependencies now, not when the regulator asks. Concentration on a few cloud, model and data providers has become a supervisory matter, not just an IT one.
• Decide where human accountability sits for anysystem that transacts rather than merely advises, and how you would evidence it.
• Treat patching as a resilience discipline, not an IT task. Assume breaches will occur, and rehearse fast containment and recovery.
• Carry out the Five Eyes’ five basic actions: reduce your attack surface, accelerate patching, address legacy systems, tighten identity and access controls, and rehearse incident response. There commendations are not new, but the timeline is: months, not years.
• Run two clocks deliberately if you operate in both the UK and EU. Note that the EU clock has just been reset: the Digital Omnibus, adopted at the end of June, defers the AI Act's high-risk obligations to December 2027 and August 2028. Deferral changes the timing, not the architecture. The EU still fixes obligations in codified risk tiers, while the UK moves by supervisory judgement. Document where the two diverge for your products.
• Follow supervisory decisions and enforcement as a benchmark for where the bar is set. When supervision acts before legislation, decision practice is often the earliest concrete signal of expectations.
• Engage in dialogue with the supervisor, and takepart in consortia, working groups and industry seminars. Judgement-ledsupervision rewards those who are in the room where expectations are formed, rather than those who first read about them in enforcement notices.
• Make regulatory change management continuous. This is the thread running through everything above: a supervisor that acts before legislation, EU deadlines that move by omnibus amendment, and an FPC that reassesses AI risk every six months. Annual reviews do not match a world where risk assumptions go stale in months.
Conclusion
Two regulators, six days apart, the same fundamental realisation: technology reshapes itself faster than any statute can be drafted. Firms and supervisors alike have to meet it at that speed.
For those of us working with DORA and the UK operational resilience regime, this is not a threat to the framework. It is confirmation that intelligence, continuous monitoring andbehaviour-based governance are becoming the core, not the accessory.
On 7 July, the words became instruments. The Bank of England's Financial Stability Report devoted an entire chapter to frontier AI and cyber risk. The ESRB published its formal warning the same day, rating systemic cyber risk as severe. And the ECB set a deadline: significant euro area banks must submit an action plan by 31 October 2026. That is precisely where the abstract discussion turns into something boards have to act on.
Abbreviations
FCA: Financial Conduct Authority. The UK conduct regulator, responsible for market conduct and consumer protection.
PRA: Prudential Regulation Authority. The UK prudential regulator for banks and insurers, part of the Bank of England.
FPC: Financial Policy Committee. The Bank of England's macroprudential committee, responsible for the stability of the financial system as a whole and publisher of the Financial Stability Report.
FSR: Financial Stability Report. The Bank of England's twice-yearly assessment of risks to financial stability.
CTP: Critical Third Party. A technology provider of systemic importance designated under the UK oversight regime.
DORA: Digital Operational Resilience Act. The EU regulation on digital operational resilience for the financial sector.
ICT: Information and communications technology.
NCSC: National Cyber Security Centre. The UK's national cyber security authority, part of GCHQ.
ECB: European Central Bank.
Sources
Sarah Breeden, “Agents of change”, Bank of England (ECB Sintra Forum, 30 June 2026): bankofengland.co.uk
Nikhil Rathi, “Rethinking regulation for the age of AI”, FCA (tech UK, 24 June 2026; published draft, may differ from the delivered version): fca.org.uk
Five Eyes statement (NCSC, 22June 2026): ncsc.gov.uk
Bank of England, Financial Stability Report, July 2026 (published 7 July): bankofengland.co.uk
ESRB, Warning of 25 June 2026 on systemic cyber risks stemming from frontier AI models (ESRB/2026/3), published7 July 2026: esrb.europa.eu
ECB Banking Supervision, letter to the CEOs of significant institutions, “Addressing AI-enabled cybersecurity threats” (SSM-2026-0301, 7 July 2026): bankingsupervision.europa.eu
.png)


