Business Ethics & ESG News: July 2026
The regulatory focus this fortnight shifted from the reporting rulebook to two harder supervisory problems: advanced AI and climate risk inside the financial system. Brussels set out a plan to stop frontier AI models becoming a cybersecurity liability, the European Central Bank began pricing climate uncertainty into the collateral it lends against, and the clock ran down on the AI Act's transparency duties for AI-generated content. Here is what changed and why it matters for compliance and ethics teams.
EU sets out an Action Plan on Cybersecurity and AI
On 7 July 2026 the European Commission presented an Action Plan on Cybersecurity and Artificial Intelligence, treating the most capable AI models as both a defensive tool and a fresh source of risk. The plan sets three goals: promoting the safe use of advanced AI, strengthening the EU's cyber resilience, and building European capacity to use AI in cybersecurity. It rests on the AI Act's requirement that advanced models be evaluated and their risks assessed before they are placed on the EU market.
In practice the Commission wants an EU-level evaluation capability, expected to become operational in 2027, so that third parties can test frontier models rather than relying on the developers' own assurances. The EU Agency for Cybersecurity and the Commission's Joint Research Centre will build a secure platform, including simulated environments, to test AI for cybersecurity. The plan sits alongside the AI Act, the Cyber Resilience Act, the NIS2 Directive and DORA, so governance teams can read it as a signal of how the AI Office intends to supervise the models their firms increasingly depend on.
Source: European Commission
ECB starts pricing climate risk into its collateral
The European Central Bank has begun factoring climate uncertainty into the value it assigns to the assets banks pledge when they borrow from it. In a blog published on 7 July 2026 the ECB explained the climate factor it added to its collateral framework on 15 June, a forward-looking adjustment applied on top of the standard valuation haircuts used for corporate bonds.
The factor draws on an uncertainty score for each bond that combines a sector-level view of transition risk, a firm-level measure reflecting a company's greenhouse gas emissions, decarbonisation targets and the quality of its climate disclosures, and an asset-level vulnerability component. Utilities, materials and transport are the sectors most exposed. The message for issuers is direct: weaker climate disclosure and a slower transition now carry a measurable funding disadvantage, because a bank can borrow less against that debt.
Source: European Central Bank
AI Act transparency duties near their application date
With the AI Act's transparency obligations for AI-generated content due to apply from 2 August 2026, the European Commission is finalising a voluntary Code of Practice to help providers and deployers meet them. Under Article 50, providers must mark or label synthetic audio, image, video and text so it can be detected as artificially generated, and the Commission plans to publish its list of initial signatories to the Code in July 2026.
The Code is not mandatory, but signing it is presented as a route to more streamlined and legally certain compliance across the EU. For firms that generate marketing copy, images or chatbot output with AI, the deadline is a prompt to check that such content is labelled and that internal policies name who is accountable. Adhering to a voluntary code does not remove the underlying legal duty, so treat it as guidance rather than a safe harbour.
Source: European Commission