The EU Council of Ministers approved a draft for a Cyber Solidarity Act to establish and connect national and cross-border security centers across the EU. These centers, also known as “hubs,” aim to better detect digital threats using Artificial Intelligence (AI) and advanced data analysis. The goal is to exchange information about threats like cyberattacks and respond appropriately. This early warning system is designed to provide authorities and other relevant bodies with a real-time overview of the situation.
Negotiators from the member states and the EU Parliament had already agreed on the regulation in principle in March. The countries will also establish a mechanism for cyber emergencies to improve readiness and response to significant and widespread IT attacks. This involves precautionary measures, including testing facilities in critical sectors such as healthcare, transportation, and energy, focusing on potential vulnerabilities. Governments must create joint risk scenarios. Additionally, an EU cybersecurity reserve with emergency services from trusted certified providers will act as a rapid response team. This can be mobilized by EU states, bodies, institutions, agencies, or even third countries participating in the “Digital Europe” program.
Upon request from the Commission or national authorities, the EU Agency for Cybersecurity (Enisa) will be able to investigate specific cybersecurity incidents more closely. It must then provide a report with findings and recommendations. Member states offering technical assistance to another EU country during a “significant or large-scale cybersecurity incident” will receive financial support from EU funds.
The Council also approved an amendment to the Cybersecurity Act of 2019, allowing the introduction of European certification systems for security services. This includes penetration testing, security audits, consulting, and support, contributing to a framework for appointing trusted providers for the planned security reserve.
The Parliament has already approved the package. After the signatures of the presidents of both chambers, the legal acts will be announced in the EU Official Journal in the coming weeks. They will come into force on the 20th day after publication.
Last year, the European Court of Auditors warned that the Cyber Solidarity Act would make the already complex EU “cybersecurity galaxy” even more complicated, with numerous overlapping bodies and regulations. The virtual shield’s function could also be impaired by a lack of information exchange between EU countries.