The Dutch financial sector is too dependent on IT services from companies based outside Europe, leaving it exposed to cyberattacks and “systemic disruptions”, regulators have warned.

The Dutch national bank DNB and the financial markets authority AFM said Europe needed to develop its own digital services infrastructure to reduce the impact of an attack or a system failure at a single service provider.

They warned that “a state actor could exploit these digital dependencies for political leverage or weaponise them in trade disputes”, referring to the more hostile geopolitical climate since the Russian invasion of Ukraine and the use of trade tariffs by the Trump administration.

European companies are increasingly reliant on a small number of IT service providers for cloud storage, software solutions and AI services, many of which are based in the United States.

In a joint report, DNB and ANB said “robust European alternatives” were needed to protect European data and institutions from sabotage and disruption to IT services.

The report also urged companies to share information about actual attacks, develop threat scenarios and collaborate with IT vendors and authorities.

“Without European digital alternatives, the sector remains exposed to geopolitical risks,” Steven Maijoor, chair of supervision at DNB, said.