On 16 December 2020, the Commission published a cybersecurity package consisting of:

• A new EU cybersecurity strategy;
• A proposal for a revision of the Directive on ensuring a high level of security of network and information systems (so-called NIS Directive);
• A proposal for a new Directive on the resilience of critical entities.

The package is a further act of implementing the EU Security Union Strategy presented in July 2020 (--> eucrim 2/2020, 71-72) and the Commission’s objective to reach a digital transition as outlined in the Communication “Shaping Europe’s Digital Future” submitted in February 2020. The new EU cybersecurity strategy includes numerous individual proposals for regulations, investments and policy initiatives in three areas of action:

• Resilience, technological sovereignty and leadership;
• Building operational capacities for prevention, deterrence and response;
• Advancing a global open cyberspace through increased cooperation.

More concretely, a cyber security shield with the ability to detect early signals of impending cyber-attacks is to be built up through an EU-wide network of so-called “Security Operation Centres”. The Commission is also working to establish a Joint Cyber Unit to strengthen cooperation between EU bodies and Member State authorities responsible for preventing, deterring and responding to cyber-attacks, including civilian, law enforcement, diplomatic and cyber defence communities.

The EU will make efforts to advance the security and stability of cyberspace at the international level while promoting its core values. The EU will further strengthen its EU Cyber Diplomacy Toolbox, and increase cyber capacity-building efforts to third countries.

The cybersecurity strategy also points out that the EU is supporting the envisaged digital transition with an unprecedented level of investment. This includes a high proportion of EU money that is allocated to respective projects in the next long-term EU budget (2021-2027), notably by the Digital Europe Programme and Horizon Europe, as well as the Recovery Plan for Europe. Member States are thus encouraged to make full use of the EU Recovery and Resilience Facility to boost cybersecurity and match EU-level investment.