A new EU cyber security package is coming 

Table of contents

• New EU cyber security package: innovations and impacts
• European Union cyber security: new tools for cyber security
• European certification for managed security services
• A coordinated, technology-driven approach
• The next steps

New EU cyber security package: innovations and impacts

On December 2, 2024, the European Council announced a new cyber security package adopted by the Council of the European Union, marking a crucial step toward a safer and more resilient Europe against cyber threats. 

This initiative, comprising the Cyber Solidarity Act and a targeted amendment to the Cyber Security Act (CSA), introduces cutting-edge tools and strategies to strengthen protection against cyber incidents. 

European Union cyber security: new tools for cyber security

With the growing number of cyber security threats, the Council of the European Union decided to enhance the resilience and security level of its member states through new laws. The primary goal is to build a common level of resilience and a coordinated response to cyber threats and incidents. 

Key elements of the new package include: 

• A cyber alert system
  A pan-European infrastructure comprising national and cross-border hubs for monitoring and responding to threats. These hubs will leverage advanced technologies like artificial intelligence to identify and share information about cyber threats promptly. 

• Cyber security emergency mechanism
  A crucial tool for enhancing preparedness, testing vulnerabilities in critical sectors like healthcare, transport, and energy, and strengthening response capabilities. 

• European cyber security reserve
  A group of private experts available to intervene upon the request of a member state or European institutions during significant incidents. 

European certification for managed security services

The new package also includes a targeted amendment to the 2019 Cyber Security Act, introducing European certification schemes for managed security services.

These services, which include activities such as incident management, penetration testing, and security audits, are increasingly essential for protection against cyber threats. 

By creating uniform certification schemes, the EU aims to: 

• Improve the quality of services offered. 

• Build trust in certified service providers. 

• Prevent fragmentation in the internal market, as some member states have already initiated national certifications. 

This uniformity will also benefit Italian companies, facilitating competition in a European context. 

A coordinated, technology-driven approach

The Cyber Solidarity Act strengthens cooperation mechanisms among member states through the adoption of advanced technologies such as artificial intelligence and data analysis. These tools will allow for more effective threat detection and response. 

The package also includes an incident review mechanism, which will assess the quality and effectiveness of actions taken, as well as the contribution of these measures to strengthening competitiveness in the technology sector. 

The next steps

After formal approval by the Presidents of the Council and the European Parliament, the package will come into force 20 days after its publication in the Official Journal of the European Union. This marks another pivotal moment for the EU in combating cyber threats and enhancing the protection of its citizens and critical infrastructures. 

The new cyber security package represents the latest but not the final step forward for the European Union, which aims to strengthen its resilience and response capabilities against threats. Through measures such as the Cyber Solidarity Act, certifications for managed services, and the integration of advanced technologies, Europe is preparing to face an increasingly digital future with greater security. 

Questions and answers 

1. What is the new EU cyber security package? 
   It is a set of regulations aimed at strengthening resilience against cyber threats, including the Cyber Solidarity Act and an amendment to the Cyber Security Act. 

2. What are the objectives of the Cyber Solidarity Act? 
   To enhance the EU’s preparedness and response to cyber threats through advanced tools and cross-border cooperation. 

3. What does the amendment to the 2019 Cyber Security Act entail? 
   It introduces European certification schemes for managed security services, improving service quality and building trust in providers. 

4. How does the cyber alert system work? 
   It uses technologies like artificial intelligence to identify and share threat information promptly. 

5. What does the emergency mechanism include? 
   It involves preparedness actions, tests on critical sectors, and a reserve of experts ready to intervene during serious incidents. 

6. What role do advanced technologies play in the package? 
   Artificial intelligence and data analysis enhance the identification and response to cyber threats. 

7. What are the benefits for Italian companies? 
   European certifications reduce fragmentation and improve the competitiveness of Italian companies in the internal market. 

8. When will the package come into effect? 
   20 days after its publication in the Official Journal of the European Union. 

9. What is the European Cyber Security Reserve? 
   It is a group of private experts ready to intervene during significant incidents at the request of member states or EU institutions. 

10. How will the results of the package be monitored? 
    Through a review mechanism that will evaluate the effectiveness of adopted measures and their competitive impact.