Digital Single Market
Digital Economy & Society

Action 124: EU Cyber-security strategy

The cyber-security strategy – "An Open, Safe and Secure Cyberspace" - represents the EU's comprehensive vision on how best to prevent and respond to cyber disruptions and attacks. This is to further European values of freedom and democracy and ensure the digital economy can safely grow. Specific actions are aimed at enhancing cyber resilience of information systems, reducing cybercrime and strengthening EU international cyber-security policy and cyber defence.

The Commission adopted in February 2013 the 'Cybersecurity Strategy of the European Union'.

What is the problem?

Cyber-security incidents are increasing in frequency and magnitude, becoming more complex and know no borders. These incidents can cause major damage to safety and the economy. Efforts to prevent, cooperate and be more transparent about cyber incidents must improve.

Why is EU action required? EU helps Member States to cooperate

Previous efforts by the European Commission and individual Member States have been too fragmented to deal with this growing challenge.

What has the Commission done so far?

In 2013:

  • Presented in February 2013 a proposal, together with the High Representative of the Union for Foreign Affairs and Security Policy, for a 'Cybersecurity Strategy of the European Union'. The proposed Directive lays down measures including:
    1. Member State must adopt a NIS strategy and designate a national NIS competent authority with adequate financial and human resources to prevent, handle and respond to NIS risks and incidents;
    2. Creating a cooperation mechanism among Member States and the Commission to share early warnings on risks and incidents through a secure infrastructure, cooperate and organise regular peer reviews;
    3. Operators of critical infrastructures in some sectors (financial services, transport, energy, health), enablers of information society services (notably: app stores e-commerce platforms, Internet payment, cloud computing, search engines, social networks) and public administrations must adopt risk management practices and report major security incidents on their core services.
  • Together with it, presented in February 2013 a legislative proposal on enhanced network and information security across the Union (action 123 of the Digital Agenda Review package).
  • Secured ENISA's future – in April 2013 the European Parliament voted to extend ENISA's mandate by seven years.
  • The NIS public-private Platform was set up as part of the European Strategy for Cybersecurity. The NIS Platform will help public and private organisations improve cybersecurity risk management and information sharing. It will assist and provide the groundwork for the implementation of the proposed NIS Directive. The NIS Platform will further prepare a Strategic Research Agenda for secure ICT. A key focus will be on turning research results into commercial products, to serve Europe's growth and jobs objectives

What will the Commission do next?

  • Contribute to the implementation of actions identified in the Cybersecurity Strategy: a high-level conference one year after adoption of the Strategy; a cybersecurity championship; adopt Commission recommendations on cybersecurity on the basis of guidance from the NIS Platform.

More information.

Progress Report
Status: Completed Gustav Kalbe Gustav Kalbe