The European Union has taken significant steps to enhance its cyber resilience by adopting two key pieces of legislation as part of its broader cybersecurity strategy. The first, known as the “Cyber Solidarity Act,” focuses on strengthening EU cooperation to detect, prepare for, and respond to cyber threats. One of its core components is the establishment of a pan-European infrastructure of cyber hubs that will utilize state-of-the-art technologies, such as artificial intelligence (AI) and advanced data analytics. These hubs will provide real-time alerts on cybersecurity threats and ensure timely, cross-border responses to cyber incidents.
The Cyber Solidarity Act also includes provisions for a cybersecurity emergency mechanism that aims to bolster preparedness and enhance incident response capabilities across the EU. This mechanism will support actions such as testing critical sectors—like healthcare, transport, and energy—for vulnerabilities, based on common risk scenarios. Additionally, a new EU cybersecurity reserve will be established, consisting of private-sector incident response services ready to be deployed at the request of member states or EU institutions during significant cybersecurity incidents.
Furthermore, the Cyber Solidarity Act introduces an incident review mechanism to assess the effectiveness of the actions under the emergency mechanism and the use of the cybersecurity reserve. This will help to evaluate whether the regulation strengthens the competitive position of the cybersecurity industry and its ability to respond effectively to large-scale incidents, ensuring the EU remains resilient in the face of evolving threats.
In parallel, the EU has amended the 2019 Cybersecurity Act to enable the establishment of European certification schemes for managed security services. These services, such as incident handling, penetration testing, and security audits, play a critical role in preventing and responding to cybersecurity incidents. The amendment aims to harmonize national certification schemes and foster the emergence of trusted cybersecurity service providers, ensuring a more robust and unified cybersecurity framework across the EU. These legislative developments mark a significant step toward reinforcing the EU’s cybersecurity infrastructure and its capacity to face future cyber challenges.
Reference:
