The European Commission has welcomed a recent political agreement between the European Parliament and the Council regarding the Cyber Solidarity Act proposed in April 2023. This act aims to enhance cybersecurity across the EU, particularly in response to evolving cyber threats influenced by geopolitical events. The Cyber Solidarity Act includes three actions:
European Cybersecurity Alert System
The first aspect is the establishment of a European Cybersecurity Alert System, which includes National and Cross-border Cyber Hubs. These hubs will use advanced tools like Artificial Intelligence and data analytics to quickly detect cyber threats. They’ll provide real-time information to authorities, helping them respond effectively. In April 2023, two Member State groups were formed to launch a pilot phase of these tools and infrastructures under the Digital Europe Programme.
Cybersecurity Emergency Mechanism
The second aspect is the creation of a Cybersecurity Emergency Mechanism to better prepare for and respond to significant cyber incidents. This mechanism will focus on three main areas:
-
Preparedness actions: Coordinating tests to identify vulnerabilities in critical sectors like healthcare or energy.
-
EU Cybersecurity Reserve: Establishing a pool of incident response services from trusted providers. These services can be called upon by Member States, EU institutions, or third countries in case of major cyber incidents.
-
Financial support for mutual assistance: Providing assistance to Member States affected by significant cyber incidents, including technical support from other Member States
European Cybersecurity Incident Review Mechanism
Thirdly, the proposal introduces a European Cybersecurity Incident Review Mechanism. Its purpose is to review and evaluate significant cyber incidents post-occurrence, aiming to offer recommendations for enhancing the EU’s cybersecurity posture.
Additionally, the European Parliament and Council agreed to amend the Cybersecurity Act, enabling European certification for managed security services. This certification ensures trusted providers in the EU Cybersecurity Reserve under the Cyber Solidarity Act. It strengthens cybersecurity, promoting trust and transparency in the supply chain, crucial for businesses and critical infrastructure.
Next steps
The agreement reached awaits formal approval from the European Parliament and the Council. Once approved, the Cyber Solidarity Act will come into effect on the 20th day after its publication in the Official Journal.