The introduction of the EU’s Cyber Solidarity Act has been hailed by lawmakers as a major step to improving cyber resilience levels across the union.
The regulations are intended to improve how organizations in the EU respond to cyber attacks in a threat landscape defined by increasingly sophisticated attacks.
Proposed by the European Commission in April 2023, a political agreement was reached between the European Parliament and Council on the provisional regulation on 5 March 2024.
The act contains three primary actions aimed at improving the region’s cyber resilience, the first of which is setting up a EU-wide cyber security alert system to help quickly disseminate information on the latest threats.
The European Cybersecurity Alert System will consist of a network of national and cross-border Cyber Hubs that will use AI and data analytics to detect cyber threats more quickly.
The act also includes the creation of a Cybersecurity Emergency Mechanism. This system includes provisions for coordinating preparedness testing for security flaws in organizations operating in critical sectors, such as healthcare or energy.
In addition, the emergency mechanism will introduce a new EU Cybersecurity Reserve, which will consist of incident response services from trusted providers who can provide support upon the request of member states.
The final aspect of the Cyber Solidarity Act is centered around providing financial support for mutual assistance on cyber incidents within the EU.
This financial aid is intended to support member state’s providing each other with technical assistance when one is affected by a particularly severe, large-scale cyber incident.
The Cyber Solidarity Act will boost resilience with a coordinated response
The EU said the solidarity act aims to facilitate the wholesale improvement of security postures in the region by fostering better coordination among members when responding collectively to threats.
The stated objectives for the initiative are to strengthen common EU detection, situational awareness, and response capabilities, as well as setting up the aforementioned cyber security reserve and preparedness testing framework.
EU commissioner for internal markets, Thierry Breton, said the regulation is vital for ensuring the region is adequately protected through robust mechanisms for mutual support.
“The Cyber Solidarity Act is a crucial step to establish a European cyber shield. I welcome the agreement reached yesterday evening”, he explained.
“Europe will now rely on a European Cybersecurity Alert System to detect cyber threats more quickly, and on a European cyber solidarity mechanism to support any Member States attacked, including through a European cyber reserve.
“With the European Cyber Solidarity Act we are enhancing cyber operational cooperation at European level. For the security of our citizens.”
The agreement is still subject to formal approval by the European Parliament and Council, and once formally adopted, the Cyber Solidarity Act will come into force on the 20th day following its publication in the Official Journal.
To comply with the new regulations, organizations should be prepared to cooperate with expanded information sharing requirements through the new alert system outlined in the act.
Critical infrastructure entities will need to be ready for mandatory preparedness testing. After consulting the EU’s cyber security agency, ENISA, and the NIS Cooperation Group, the EU Commission will regularly identify the relevant sectors that are designated as ‘high criticality’ and will be subject to this preparedness testing.
