ECB Multi-Trillion Payment System Outage: When Europe's Financial Plumbing Breaks

The Cascade Effect

When TARGET2 experiences disruptions, the effects cascade through the entire European financial ecosystem. The February 2025 outages demonstrated this cascade in real time, affecting multiple layers of financial infrastructure and market activity.

Interbank Settlement Disruption

The most direct impact was on interbank settlements. Banks that had queued payment instructions to TARGET2 found their payments stuck in processing. For banks with significant intraday liquidity management — using incoming payments to fund outgoing obligations — the blockage created liquidity squeezes. Banks that expected to receive funds from counterparties found those funds delayed, potentially affecting their ability to meet their own payment obligations.

The liquidity management challenge was acute for smaller banks with tighter liquidity buffers. Large banks typically maintain substantial excess liquidity and can absorb settlement delays of several hours. Smaller banks, operating with narrower margins, may face genuine liquidity stress when expected inflows are delayed — even when the delay is caused by infrastructure rather than counterparty default.

Securities Settlement Impact

TARGET2-Securities (T2S), the centralized securities settlement platform operated alongside TARGET2, was also affected. Securities transactions — bond trades, equity settlements, repo operations — depend on the delivery-versus-payment mechanism that links securities transfer to cash settlement via TARGET2. When the cash leg cannot settle, the securities leg is blocked, creating backlogs that can take days to fully clear.

The securities settlement impact extended to monetary policy operations. The ECB's regular refinancing operations, through which it manages eurozone liquidity, depend on TARGET2 for cash settlement. Disruptions to TARGET2 can delay or prevent the settlement of monetary policy operations, potentially affecting the implementation of the ECB's monetary policy decisions.

Commercial Bank Customer Impact

While TARGET2 is an interbank system not directly used by retail customers, the disruptions cascaded into commercial bank operations. Banks that could not settle interbank obligations delayed processing of customer payments — particularly high-value payments and cross-border euro transfers. Corporate treasurers managing working capital across multiple eurozone countries found their payment flows disrupted, affecting supply chain payments, salary disbursements, and financial market transactions.

The Reputational Question

For the ECB, the TARGET2 outages raised reputational concerns. The ECB is simultaneously the operator of TARGET2 and the supervisory authority responsible for ensuring that financial institutions maintain operational resilience — including resilience to infrastructure disruptions. An outage at the ECB's own infrastructure undermines the credibility of its supervisory expectations for commercial banks.

This dual role — infrastructure operator and prudential supervisor — creates a structural tension that the February 2025 outage brought into sharp focus. When the ECB examines a commercial bank's business continuity plan for payment system disruptions, the bank's plan necessarily depends on the reliability of TARGET2 — the very system the ECB operates. The ECB cannot credibly demand that banks maintain higher resilience standards than it maintains for its own infrastructure.

The Plumbing of European Finance

TARGET2, the Trans-European Automated Real-time Gross Settlement Express Transfer System, is arguably the most critical piece of financial infrastructure in the eurozone. Operated by the European Central Bank and the national central banks of the Eurosystem, it processes interbank payments in real time — the final settlement layer for virtually all euro-denominated transactions between financial institutions. On a typical business day, TARGET2 processes approximately 350,000 transactions worth several trillion euros.

In late February 2025, as reported by Reuters on February 27-28 and in a follow-up on March 10, TARGET2 experienced outages that disrupted the flow of interbank settlements across the eurozone. The outages, while eventually resolved, sent shockwaves through the European financial system. When TARGET2 stops, the entire eurozone interbank payment system stops. Banks cannot settle obligations to each other. Securities transactions cannot complete. Monetary policy operations — the ECB's primary tool for managing the eurozone economy — cannot be executed.

The February 2025 outage was not the first time TARGET2 had experienced disruptions. In October 2020, a significant outage lasting several hours prevented banks from settling transactions, causing cascading delays across the European financial system. The ECB subsequently commissioned an independent review by Deloitte, which identified technical, procedural, and governance weaknesses in the TARGET2 infrastructure. The February 2025 disruption raised uncomfortable questions about whether the lessons of 2020 had been fully implemented.

