On December 20, 2023, the European Council passed the Cyber Solidarity Act, a European bill aimed at more effectively combating transnational cyberattacks. Introduced by the European Commission on April 18, 2023, the bill is intended to strengthen cyber exchanges and cooperation between member States.
In particular, it provides for a “European Cyber Shield”, made up of national and cross-border SOCs, which will be brought together under several transnational SOC platforms. The Cyber Solidarity Act also suggests setting up cyber emergency measures, which would be granted dedicated operational capabilities and cyber expert “reserve troops” that could be called upon if the need arose.
Finally, the regulation includes a research component. ENISA, the EU’s cybersecurity agency, will thus have to provide reports on large-scale cyber incidents, along with subsequent operational recommendations. These various projects will be granted funds from the “Digital Europe” program, to the tune of 1.1 billion euros.
The European Council approved the Cyber Solidarity Act without any major amendments to the Commission’s bill. Beyond clarifications and adjustments to member-State specificities, two main developments should be noted. The first is a clarification of the voluntary nature of member-State participation in these measures. The second is the strengthening of ENISA’s role throughout the bill.
The agreement reached will allow the European Council’s Belgian presidency to begin talks with Parliament and Commission (“trilogues”) in order to speedily reach a final draft. As the bill is not controversial, it should be definitively passed before the term is up this year.