The EU has been investing in science, research and innovation. The impact of this research and innovation depends on the capacity of our economies to become more knowledge-oriented and innovation-driven and invest enough resources in addressing the most important challenges and exploiting the right framework conditions to stimulate innovation.

The European Union Agency for Cybersecurity has identified key research and innovation topics in cybersecurity to address specific strategic objectives: in 2018 the goal was to make the EU more cybersecure. In this document – the second in the series – the objective is to support the EU’s digital strategic autonomy.

The term ‘digital strategic autonomy’ can have different meanings in different contexts. In this report, it is defined as the ability of Europe to source products and services that meet its needs and values, without undue influence from the outside world.

"It has been helping the European market to stay competitive, improve the quality and quantity of jobs, and continue to support the European way of life."

This mission-driven roadmap presents seven prioritised challenges to support research, development and innovation in relation to the EU’s digital strategic autonomy. These priorities were derived from a set of 17 topics, which in turn were extracted and synthesised from recent research roadmaps. To finalise these priorities, an open survey took place, which was completed by 94 members of the European cybersecurity research and industrial community. For each of these seven priorities, this document (i) explores the origins of the problem and its importance, (ii) describes the state of the art and the long-term objective of the topic and (iii) recommends the necessary steps to reach this long-term objective.

The open consultation revealed that the highest priority is related to data security, with an emphasis on privacy, data protection, trust in algorithms and artificial intelligence. The most important research and innovation challenges also include software and hardware security, digital communications security, cryptography, and detection of and response to cyberattacks. Finally, user-centric aspects related to the overall acceptance of digital services, including understanding the consequences of decisions to enforce or bypass security mechanisms, is a knowledge area that should be included in future research.

Based on our findings, digital strategic autonomy will require an overarching vision of the information and communications technology landscape, driven by ambitious policies that aim to (i) protect European values and (ii) satisfy European needs for advanced and resilient services.