For DORA compliance, the TARGET2 outage presented a unique challenge. TARGET2 is not a commercial ICT third-party service provider — it is a central bank operated infrastructure. Yet for every commercial bank in the eurozone, it is a critical dependency without which core banking operations cannot function. DORA's framework primarily addresses risks that financial entities can manage — but TARGET2 is an infrastructure that banks must use and over which they have no governance authority.

The incident also tested DORA's incident reporting framework in real time. Banks across the eurozone experienced the TARGET2 disruption as an operational event affecting their ability to process payments. Under DORA Art. 19, they were required to assess whether the event constituted a major incident requiring notification to their national competent authority — even though the root cause was entirely outside their control.

DORA Applied to Central Bank Infrastructure Dependency

The TARGET2 outage raises fundamental questions about how DORA's framework addresses dependencies on central bank-operated infrastructure — a category of systemic dependency that financial entities cannot avoid, cannot diversify, and cannot contractually govern.

Art. 5-6 — ICT Risk Management for Infrastructure Dependencies

DORA Art. 5-6 requires financial entities to identify and manage all ICT risks. TARGET2 dependency is an ICT risk — arguably the most significant single-point-of-failure risk in the European financial system. Yet this risk has unique characteristics that challenge conventional risk management approaches:

No alternative provider exists. Unlike commercial cloud services where multi-provider strategies are possible, there is no alternative to TARGET2 for euro-denominated real-time gross settlement. A bank cannot diversify its TARGET2 dependency.

No contractual governance applies. Banks do not have SLAs with the ECB for TARGET2 service levels. There are no contractual remedies, no penalty clauses, and no exit rights. The relationship is regulatory, not commercial.

No due diligence is possible. Banks cannot audit TARGET2's technical infrastructure, examine its code, or assess its cybersecurity posture. They must trust the ECB's operational competence without verification.

For DORA compliance, this means that TARGET2 dependency must be identified in the ICT risk register as a critical, unmitigable single-point-of-failure risk with compensating controls as the primary risk management strategy. Those compensating controls include maintaining alternative payment channels (SWIFT, correspondent banking), establishing liquidity buffers to absorb settlement delays, and pre-planning customer communication for TARGET2 disruption scenarios.

Art. 11 — Business Continuity for Payment System Outages

DORA Art. 11 requires financial entities to maintain business continuity plans that cover the failure of critical ICT systems. For eurozone banks, TARGET2 is the most critical payment system. Business continuity plans must explicitly address the TARGET2 outage scenario, including:

• Alternative payment routing through SWIFT or bilateral correspondent banking channels
• Liquidity management procedures for maintaining operations when inflows are delayed
• Customer communication templates for informing clients about payment processing delays
• Prioritization frameworks for processing critical payments first when capacity is constrained
• Securities settlement contingency for managing T2S disruptions alongside TARGET2

Art. 11(6) requires yearly testing of these plans. The February 2025 outage provides a real-world benchmark against which tested recovery capabilities can be measured. Banks should assess whether their tested business continuity procedures would have maintained adequate service levels during the actual outage.

Art. 17-19 — Incident Reporting for Infrastructure Events

The TARGET2 outage created an incident reporting challenge for commercial banks. Under Art. 19, banks must report major ICT-related incidents to their national competent authority. A TARGET2 outage affects every eurozone bank simultaneously, but the incident occurred outside each bank's ICT perimeter.

The pragmatic approach is for banks to classify a TARGET2 outage as a major incident if it materially affects their ability to provide critical services to customers — regardless of where the root cause lies. The fact that the root cause is at the ECB does not reduce the operational impact on the bank or its customers. The notification should reference the external cause and focus on the impact on the reporting entity's services and customers.

Art. 28-30 — Central Bank Infrastructure as a Third-Party Dependency

While central bank infrastructure does not fit neatly into DORA's ICT third-party framework, the principles of third-party risk management remain relevant. The TARGET2 outage demonstrates that banks must treat central infrastructure dependencies with the same rigor as commercial vendor dependencies — identifying the dependency, assessing the risk, implementing compensating controls, and maintaining contingency plans.

