This brochure gives you a quick overview of the EU's main cybersecurity policy and research activities.

Cover page of the brochure on cybersecurity in the European Union

 

You can also download the brochure as a PDF

The European Union and the EU Member States are building the necessary cybersecurity culture and capabilities to resist and counteract the very real and ever-changing cyber threats and cyber-attacks. The European Union stands ready to take up the challenges of tomorrow.

Cyber‑attacks know no borders and no one is immune.

European Commission President Jean-Claude Juncker
State of the Union Address, 13 September 2017

A secure European digital single market - One we all trust

The European context

The digital era is creating numerous new opportunities for the economy and society. But, at the same time, it introduces new challenges.
Adversaries want to disrupt and dismantle our common digital future. We cannot, and will not, let them.
Cyber-incidents and cyber-attacks cause the loss of billions of euros every year. Cybersecurity, trust and privacy are the foundations of a prosperous European Digital Single Market.
The EU has adopted a wide-range of measures to shield the European Digital Single Market and protect infrastructure, governments, businesses and citizens.

Europe’s strength lies in its diversity, skills and commitment to strong cybersecurity

Our assets:

  • Cybersecurity as a top EU priority
  • High-level cybersecurity expertise
  • Strong cybersecurity industry with our innovative SMEs
  • A growing Digital Single Market
  • EU solidarity

A secure and trusted digital single market

European countries occupy 18 of the top 20 places in the global national cybersecurity index, a ranking of countries based on their preparedness to prevent cyber threats and manage cyber incidents.
(Data: NCSI) 

EU citizens are concerned about cybersecurity and privacy

88% of daily internet users expressed big concerns regarding becoming the victim of cyber‑attacks.
77% of daily internet users expressed big concerns about their personal information not being kept safe by websites.

(Data: Eurobarometer 2018 on attitudes towards cybersecurity)

EU cybersecurity and digital privacy at a glance

Cooperation

  • Security of Network & Information Systems Directive (NIS)
  • Cybersecurity public-private partnership
  • Electronic Identification Regulation (eIDAS)
  • Cyber diplomacy
  • EU Cybersecurity Act Regulation

Risk Prevention

  • Security of Network & Information Systems Directive (NIS)
  • EU Cybersecurity Act Regulation
  • General Data Protection Regulation (GDPR)

Greater Capabilities

  • Security of Network & Information Systems Directive (NIS)
  • EU Cybersecurity Act Regulation
  • Horizon 2020 /EU research programme
  • Connecting Europe funding programme

In the future:

  • A European Cybersecurity Competence Centre and Network

Coordinated response

  • NIS Directive
  • EU cyber-crisis blueprint
  • Cyber diplomacy

EU Cybersecurity Certification framework

  • EU Cybersecurity Act Regulation

Building the capacity to protect

The EU works on many fronts to strengthen cybersecurity and cyber resilience. It has an advanced cybersecurity regulatory framework in place.

The directive on security of network and information systems (NIS)

The NIS Directive is the cornerstone of the EU’s cybersecurity architecture. It provides legal measures to boost the overall level of cybersecurity and preparedness in the EU:

  • Creates a culture of security across vital sectors of our economy and society:
  • Increases national cybersecurity capabilities by requiring EU Member States to have:
    • A National Cybersecurity strategy
    • National Computer Emergency Response Teams (CSIRTs)
    • NIS national competent authorities
    • A Single Point of Contact
  • Enhances EU-level cooperation and sharing of information by establishing:
    • The CSIRTs Network – a network composed of EU Member States’ appointed CSIRTs and CERT-EU
    • The NIS Cooperation Group - composed of representatives of the EU Member States, the European Commission and the EU Agency for Cybersecurity (ENISA)

EU Cybersecurity Act

The EU’s Cybersecurity Act sets:

  • A permanent mandate and stronger role for the European Union Agency for Cybersecurity (ENISA)
  • A framework for European Cybersecurity Certification for digital products, processes and services that will be valid throughout the European Union.

