Commission welcomes political agreement on Cyber Solidarity Act

The Commission welcomes the political agreement reached last night between the European Parliament and the Council on the Cyber Solidarity Act, proposed by the Commission in April 2023. The Cyber Solidarity Act will strengthen solidarity at EU level to better detect, prepare and respond to cyberthreats and incidents. It comes at a crucial time for EU cybersecurity, as the cyber threat landscape in the EU continues to be impacted by geopolitical events.

The Cyber Solidarity Act includes three actions:

Firstly, the setting up of a European Cybersecurity Alert System, consisting of a network of National and Cross-border Cyber Hubs, which will leverage state-of-the-art tools and infrastructures, such as Artificial Intelligence and advanced data analytics, to swiftly detect cyber threats and incidents. This infrastructure will provide real-time situational awareness to authorities and other relevant entities, enabling them to effectively respond to such threats and incidents. In April 2023, two Member State consortia were formed to jointly procure and receive grants to operate and launch a pilot phase of such tools and infrastructures under the Digital Europe Programme.

Secondly, the Act also creates a Cybersecurity Emergency Mechanism that will enhance preparedness and response capabilities to significant and large-scale cyber incidents. 

Thirdly, the proposal also establishes a European Cybersecurity Incident Review Mechanism to review and assess significant or large-scale incidents after they have occurred with the aim of providing recommendations to improve the EU’s cybersecurity standing.

The European Parliament and the Council also reached an agreement on the amendment to the Cybersecurity Act. This amendment opens up the possibility of adopting European certification schemes for managed security services. It will help provide a framework for establishing trusted providers in the EU Cybersecurity Reserve under the Cyber Solidarity Act.

Managed security services play an important role in preventing and responding to cybersecurity incidents. However, they are also themselves a target for malicious actors who seek to gain access to the sensitive environments of their clients. The certification of such services will strengthen cybersecurity across the Union, promoting trust and transparency in the supply chain. This is crucial for businesses and critical infrastructure operators, who will have a clear benchmark when procuring cybersecurity services.

The agreement reached yesterday evening is now subject to formal approval by the European Parliament and the Council. Once formally adopted, the Cyber Solidarity Act will enter into force on the 20th day following its publication in the Official Journal.

The Cyber Solidarity Act will increase funding for Cybersecurity actions under Digital Europe Programme for the period 2025-2027.

Source: The European Commission, Mar 6 2024