The key difference is that the risk management strategy for central bank infrastructure is purely compensatory. Banks cannot reduce the probability of a TARGET2 outage (they have no influence over the infrastructure). They can only reduce the impact through preparedness — liquidity buffers, alternative channels, communication readiness, and tested contingency procedures.

Systemic Infrastructure: The Unmitigable Dependency

The TARGET2 outage crystallizes a fundamental challenge for DORA implementation: how do you build operational resilience when your most critical dependency is a monopolistic infrastructure over which you have no control?

The Monopolistic Infrastructure Challenge

European finance depends on a small number of monopolistic infrastructure providers: TARGET2 for euro settlement, T2S for securities settlement, SWIFT for messaging, CLS for foreign exchange settlement. Each represents a single point of failure that no individual institution can mitigate through diversification. The failure of any one of these systems creates a systemic event affecting all participants.

DORA's framework was primarily designed for managing risks that institutions can control or influence. The regulation addresses ICT risk management (Art. 5-16) that institutions implement, third-party risk (Art. 28-44) that institutions manage through contracts and due diligence, and resilience testing (Art. 24-27) that institutions conduct on their own systems. But for monopolistic infrastructure dependencies, none of these management tools are available:

• Institutions cannot implement risk management on infrastructure they do not operate
• Institutions cannot contractually govern infrastructure operated by regulators
• Institutions cannot conduct resilience testing on systems they do not control

The only available risk management strategy is compensatory: maintaining alternative channels, building liquidity buffers, and ensuring that business continuity plans specifically address infrastructure failure scenarios.

The ECB's Dual Role Dilemma

The ECB's simultaneous roles as TARGET2 operator and banking supervisor create a structural conflict. As supervisor, the ECB demands that banks maintain operational resilience. As infrastructure operator, the ECB's own resilience directly determines whether banks can maintain operations. The February 2025 outage demonstrated that the ECB's infrastructure was not immune to failure — yet the ECB continued to hold banks to resilience standards that assumed TARGET2 availability.

This dilemma has no clean resolution. The ECB cannot realistically supervise itself with the same rigor it applies to commercial banks. But banks cannot realistically be held accountable for disruptions caused by the ECB's own infrastructure. The practical resolution must involve transparency: the ECB publishing detailed post-incident analyses of TARGET2 disruptions, committing to specific reliability targets, and acknowledging the infrastructure risk that banks must manage as an uncontrollable input to their resilience frameworks.

Lessons for DORA Implementation

Identify and classify infrastructure dependencies. Every financial institution's ICT risk register should explicitly identify monopolistic infrastructure dependencies — TARGET2, T2S, SWIFT, domestic payment systems — and classify them as critical, unmitigable risks requiring compensating controls.

Test business continuity for infrastructure failure. DORA Art. 11 business continuity testing must include realistic scenarios for the failure of each critical infrastructure dependency. The test should verify that alternative payment channels function, that liquidity buffers are adequate, and that customer communications are ready for rapid deployment.

Maintain alternative channels. For payment processing, maintaining the ability to route payments through alternative channels (SWIFT gpi, bilateral correspondent banking, domestic RTGS alternatives where available) is the primary compensating control for TARGET2 dependency.

Build liquidity buffers. Financial institutions must maintain intraday liquidity buffers sufficient to absorb the impact of TARGET2 settlement delays lasting at least the duration of the worst historical outage — with a safety margin.

Coordinate sector response. Infrastructure outages affect all institutions simultaneously. Sector-level coordination mechanisms — through banking associations, FS-ISACs, and supervisory channels — must be in place to coordinate customer communication, manage market impact, and prevent systemic liquidity stress.

The Broader Infrastructure Resilience Question

The TARGET2 outage ultimately raises a question that goes beyond DORA: who is responsible for the resilience of Europe's financial infrastructure? DORA places responsibility on financial entities for their own operational resilience. But financial entities' operational resilience depends critically on infrastructure they do not control. Until the resilience of central financial infrastructure — TARGET2, T2S, SWIFT, DNS, power grids, telecommunications — is addressed with the same rigor that DORA applies to individual institutions, the financial system's resilience will only be as strong as its weakest infrastructure link.