The EU Cyber Solidarity Act is a new initiative that follows the European Union's latest efforts to build stronger cyber defenses against evolving cybersecurity threats. This legislation introduces a new strategy for enhanced cooperation between EU member states and focuses on how EU nations can better prepare and respond to cyber incidents.
The EU Cyber Solidarity Act follows a list of recent cyber legislations to help improve cyber resilience throughout Europe. The passing of other major cyber regulations, such as NIS2, DORA, the EU Artificial Intelligence Act, the EU Cyber Resilience Act, and the EU Cybersecurity Certification Framework, are all examples of the European Union aiming to secure European nations against digital threats and cybercrime.
This blog will explore what the EU Cyber Solidarity Act covers, how it affects current businesses, and review the key cyber initiatives that aim to protect EU nations against cyber attacks.
Find out how UpGuard helps European businesses prepare against cyber incidents >
Overview of the EU Cyber Solidarity Act
The EU Cyber Solidarity Act was first proposed by the European Commission in April 2023 and outlines a coordinated approach to strengthen incident response and recovery across the EU. As of March 2024. the European Parliament and the EU Council reached a provisional agreement on the Act.
The Cyber Solidary Act comprises many existing cyber framework objectives and aims to continue supporting existing cyber legislations while expanding on principles of:
- Information sharing between public and private sectors
- Situational awareness
- Incident response and recovery
- Crisis management frameworks
- Cybersecurity operational cooperation
The legislation directly supports other key Pan-European cyber initiatives that have been passed recently, most notably NIS2, aligning with its objectives on network and information security.
Next steps
Following the provisional agreement, the Parliament and the Council will need to agree on a formalized document, which needs to be agreed upon by representatives of the EU member states, and submitted for legal review before the formal adoption of the Act.
Details regarding its implementation timeline are currently under discussion. Full enforcement will require extensive preparations and the establishment of new protocols across the EU.
Upon submission of the final document in the Official Journal, the EU Cyber Solidarity Act will enter into force on the 20th day after its publication.
Key objectives of the EU Cyber Solidarity Act
The EU Cyber Solidarity Act outlines three main objectives:
- Establishing a European cybersecurity shield
- Establishing a cybersecurity emergency mechanism
- Establishing a cybersecurity incident review mechanism
European cybersecurity shield
The EU Cyber Solidarity Act aims to build a “European cybersecurity shield” to improve the cyber threat detection, analysis, and response of EU nations. The European cyber shield enables the EU to research and develop advanced capabilities, such as advanced data analytics and artificial intelligence (AI), for detecting cyber threats through National and Cross-border Security Operations Centres (SOCs). This collaboration of national and cross-border cyber hubs serves as part of the initiative to build solidarity across EU nations.
Each member state must designate a National SOC to participate in this program, to share analyses and information from cyber incidents with other National SOCS. Cross-border SOCs must consist of at least three National SOCs for collaborating in mutual assistance for threat detection and monitoring functions. The Cyber Solidarity Act outlines various requirements for Cross-border SOCs to share information with each other and also requires a high level of interoperability between Cross-border SOCs.
The European cybersecurity shield also establishes the European Cybersecurity Alert System. This alert system aims to create a network that connects all member states, allowing for instant alerts and shared intel of ongoing cyber threats and vulnerabilities. Additionally, Cross-border SOCs must notify the following EU regulating bodies of any ongoing large-scale incidents:
- EU CyCLONe (European Cyber Crisis Liaison Organization Network, established by NIS2)
- EU-CSIRT (Cyber Security Incident Response Teams) network
- ENISA (European Union Agency for Cybersecurity)
- European Commission
Cybersecurity emergency mechanism
A cybersecurity emergency mechanism (or cyber emergency mechanism) is included in the Act to ensure that EU member states have adequate incident response capabilities and preparedness actions against looming cyber threats and are prepared to deal with any security incident. Essentially, the cyber emergency mechanism looks to improve the cyber resilience of member states and provide them with the necessary resources to respond, recover, and mitigate large-scale cybersecurity incidents.
For this purpose, the cyber emergency mechanism establishes the new EU Cybersecurity Reserve, which will consist of trusted incident response service providers across the EU, with leading cyber professionals and technical resources ready to be used on short notice to support any member state under cyber attack, particularly organizations in critical sectors.
To establish the EU Cyber Reserve, the Commission is tasked with collaborating with ENISA and implementing a process for support requests. All requests to the Cybersecurity Reserve are subject to review, with respect to the selection criteria and other procurement principles outlined by the Commission and ENISA.
Third countries (countries outside of the EU) are also allowed to request the use of the Cybersecurity Reserve if they participate in the Digital Europe Programme (DEP).
Cybersecurity incident review mechanism
The final objective of the EU Cyber Solidarity Act is to enable a cybersecurity incident review mechanism. Post-incident analysis is always crucial for improving future responses and allowing relevant stakeholders to learn from the incident and prevent its reoccurrence.
All incident reviews will be carried out by ENISA to assess the threat, vulnerability, and response actions taken during the large-scale security incident. Results will be delivered to EU CyCLONe and the CSIRTs network to help them review and learn from the incident as well.
This mechanism focuses on:
- Systematic review process: Following a cyber incident, ENISA will conduct thorough reviews to evaluate the response effectiveness and identify any shortcomings, failures, and areas of improvement.
- Continuous improvement: Based on the assessment, this review mechanism will issue guidance and recommendations for future action and potential policy adjustments to strengthen the EU's overall cybersecurity posture.
Funding through the Digital Europe Programme (DEP)
Funding for the EU Cyber Solidarity Act will supported through funds from the Digital Europe Programme (DEP). These funds will be provided under the “Strategic Objective ‘Cybersecurity’” section of the DEP, with some fund reallocation through other Strategic Objectives under the DEP.
The projected budget for the EU Cyber Solidary Act is expected to be around €842.8 million (or $906.996 million), which will largely support the creation of the EU Cybersecurity Reserve and the European Cybersecurity Alert System.
Amendment to the EU Cybersecurity Act
The EU Cyber Solidarity Act also includes an amendment to the EU Cybersecurity Act. The amendment proposes adopting European cybersecurity certification schemes for managed security services as part of the Cybersecurity Reserve initiative. This amendment allows for more trusted providers to operate under the Cybersecurity Reserve and builds trust in the system by requiring external providers to adhere to the certification frameworks.
