Commission hails milestone agreement on Cyber Solidarity Act 

Earlier this week, the European Commission endorsed the recent consensus reached between the European Parliament and the Council on the Cyber Solidarity Act. This Act, initially proposed by the Commission in April 2023, is designed to fortify collaborative efforts at the EU level to improve the detection, preparedness, and response to cyber threats and incidents. Its significance is underscored by the continually evolving cyber threat landscape in the EU, influenced by ongoing geopolitical developments.

Comprising three pivotal actions, the Cyber Solidarity Act aims to establish a European Cybersecurity Alert System. This system will leverage advanced tools and infrastructures, including Artificial Intelligence and sophisticated data analytics, through a network of National and Cross-border Cyber Hubs. These hubs will enable the swift identification of cyber threats, providing real-time situational awareness to relevant entities and authorities for effective response. Notably, two Member State consortia were formed in April 2023 to jointly procure and operate these tools and infrastructures during the pilot phase, facilitated by the Digital Europe Programme.

The Act also introduces a Cybersecurity Emergency Mechanism to bolster preparedness and response capabilities in the face of significant and large-scale cyber incidents. This mechanism encompasses coordinated preparedness testing for entities in critical sectors, the establishment of a new EU Cybersecurity Reserve, and financial support for mutual assistance between Member States affected by such incidents.

Additionally, the proposal outlines the creation of a European Cybersecurity Incident Review Mechanism, tasked with reviewing and assessing significant or large-scale cyber incidents post-occurrence. The aim is to provide recommendations for enhancing the EU’s overall cybersecurity posture.

Simultaneously, an agreement has been reached on the amendment to the Cybersecurity Act, allowing for the potential adoption of European certification schemes for managed security services. This amendment is crucial in providing a framework for trusted providers within the EU Cybersecurity Reserve established under the Cyber Solidarity Act.

As for the next steps, an approval of the agreement by the European Parliament and the Council needs to be formalised. Upon adoption, the Cyber Solidarity Act will become effective 20 days after its publication in the Official Journal. Notably, the Act will increase funding for cybersecurity actions under the Digital Europe Programme for the period 2025-2027.