On 24 July 2020, the Commission presented its new EU Security Union Strategy for the period 2020-2025. It lays out the tools and measures to be developed over the next five years to ensure security in both the physical and the digital environment. The Strategy was presented in form of a Communication to the European Parliament, the European Council, the Council, the European Social and Economic Committee, and the Committee of the Regions. It substantiates the political guidelines of Commission President Ursula von der Leyen, who stressed improvements in cross-border cooperation to tackle gaps in the fight against serious crime and terrorism in Europe as one of the main goals during her term of office. The new Strategy follows up the EU Agenda on Security as set out by the previous Commission under President Jean-Claude Juncker (see also eucrim 3/2016, p. 123). It takes up proposals provided in European Parliament resolutions, Council conclusions, and Commission evaluations in the internal security field (see, for instance, the latest Commission Staff Working Paper on the Implementation of Home Affairs legislation in the field of internal security 2017-2020 – SWD(2020) 135 – not public yet).

The EU Security Union Strategy 2020-2025 first explains the security threat landscape in Europe which is in flux. Rapid changes include:

  • Increase in malicious attacks on European services, e.g. energy, transport, finance, and health, which has become particularly evident during the COVID-19 crisis;
  • Increased affectedness of homes, banks, financial services, and enterprises by cybersecurity, as well as new risks due to the developments in the Internet of things and artificial intelligence;
  • Development of an underground cybercriminal economy due to the online dependency of the society;
  • Accentuation of the threats by the global environment, which concerns, for instance, theft of intellectual property and industrial espionage;
  • Remaining high risks of terrorism, with a current trend towards “low-tech” attacks by radicalised individuals;
  • Evolvement of organised crime under new circumstances, e.g. trafficking in human beings and trade in illicit pharmaceutical products.

Against this background, the Security Strategy emphasises the need for an EU-coordinated response for the whole of society and defines the following common objectives:

  • Building capabilities and capacities for early detection, prevention and rapid response to crises;
  • Focusing on results, including threat and risk assessments, strategic reliable intelligence, and effective implementation;
  • Linking all players in the public and private sectors in a common effort.

The following four strategic priorities will guide future EU action to countering the new global threats and challenges:

  • A future-proof security environment: Actions in this area concern particularly a more robust, consistent and coherent framework for the protection and resilience of critical infrastructure. In the field of cybersecurity, the EU must make sure that its 2017 cybersecurity approach on resilience-building keeps pace with reality. In this context, the Commission emphasises the needs to ensure cybersecurity of the 5G networks, to develop a culture of cybersecurity by design, to establish a Joint Cyber Unit as a platform for a structured and coordinated operational cooperation, and to build up more robust international partnerships against cyberattacks. Ultimately, another focus will be on the protection of public spaces (including places of worship and transport hubs), e.g. through enhanced public-private cooperation and measures against the misuse of drones.
  • Tackling evolving threats: The Commission will ensure that existing EU rules against cybercrime are implemented and are fit for purpose. In particular, measures against identity theft will be explored. Law enforcement capacities in digital investigations will be increased. The establishment of adequate tools and techniques will include AI, big data and high-performance computing. Focuses will also be placed on quick access to digital evidence and on addressing the challenges of encryption. The fight against illegal content online will play a key role. This includes tackling child sexual abuse (for this, see the new Commission strategy COM(2020) 607, reported in a separate news item). Finally, key measures will be taken against hybrid threats, including a review of the EU playbooks for countering hybrid threats.
  • Protecting Europeans from terrorism and organised crime: As regards terrorism, a focus will be placed on anti-radicalisation, effective prosecution of terrorists (including foreign terrorist fighters), and cooperation with non-EU countries, e.g. in order to cut off the sources of terrorist financing. As regards organised crime, the Commission announces an agenda for tackling organised crime next year. It will respond to the need for reinforced cooperation with all stakeholders and provide a response to the recent organised crime developments in the course of the COVID-19 pandemic. High concerns remain in the field of drug trafficking and trade of illegal firearms – in both areas, the Commission presented concrete agendas and action plans (see separate news item). Furthermore, new approaches are announced as regards trafficking in human beings and migrant smuggling, where the poor record in identifying, prosecuting and convicting these crimes requires reinforced action. Ultimately, the Commission will look into responses in the fields of environmental crime, trafficking in cultural goods, economic and financial crimes, money laundering, confiscation and asset recovery, and corruption.
  • A strong European society ecosystem: The Commission intends to build preparedness and resilience among governments, law enforcement authorities, private entities, and citizens. Measures in this field include strengthening security research and innovation, where the Commission, for instance, will look into the creation of a European innovation hub for internal security. Raising skills and awareness as regards both law enforcement officers and citizens will also play a key role. Here, the Commission points out the European Skills Agenda adopted on 1 July 2020, which supports skills-building throughout life, including in the field of security. Ultimately, the envisaged priority area of the security ecosystem includes a plethora of possible initiatives to foster cooperation and information exchange, e.g.:
    • Improving and streamlining the framework and instruments for operational law enforcement cooperation (e.g. the SIS);
    • Strengthening Europol’s mandate by lifting current constraints (such as the prohibition of direct exchange of personal data with private parties);
    • Further developing Eurojust to better interlink judicial and law enforcement cooperation;
    • Simplifying EMPACT – the EU policy cycle for serious and international organised crime;
    • Revising the Prüm legislation of 2008 and the existing EU PNR rules;
    • Stepping up judicial cooperation, e.g. through the use of digital technologies;
    • Reinforcing cooperation with Interpol and security partnerships between the EU and third countries;
    • Exploring ways towards an EU-level coordination mechanism for police forces in case of force-majeure events, such as pandemics.

In conclusion, the Commission stresses that the presented EU Security Union Strategy 2020-2025 has reacted to a wide range of emerging security needs. It focuses on the areas most critical to EU security in the years to come. Security needs to be viewed from a broader perspective than in the past. This includes that needs involve both the physical and the digital world. Issues of internal and external security are increasingly interconnected, which is why cooperation with international partners and close coordination with the EU’s external actions (under the responsibility of the High Representative of the Union for Foreign Affairs and Security Policy) in the implementation of the Strategy are key in the years to come. In addition, the EU must follow a real whole-of-society approach, with EU institutions, agencies and bodies, Member States, industry, academia, and individuals giving their input to make societies secure.