The EU Cybersecurity Strategy: Implications and Lessons for Other Regions

Aleksandra Pleśniarska

doi:10.35765/hp.2833

Published : 2025-09-30

Vol. 16 No. 56 (2025)

The EU Cybersecurity Strategy: Implications and Lessons for Other Regions

Aleksandra Pleśniarska

https://orcid.org/0000-0003-3257-8416

DOI: https://doi.org/10.35765/hp.2833

Section: Thematic Articles

Abstract

RESEARCH OBJECTIVE: This article aims at a description of the structure of cybersecurity in the EU, taking into account its most important objectives and characteristics, as well as its geopolitical and international context.

THE RESEARCH PROBLEM AND METHODS: The cybersecurity-focused discourse usually refers to the national dimension of security. However, the multidimensionality of cybersecurity determines the need to build cyber capacity also on the basis of cooperation in international relations, including the economic dimension. The article attempts to fill the gap in the discussion of the perception and implementation of cybersecurity at the transnational level, with reference to European Union activities. In carrying out this task, the paper relies on institutional and legal analysis, combined with a review of the literature and documents and normative acts.

THE PROCESS OF ARGUMENTATION: The article is composed of three parts. Part one sets out considerations on the conceptualisation of cybersecurity; part two describes the framework of cybersecurity in the EU; finally, taking into account the perspective of international organisations, part three presents implications resulting from the EU’s experience.

RESEARCH RESULTS: The economic dimension (link to the functioning of the European single market) is of particular importance in the practical application of the EU’s integrated approach to cybersecurity, alongside technical issues, building digital resilience and citizen awareness. What distinguishes the implementation of cybersecurity in the EU is the activity in the field of implementing regulations concerning, among other things: the resilience and responsiveness of selected public and private entities throughout the EU, the security of ICT products, services and processes.

CONCLUSIONS, INNOVATIONS, AND RECOMMENDATION: EU action can serve as a global example of an active approach in the field of cybersecurity by an international organisation which is not concerned with military or defence issues, while seeking to promote cybersecurity principles and standards internationally.

Keywords

cybersecurity ; European Union ; European Single Market

Most read articles by the same author(s)

Aleksandra Pleśniarska, EU Initiatives in Research and Innovation during the COVID-19 Pandemic , HORIZONS OF POLITICS: Vol. 13 No. 43 (2022): Law and society - current issues in legislation and public policies

Details

References

Indicators

Authors

Download files

PDF_ang

Zasady cytowania

Altmetric indicators

Licence

This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Authors who publish with this journal agree to the following terms:

Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a CC BY-ND licence that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
Authors are asked to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access). We advise to use any of the following reserach society portals:

References

Adamiec, D., Branna, J., Dziewulak, D., Firlej, N., Groszkowska, K., Karkowska, M., & Żołądek, Ł. (2021). Informacja na temat legislacji dotyczącej systemu cyberbezpieczeństwa w wybranych państwach Unii Europejskiej (Belgia, Czechy, Estonia, Francja, Holandia, Niemcy, Szwecja). Zeszyty Prawnicze Biuro Analiz Sejmowej, 3, 280–314. DOI: 10.31268/ZPBAS.2021.61

Bockett, D. (2017). Virtual Theory: Integrating Cybersecurity into International Relations Theory. International Journal of Interdisciplinary Global Studies, 12(4), 15–30. DOI: 10.18848/2324-755X/CGP/v12i04/15-30

Brandão, A.P., & Camisão, I. (2022). ‘Playing the Market Card: The Commission’s Strategy to Shape EU Cybersecurity Policy’. JCMS: Journal of Common Market Studies, 60(5), 1335–1355.

Brandon V., & Maness, R.C. (2015). Cyber War Versus Cyber Realities. Cyber Conflict in the International System. Oxford: Oxford University Press.

Chałubińska-Jentkiewicz, K., Radoniewicz, F., & Zieliński, T. (Eds.) (2022). Cybersecurity in Poland: Legal aspects. Cham: Springer.

Chiara, P.G. (2024). Towards a right to cybersecurity in EU law? The challenges ahead. Computer Law & Security Review, 53. DOI: 10.1016/j.clsr.2024.105961

Council of the European Union (2018). EU Cyber Defence Policy Framework (2018 update) (14413/18, November 19, 2018).

Cybersecurity Ventures (2024). Top 10 Cybersecurity Predictions and Statistics For 2024. https://cybersecurityventures.com/top-5-cybersecurity-facts-figures-predictions-and-statistics-for-2021-to-2025/ (accessed on 24th February 2025).

ENISA (2017). Overview of Cybersecurity and Related Terminology, Version 1. Heraklion: ENISA Publications.

European Commission (2013). Cybersecurity strategy of the European Union: An open, safe and secure cyberspace (JOIN(2013) 1 final, February 7, 2013).

European Commission (2015a). European agenda on security (COM(2015) 185 final).

European Commission (2015b). A digital single market strategy for Europe (COM(2015) 192 final)

European Commission (2020a). Communication from the Commission on the EU Security Union Strategy (COM(2020) 605 final).

European Commission (2020b). Joint communication to the European Parliament and the Council: The EU’s cybersecurity strategy for the digital decade (JOIN/2020/18 final).

European Commission (2022). Joint Communication to the European Parliament and the Council: EU Policy on Cyber Defence (JOIN/2022/49 final).

