EU Cyber Solidarity Act agreed upon in response to escalating cyberattacks
The act seeks to bolster the EU’s cyber resilience by implementing a European Cybersecurity Alert System, a Cybersecurity Emergency Mechanism, and a European Cybersecurity Incident Review Mechanism, alongside amendments enabling European certification schemes for managed security services to enhance trust and transparency in procurement processes.
The Cyber Solidarity Act, initially proposed by the European Commission in April 2023, has been agreed upon by the European Parliament and the Council. The Act aims to bolster the European Union’s capacity to identify, prepare for, and respond to cyber threats and attacks.
This legislative initiative entails three primary measures:
- European Cybersecurity Alert System
- Cybersecurity Emergency Mechanism
- European Cybersecurity Incident Review Mechanism
These actions are deemed essential for the EU, particularly in light of current geopolitical circumstances affecting cybersecurity.
Thierry Breton, Commissioner for Internal Market, underscored the significance of the Cyber Solidarity Act, stating that it represents a pivotal step towards establishing a European cyber shield. He further welcomed the agreement reached, emphasising the establishment of a European Cybersecurity Alert System to swiftly detect cyber threats and a cyber solidarity mechanism to aid Member States under attack, including through the introduction of a European cyber reserve.
Breton highlighted that the European Cyber Solidarity Act would enhance operational cyber cooperation at the European level, thereby bolstering citizens’ security. The Act introduces:
- European Cybersecurity Alert System: The Act proposes the creation of a European Cybersecurity Alert System, comprising National and Cross-border Cyber Hubs equipped with advanced technologies like artificial intelligence and advanced data analytics. The primary objective is to promptly identify and respond to cyber threats, furnishing real-time situational awareness to relevant authorities and entities.
- Cybersecurity Emergency Mechanism: This mechanism aims to enhance readiness and response capabilities in the face of significant cyber incidents, focusing on preparedness actions, establishing a new EU Cybersecurity Reserve, and financial support for mutual assistance. European Cybersecurity Incident Review Mechanism: Additionally, the Act introduces a mechanism to review and analyze significant cyber incidents post-occurrence, offering recommendations to bolster the EU’s cybersecurity posture.
Furthermore, amendments to the Cybersecurity Act have been agreed upon by the European Parliament and Council, allowing for European certification schemes for managed security services. This amendment facilitates the establishment of trusted providers within the EU Cybersecurity Reserve under the Cyber Solidarity Act, promoting trust and transparency in the procurement of cybersecurity services for businesses and critical infrastructure operators.