Brussels, 24 February 2025
Today, the EU Commission has presented a proposal to ensure an effective and efficient response to large-scale cyber incidents. The proposed blueprint updates the comprehensive EU framework for Cybersecurity Crisis Management and maps the relevant EU actors, outlining their roles throughout the entire crisis lifecycle. This includes preparedness and shared situational awareness to anticipate cyber incidents, and the necessary detection capabilities to identify them, including the response and recovery tools needed to mitigate, deter and contain those incidents.
Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy, said:
In an increasingly interdependent Union economy, disruptions from cybersecurity incidents can have far-reaching impacts across various sectors. The proposed cybersecurity blueprint reflects our commitment to ensuring a coordinated approach, leveraging existing structures to protect the internal market and uphold vital societal functions. This Recommendation is a crucial step forward in reinforcing our collective cyber resilience.
The proposed plan builds on the existing frameworks, such as the Integrated Political Crisis Response and the EU Cyber Diplomacy Toolbox, while aligning with recently adopted initiatives, such as the Critical Infrastructure Blueprint and the network code on cybersecurity for the EU electricity sector. It proposes measures to strengthen collaboration between civilian and military entities, including NATO, while reflecting the objectives of the forthcoming EU preparedness strategy. Furthermore, today’s proposal promotes secure communication and strategic efforts to counter disinformation.
This also complements the Joint Communication of the Commission and the HRVP to strengthen the security and resilience of submarine cables, which Executive Vice-President Virkkunen presented in Helsinki on 21 February.
You can find more information online.
Cyber Blueprint – Draft Council Recommendation
The objective of this draft Council Recommendation on the EU Blueprint for cybersecurity crisis management (Cyber Blueprint) is to present, in a clear, simple and accessible manner, the EU framework for cyber crisis management.
The Cyber Blueprint should enable relevant Union-actors (meaning Union-level individual entities and networks of entities) to understand how to interact and make the best use of available mechanisms across the full crisis management lifecycle. It aims to explain what a cyber crisis is and what triggers a cyber crisis mechanism at Union level. It explains the use of available mechanisms like the Cybersecurity Emergency Mechanism, including the EU Cybersecurity Reserve, in preparing how to manage, respond to and recover from a crisis arising from a large-scale cybersecurity incident. It furthermore aims to foster a more structured cooperation between civilian and military actors, including cooperation with North Atlantic Treaty Organisation (NATO), given that a large-scale cyber incident affecting Union civilian infrastructure on which the military rely may also activate NATO response mechanisms.
The Cyber Blueprint is a non-binding instrument which identifies specific actions for relevant actors in a cyber crisis and which can enhance the overall effectiveness of the cyber crisis management framework. It updates the blueprint set out in Commission Recommendation (EU) 2017/1584 on coordinated response to large-scale cybersecurity incidents and crises, and it is informed by the outcomes and lessons learned from Union-level exercises since that recommendation was adopted.
Downloads
- Cyber Blueprint – Proposal Council Recommendation – Download
- Cyber Blueprint – Proposal Council Recommendation – Annexes – Download
Source – EU Commission