The EU Cyber Soli­da­ri­ty Act: a pro­tec­ti­ve shield for Europe

The Euro­pean Inter­nal Mar­ket must be pro­tec­ted not only from con­ven­tio­nal thre­ats but from digi­tal attacks as well. Accor­din­gly, the NIS‑2 Direc­ti­ve pro­tects cri­ti­cal infra­struc­tu­re. A sepa­ra­te Regu­la­ti­on, the Cyber Resi­li­ence Act, will go into effect in the future for pro­ducts with digi­tal ele­ments. The annu­al cost from glo­bal cyber­crime alo­ne is esti­ma­ted by the Euro­pean Com­mis­si­on at EUR 5.5 trillion.

Plans for an EU Cyber Soli­da­ri­ty Act

With the Cyber Soli­da­ri­ty stra­tegy and plans for an EU Cyber Soli­da­ri­ty Act, the EU Com­mis­si­on is sup­ple­men­ting its exis­ting plans with the idea of actively inclu­ding pri­va­te actors in the defen­si­ve shield against cyber­at­tacks. More than 60,000 cyber­se­cu­ri­ty com­pa­nies are estab­lished in the EU. The­se com­pa­nies may be gra­du­al­ly incor­po­ra­ted into a cyber reser­ve, which can be deploy­ed at the request of the mem­ber sta­tes in case of cross-border inci­dents, pro­vi­ded that it can be veri­fied in advan­ce that the com­pa­nies in ques­ti­on are trust­wor­t­hy. The­se “cyber reser­vists” would act along­side regio­nal Secu­ri­ty Ope­ra­ti­ons Cen­ters (SOCs), which are con­cei­ved as fixed orga­niza­ti­ons. Inclu­si­on in the Euro­pean Cyber Reser­ve can bring many advan­ta­ges for com­pa­nies. First of all, they would be able to ser­ve as part of the Euro­pean defen­si­ve shield against cyber­at­tacks, hel­ping to impro­ve Euro­pean cyber­se­cu­ri­ty in a public-private part­ner­ships and streng­then con­fi­dence in digi­tal tech­no­lo­gies. They would also bene­fit from the oppor­tu­ni­ty to take part in joint trai­ning ses­si­ons and exer­ci­s­es, as well as from bet­ter access to the latest infor­ma­ti­on and technologies.

What now?

For idea for an EU Cyber Soli­da­ri­ty Act was first dis­cus­sed in ear­ly March of this year. A legis­la­ti­ve for­mu­la­ti­on is not yet in sight, but more con­cre­te pro­po­sals are expec­ted in the second half of 2023. It is alre­a­dy clear that the­se plans should fir seam­less­ly into the frame­work for the EU’s new data and cyber­se­cu­ri­ty law. The EU has alre­a­dy laun­ched seve­ral new legis­la­ti­ve pro­jects in an effort to impro­ve resi­li­ence in con­nec­tion with cyber­se­cu­ri­ty. By arran­ging for govern­ment and pri­va­te actors to work tog­e­ther, the EU hopes to inten­si­fy the­se efforts and ensu­re more effec­ti­ve pro­tec­tion for civi­li­an and mili­ta­ry infrastructure.


It is to be expec­ted that com­pa­nies will gene­ral­ly have to meet stric­ter requi­re­ments in the future when it come to the secu­ri­ty of their data and sys­tems in order to com­ply with regu­la­to­ry requi­re­ments and pro­tect against cyber­at­tacks. Accor­din­gly, com­pa­nies will have to con­t­end with num­e­rous new com­pli­ance rules and report­ing duties in con­nec­tion with cyber­at­tacks. Com­pa­nies should the­r­e­fo­re lose no time in revie­w­ing their IT infra­struc­tu­re, their pro­ces­ses and their employees with a view towards poten­ti­al risks and taking neces­sa­ry action to impro­ve cybersecurity.


Stay up-to-date

We use your email address exclusively for sending our newsletter. You have the right to revoke your consent at any time with effect for the future. For further information, please refer to our privacy policy.