Cyber Solidarity Act

Cyber Solidarity Act outlines various measures to strengthen cyber solidarity and improve coordinated preparedness, detection and response to cybersecurity threats and incidents within the EU. The Act specifically covers situational awareness, information sharing, and support for cybersecurity incident  preparedness and response measures. The Act consists of three main reforms: European Cybersecurity Alert System, Cybersecurity Emergency Mechanism, and European Cybersecurity Incident Review Mechanism.

What does this mean?

  • The European Cybersecurity Alert System is a platform consisting of national and cross-border cyber hubs (security operation centers). These hubs utilize state-of-the-art technology to detect, analyze and process data on cybersecurity threats and incidents across the EU and provide real-time information to authorities and other relevant entities. EU Member States designate the national cyber hubs, and the cross-border hubs consist of three or more national hubs.
  • The Cybersecurity Emergency Mechanism supports EU Member States and other users in the preparation, response, mitigation, and recovery relating to significant, large-scale, and large-scale equivalent cybersecurity incidents. The Mechanism provides support in three main areas:
    • preparedness actions, such as voluntary coordinated preparedness testing of entities operating in highly critical sectors;
    • EU Cybersecurity Reserve, consisting of incident response services from trusted providers in case of significant, large-scale, or large-scale-equivalent cybersecurity incidents; and
    • financial support for mutual assistance between national authorities in cross-border situations.
  • The European Cybersecurity Incident Review Mechanism mandates ENISA, upon request, to review and assess threats, known exploitable vulnerabilities and mitigation actions with respect to a specific significant or large-scale cybersecurity incident. Following the review and assessment, ENISA prepares an incident review report and submits it to the relevant parties.

Who?

  • Especially entities in critical sectors can benefit from the support and resources that are available under the cybersecurity framework proposed in the Act

Timeline

  • The Cyber Solidarity Act entered into force on 4 February 2025.

Last updated 15 January 2026.