ENISA

Formed in 2004, the European Union Agency for Cybersecurity(ENISA) in Athens, Greece is working closely with EU Member States and the private sector to advise on and resolve critical problems of the day.

The European Cybersecurity Certification Framework

  • A common European approach to cybersecurity certification as a vital element of Europe’s Digital Single Market.
  • Modern, dynamic and risk-based cybersecurity certification schemes.
  • Open, inclusive and transparent governance framework with multiple opportunities for stakeholder contributions.
  • Market oriented with a strong emphasis on the use of globally relevant international standards.

EU blueprint for coordinated response to large-scale cyber incident

  • Cross-border response procedures
  • Cyber incident taxonomy
  • Swift and effective cooperation
  • Preparedness

New efforts to step up cybersecurity in the European Union

Establishing a network of cybersecurity national centres with a new European cybersecurity industrial, technology and research competence centre at its heart, in order to:

  • Pool, share and ensure access to existing expertise
  • Help deploy EU cybersecurity products and solutions
  • Ensure long-term strategic cooperation between industries, research community and governments
  • Co-invest and share costly infrastructure

The European cybersecurity industrial, technology and research competence centre

Centre’s Role:

  • Network coordination and support
  • Research programming and implementation
  • Procurement

A network of national cybersecurity centres

Each Member State will put in place one national coordination centre to work in the network to develop new European cybersecurity capabilities. The network will identify and support the key cyber research and development priorities in the EU.

Investment in cybersecurity research, innovation & deployment

The European Union has been investing in cybersecurity and privacy research and innovation since the early ’90s.

number of organisations working in cybersecurity projects is 1,352 involved in 132 projects across Europe; per topic: 40,5% in secure systems, 19,3% in cybersecurity governance, 13,2% in operational risk, 10% in human aspects, 8,8% in identity and privacy, 8,2% in verification and assurance.

The large number of organisations participating in EU funded cybersecurity and privacy related projects positively impacts the European Union as it:

  • Advances research and innovation
  • Supports a cross-border and transgovernmental collaboration
  • Promotes the sharing of knowledge
  • Provides input to shape the future EU policies

European Commission and cybersecurity industry public-private partnership

The contractual public-private partnership of the European Commission with the European Cyber Security Organisation (ECSO) will have triggered more than € 1.8 billion of investment in cybersecurity by 2020.

Cybersecurity enhances digital privacy

Europeans have set high standards for digital privacy. These standards help deliver better cybersecurity.

EPrivacy directive – shielding confidentiality of our online communications

The ePrivacy Directive ensures the confidentiality of communications and defines the rules regarding online tracking and monitoring. It is now being updated to cover the new means of online communications, such web emails and messenger services (ePrivacy Regulation).

General data protection regulation (GDPR) – A European success story complied with worldwide

The GDPR, introduced in May 2018, provides new rules to give citizens more control over their personal data, and a competitive edge to compliant businesses.

EIDAS regulation – EU-wide electronic identification and authentication system

The electronic identification, authentication and trust services (eIDAS) system came into force in October 2018, introducing safe ways for individuals and companies to perform transactions online. It includes:

  • A cross-border digital signature system
  • GDPR-compliant digital profiling
  • Compliance with the “once-only principle”, where citizens and companies only have to provide standard information to authorities once.

Cyber Diplomacy

The European Union and its Member States strongly promote an open, free, stable and secure cyberspace where human rights and fundamental freedoms and the rule of law fully apply for the social well-being, economic growth, prosperity and integrity of free and democratic societies.

To this end the EU and its Member States:

  • reaffirm the importance of the application of international law, adherence to norms of responsible state behaviour and the use of confidence building measures.
  • stress the importance of outreach and capacity building to promote responsible state behaviour and advance global cyber resilience.
  • commit to prevent conflicts and advance cyber stability through the use of law-enforcement, legal and economic and diplomatic instruments, including if necessary sanctions.

Intellectual Property

European Union, 2019 + Cyberwatching
Attention: Some rights for images are reserved and special permission must be requested prior their use.