EU agrees amendments to Cyber Solidarity Act in bid to create ‘cyber shield’ for member states
The EU’s Cyber Solidarity Act will provide new mechanisms for authorities to bolster union-wide security practices


EU member states have reached a common position on the planned Cyber Solidarity Act, aimed at making Europe more resilient and reactive in the face of cyber threats.
The aim of the draft legislation is to support the detection and awareness of significant or large-scale cyber security threats and incidents, to bolster preparedness, and to protect critical infrastructure and essential services such as hospitals and public utilities.
It's also intended to boost cooperation between member states in the event of a union-wide security incident and improve coordinated crisis management and response capabilities.
EU lawmakers hailed the announcement as a vital piece of legislation that will create a more robust security landscape for member states and organizations across the union.
"Today’s agreement is another step to improve cyber resilience in Europe," said José Luis Escrivá, Spanish minister for digital transformation.
"It will certainly strengthen EU’s and member states’ capabilities to prepare, prevent, respond, and recover from large-scale cyber threats and attacks in a more efficient and effective manner."
Cyber Solidarity Act looks to ‘shield’ EU from threats
A major feature of the draft legislation is the creation of a 'European cyber shield', a pan-European infrastructure composed of national and cross-border security operations centers (SOCs) across the EU.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
These will use artificial intelligence (AI) and advanced data analytics to detect and share warnings on cyber threats and incidents across borders. There are also plans for the creation of a cyber emergency mechanism to increase preparedness and enhance incident response capabilities.
This will include testing entities in highly critical sectors, such as healthcare, transport, and energy, to probe for potential vulnerabilities based on common risk scenarios, lawmakers said.
Similarly, a new EU ‘cyber security reserve’ will be set up consisting of incident response services from trusted private sector providers, all of which pre-contracted so they're ready to intervene at the request of a member state or EU institution, body, or agency.
There are also plans for a mutual financial assistance fund aimed at enabling member states to offer financial aid to others in the event of a serious security incident.
RELATED RESOURCE
Achieve your zero trust goals and gain a solid SASE architecture
As part of the legislation, new mechanisms will be introduced to conduct reviews and assessments of large-scale cyber security incidents after they have taken place.
ENISA, the EU’s cyber security agency, will play a key role in supporting this aspect of the legislation, lawmakers said.
At the request of the European Commission or of national authorities, the security agency will conduct reviews of certain incidents and deliver reports to relevant governmental departments.
Cyber Solidarity Act changes align with NIS2
The new common position introduces a few, mostly minor, changes to the draft legislation. In particular, it clarifies terminology and adapts the text to member states’ specificities, particularly around the SOCs and the cyber shield.
Meanwhile, definitions have been modified and aligned with other legislation, such as the recently-revised Network and Information Security Directive (NIS2).
ENISA’s role has also been reinforced and clarified throughout the text, and improvements have been introduced around procurement, funding, information sharing, and the incident review mechanism.
The next step in the process is for the incoming presidency to start negotiating with the European Parliament on a final version of the proposed legislation.
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
Blackouts in Spain and Portugal could be a cyber attack
Both countries are "paralyzed" by nationwide power outages
By Jane McCallion
-
Cisco takes aim at AI security at RSAC with ServiceNow partnership
News The companies claim Cisco AI Defense and ServiceNow SecOps will help address new challenges raised by AI
By Jane McCallion
-
Apple, Meta hit back at EU after landmark DMA fines
News The European Commission has issued its first penalties under the EU Digital Markets Act (DMA), fining Apple €500 million and Meta €200m.
By Nicole Kobie
-
‘Europe could do it, but it's chosen not to do it’: Eric Schmidt thinks EU regulation will stifle AI innovation – but Britain has a huge opportunity
News Former Google CEO Eric Schmidt believes EU AI regulation is hampering innovation in the region and placing enterprises at a disadvantage.
By Ross Kelly
-
The EU just shelved its AI liability directive
News The European Commission has scrapped plans to introduce the AI Liability Directive aimed at protecting consumers from harmful AI systems.
By Ross Kelly
-
A big enforcement deadline for the EU AI Act just passed – here's what you need to know
News The first set of compliance deadlines for the EU AI Act passed on the 2nd of February, and enterprises are urged to ramp up preparations for future deadlines.
By George Fitzmaurice
-
The EU's 'long-arm' regulatory approach could create frosty US environment for European tech firms
Analysis US tech firms are throwing their toys out of the pram over the EU’s Digital Markets Act, but will this come back to bite European companies?
By Solomon Klappholz
-
EU AI Act risks collapse if consensus not reached, experts warn
Analysis Industry stakeholders have warned the EU AI Act could stifle innovation ahead of a crunch decision
By Ross Kelly
-
Three quarters of UK firms unprepared for NIS2 regulations, study finds
News Senior management can be held personally liable for non-compliance under NIS2 rules
By Ross Kelly
-
US-UK data bridge: Everything you need to know
News The US-UK data bridge will ease the complexity of transatlantic data transfers
By Ross Kelly