Our website uses cookies to create a better user experience. To optimize the website we ask that you accept the cookies:

I agree I disagree
2021 2022 2023 2024

2024: ACTIVITY REPORT OF THE CYBER SECURITY COALITION

“The Cyber Solidarity Act is an engagement to fight cybercrime together”

Over the past 10 years, the EU has put in place a legal framework with the purpose of achieving a higher level of cyber security. The implementation is ongoing and will culminate in the Cyber Solidarity Act. This new piece of legislation, approved by the European Council in December 2024, aims to improve the preparedness, detection and response to cyber security incidents across the EU. It is accompanied by an investment budget of 100 million euro.

Read more
Close article

Christiane Kirketerp de Viron

Acting Director for Digital Society, Trust & Cybersecurity at the European Commission

Europe’s legislative efforts have been setting the example since the NIS1 entered into force in 2016, as the first EU-wide cyber security legislation. Christiane Kirketerp de Viron, Acting Director for Digital Society, Trust & Cybersecurity at the European Commission, explains, “Our internal market is intrinsically connected. This implies that the weakest link can pose a risk for the whole market. Therefore, we needed to agree on what a good level of cyber security entails and how to achieve it.”

The regulatory efforts have yielded noticeable results. “The NIS1 has led to most critical entities adopting risk management procedures and other measures, increasing cyber security maturity. We also see a clear impact in incident reporting. The NIS2 introduced Boardroom responsibility, prompting C-suite level interest. As a result, the demand for training is on the rise.”

Because the threat landscape and risks continue to evolve at a rapid pace, the EU has taken multiple legislative initiatives to better protect critical infrastructure, businesses, public institutions and citizens. “The Cyber Resilience Act, for instance, is a legal framework published at the end of 2024 that focuses on product security. Everyone agreed that security was not at the heart of product development and innovation, which instead focussed mostly on speed and getting to the market as quickly as possible. Now the cyber security requirements for both hardware and software are clear, imposing security by design, after-sales patching and a lifecycle approach, to name a few,” Kirketerp de Viron states.

Keeping up with and complying with new regulations is a tough job for SMEs and other smaller organisations. “There is a lot of good will among SMEs, who acknowledge they need to do better to protect their businesses. This is the reason we have foreseen transition periods to comply with new rules, and why we insist on standardisation. The latter plays an extremely important role in making things simpler and more straightforward for companies. So, my advice is: use the standards and take advantage of all the tools the Member States have put in place for SMEs - with financial help from the EU.”

The final piece of legislation that is currently being rolled out, the Cyber Solidarity Act, is meant to better protect the EU as a whole in times of very sophisticated attacks. “We want to improve the detection, analysis and response to cyber threats. To deal with this in an efficient way, we need to work together. That is why the Cyber Solidarity Act includes a proposal for a European alert system, composed of national and cross-border Security Operations Centres and the use of advanced technologies such as AI to identify threats faster and better. Furthermore, we want to enhance our preparedness for and response to cyberattacks. And we have foreseen a mechanism of mutual support when a Member State is affected by an incident,” Kirketerp de Viron concludes.

Close article