European Commission (2024). Seventh progress report on the implementation of the EU Security Union Strategy (COM(2024) 198 final).

European Commission (2025a). European action plan on the cybersecurity of hospitals and healthcare providers (COM(2025) 10 final).

European Commission (2025b). Proposal for a Council Recommendation for an EU Blueprint on cybersecurity crisis management (COM/2025/66 final).

European Commission (2025c). State of the Digital Decade 2025: Keep building the EU’s sovereignty and digital future (COM(2025) 290 final).

European Commission, & European External Action Service (2016). Joint framework on countering hybrid threats – a European Union response (JOIN(2016) 18 final).

European Commission. (2024). Commission Guidelines for Providers of Very Large Online Platforms and Very Large Online Search Engines on the Mitigation of Systemic Risks for Electoral Processes Pursuant to Article 35(3) of Regulation (EU) 2022/2065 (C/2024/3014).

European Court of Auditors (2019). Challenges to effective EU cybersecurity policy. https://www.eca.europa.eu/Lists/ECADocuments/BRP_CYBERSECURITY/BRP_CYBERSECURITY_en.pdf.

European External Action Service (2016). Shared vision, common action. A stronger Europe. A global strategy for the European Union’s foreign and security policy. Publications Office. DOI: 10.2871/9875

European Parliament and Council of the European Union (2019). Regulation (EU) 2019/881 of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act). Official Journal of the European Union, L 151, 15–69.

European Parliament and Council of the European Union (2022). Directive (EU) 2022/2555 of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive). Official Journal of the European Union, L 333, 80–152.

European Parliament and Council of the European Union (2024). Regulation (EU) 2025/38 of 19 December 2024 laying down measures to strengthen solidarity and capacities in the Union to detect, prepare for and respond to cyber threats and incidents and amending Regulation (EU) 2021/694 (Cyber Solidarity Act). Official Journal of the European Union, L 2025/38.

European Parliament and Council of the European Union (2024). Regulation (EU) 2024/2847 of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act). Official Journal of the European Union, L 2024/2847.

European Parliament and the Council of the European Union (2016). Directive (EU) 2016/1148 of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. Official Journal of the European Union, L 194, 1–30.

European Parliament and the Council of the European Union (2016). Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union, L 119, 1–88.

Farrand, B., Carrapico, H., & Turobov, A. (2024). The new geopolitics of EU cybersecurity: Security, economy and sovereignty. International Affairs, 100(6), 2379–2397. DOI: 10.1093/ia/iiae231

Galinec, D., Možnik, D., & Guberina, B. (2017). Cybersecurity and cyber defence: national level strategic approach. Automatika: Journal for Control, Measurement, Electronics, Computing & Communications, 58(3), 273–286. DOI: 10.1080/00051144.2017.1407022

General Secretariat of the Council (2017, 9th October). Draft implementing guidelines for the framework on a joint EU diplomatic response to malicious cyber activities: Approval of the final text (Document No. 13007/17). Council of the European Union.

Interpol (2021). National cybercrime strategy guidebook. https://www.interpol.int (accessed on 24th February 2025).

Jacuch, A. (2021). Comparative Analysis of Cybersecurity Strategies. European Union Strategy and Policies. Polish and Selected Countries Strategies. Online Journal Modelling the New Europe, 37, 102–121. DOI: 10.24193/OJMNE.2021.37.06

Lan, T., & Inkster, N. (2020). International governance of/in cyberspace. In E. Tikk & M. Kerttunen (Eds.) Routledge Handbook of International Cybersecurity (pp. 79–93). Abingdon: Routledge.

Renda, K.K. (2022). The Development of Eu Cybersecurity Policy: From a Coordinating Actor to a Cyber Power? Ankara Review of European Studies (ARES) / Ankara Avrupa Çalışmaları Dergisi (AAÇD), 21(2), 467–495. DOI: 10.32450/aacd.1226890

Rupp, C. (2024). Navigating the EU cybersecurity policy ecosystem: A comprehensive overview of legislation, policies and actors. https://www.interface-eu.org/publications/navigating-the-eu-cybersecurity-policy-ecosystem (accessed on 24th February 2025).

Schatz, D., Bashroush, R., & Wall, J. (2017). Towards a more presentative definition of cyber security. Journal of Digital Forensics, Security and Law, 12(2), Article 8, 53–74. DOI: 10.15394/jdfsl.2017.1476

Senol, M., & Karacuha, E. (2020). Creating and implementing an effective and deterrent national cyber security strategy. Journal of Engineering, 1–19. DOI: 10.1155/2020/5267564

Tzavara, V., & Vassiliadis, S. (2024). Tracing the evolution of cyber resilience: a historical and conceptual review. International Journal of Information Security, 23(3), 1695–1719. DOI: 10.1007/s10207-023-00811-x

von Solms, B. & von Solms, R. (2018). Cybersecurity and information security – what goes where? Information and Computer Security, 26(1), 2–9. DOI: 10.1108/ICS-04-2017-0025

Wang, X. (2023). Decoupling trade and cybersecurity. A way to recalibration? Asian Journal of WTO & International Health Law & Policy, 18(1), 39–88.

Weiss, J., Perkins, E., & Walls, A. (2013). Definition: Cybersecurity. https://www.gartner.com/en/documents/2510116/ (accessed on 24th February 2025).

Total abstract views : 273

PDF Downloads : 130