The newly proposed EU Cyber Solidarity Act will enhance coordinated cybersecurity measures in response to increasing cyber threats. 
On March 5, 2024, the European Parliament and the Council agreed to establish the Cyber Solidarity Act. This act was first proposed in April 2023, in the context of the aggressive cyber campaigns levied by Russia in its war against Ukraine. The European Commission called these operations “a game changer for the perception and assessment of the EU’s collective cybersecurity crisis management preparedness and a call for urgent action.”
In the time since there have been even more cyber attacks on critical infrastructure organizations like Europe’s energy grid, and certain news outlets in Eastern Europe have also been targeted by DDoS attacks. To combat these concerns, the Cyber Solidarity Act will help the EU "better detect, prepare and respond to cyber threats and incidents.”
There are three prongs to the Act: a European Cybersecurity Alert System, a Cybersecurity Emergency Mechanism, and a European Cybersecurity Incident Review Mechanism.
European Cybersecurity Shield
National and cross-border Security Operations Centres (SOCs) across the EU will use cutting-edge technologies and infrastructures (like artificial intelligence and advanced data analytics) to detect cyber threats quickly. The immediate situational awareness will allow the relevant authorities to act in time, share warnings with other authorities, coordinate, and respond efficiently to the threat.
Cybersecurity Emergency Mechanism
To improve preparation and response abilities in the event of a large-scale cybersecurity emergency, the cybersecurity emergency mechanism will support three areas:
- Preparedness actions: harmonize vulnerability testing in critical infrastructure sectors
- A new EU Cybersecurity Reserve: in the case of an extensive cyber incident, a reserve with incident response services from trusted providers may be utilized by Member States, EU institutions, or other entities (agencies and third countries) associated with the reserve under the Digital Europe Programme
- Financial support for mutual assistance: aids the Member State giving technical support to the Member State that is resolving a large-scale cyber incident
European Cybersecurity Incident Review Mechanism
After a large-scale cyber incident occurs, there will be a review to assess the situation and make suggestions on how the EU can better its cyber posture. The review and assessment will be done by the European Union Agency for Cybersecurity (ENISA) and shared with the Cyber Security Incident Response Teams (CSIRTs) network, the European Cyber Crisis Liaison Organization Network (EU-CyCLONe), and the Commission through a report.
The Cyber Solidarity Act is still subject to formal approval by the Council and the European Parliament. After being formally adopted, the Act will be enforced on the 20th day after being published in the Office Journal.
Margrethe Vestager, Executive Vice-President for a Europe Fit for the Digital Age, says that the act “represents the next step in building a collective resilience to the growing cyberthreats in the
current geopolitical landscape.”
The European Union has indeed been making strides to improve its resilience to cyber incidents. They released a Cyber Resilience Act in December of 2023, which establishes cybersecurity standards for digital products in all stages of development. More recently, they created their first network code for their electricity sector, which “is an important step to improve the cyber resilience of critical EU energy infrastructure and services.” Through these concerted efforts, the EU is making important progress towards protecting its digital environment and ensuring a safer and more secure future in the face of growing cyber threats.