The introduction of the EU Cyber Solidarity Act has been hailed by policymakers as an important step in improving levels of cyber resilience across the union.
The regulations aim to improve how EU organizations respond to cyberattacks in a threat landscape defined by increasingly sophisticated attacks.
On a proposal from the European Commission in April 2023, the European Parliament and the Council reached a political agreement on the provisional regulation on 5 March 2024.
The law contains three main actions aimed at improving the region's cyber resilience, the first of which is the creation of an EU-wide cybersecurity alert system to help quickly disseminate information on the latest threats.
He European Cybersecurity Alert System will consist of a network of national and cross-border Cyber Hubs that will use artificial intelligence and data analytics to detect cyber threats more quickly.
The law also includes the creation of a Cybersecurity Emergency Mechanism. This system includes provisions to coordinate security breach readiness testing in organizations operating in critical sectors, such as healthcare or energy.
Furthermore, the emergency mechanism will introduce a new EU Cybersecurity Reservewhich will consist of incident response services from trusted providers who can provide support at the request of member states.
The last aspect of the Cyber Solidarity Law focuses on providing financial support for mutual assistance in cyber incidents within the EU.
This financial assistance is intended to help Member States provide technical assistance to each other when one of them is affected by a particularly serious and large-scale cyber incident.
The Cyber Solidarity Law will boost resilience with a coordinated response
The EU said the solidarity law aims to facilitate the widespread improvement of security postures in the region by encouraging better coordination between members when collectively responding to threats.
The stated objectives of the initiative are to strengthen the EU's common detection, situational awareness and response capabilities, as well as to establish the aforementioned cybersecurity reserve and readiness testing framework.
EU Internal Markets Commissioner Thierry Breton said regulation is vital to ensure the region is adequately protected through strong mutual support mechanisms.
“The Cyber Solidarity Law is a crucial step towards establishing a European cyber shield. I welcome the agreement reached yesterday afternoon,” he explained.
“Europe will now rely on a European Cybersecurity Alert System to detect cyber threats more quickly, and on a European cyber solidarity mechanism to support any attacked Member State, including through a European cyber reserve.
“With the European Cyber Solidarity Law we are improving cyber operational cooperation at the European level. For the safety of our citizens.”
The agreement is still subject to formal approval by the European Parliament and the Council and, once formally adopted, the Cybersolidarity Law will enter into force on the twentieth day following its publication in the Official Journal.
To comply with the new regulations, organizations must be prepared to cooperate with expanded information sharing requirements through the new alert system outlined in the law.
Critical infrastructure entities will need to be prepared for mandatory readiness testing. After consulting the EU cybersecurity agency ENISA and the NIS Cooperation Group, the EU Commission will periodically identify relevant sectors that are designated as “high criticality” and will be subject to these readiness tests.