CEPS Task Force

Cybersecurity in Finance

Getting the policy mix right


CEPS and ECRI launched a Task Force on “Cybersecurity in Finance: Getting the policy mix right!” on 19 September at CEPS. The different consensuses achieved during the Task Force will result in a list of recommendations and an action plan that will be submitted to the European regulators (primarily DG FISMA, DG Connect, DG Justice, ESAs, ECB, and European Parliament).

During the kick-off meeting, Task Force Members will agree a priority list of issues to be discussed, among which are recommendations to:

  • reinforce the consistency of the regulatory framework for cybersecurity (especially by analysing the interplay between the GDPR, the PSD2, the NIS Directive, etc.);
  • facilitate the emergence of an EU labelling scheme for ICT security products;
  • determine a risk threshold beyond which financial providers have to notify customers of data breaches;
  • enhance the harmonisation of rules, guidelines and standards for clouds, and determine if prescriptive regulations on data location (GDPR, Art. 30) need to be removed;
  • facilitate the emergence of a balanced digital authentication system that strikes the right balance between security and convenience for customers;
  • stimulate the development of the blockchain and to alleviate specific risks related to this technology.

The kick-off meeting will comprise three presentations from European regulators and practitioners. The contribution of these experts will help shape the final agenda of the Task Force. Three more meetings will be organised before February 2018.


  • Kick-off meeting: Tuesday, 19 September 2017
  • Date 2nd meeting: Monday, 20 November 2017 – Agenda
  • Date 3rd meeting: Tuesday, 6 February 2018 – Draft Agenda
  • Date 4th meeting: Thursday, 17 May 2018

How to join?
Download the Prospectus, view the conditions for participation, fill in the Application Form and return it to us.

Sylvain Bouyon